SAE云豆被刷尽,问题分析
source link: https://evilcos.me/?p=199
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
EVILCOS
//:alert(/Hacking Symbol/)//余弦
大家正在看
- [zz]浏览器urlencode策略差异导致XSS风险 - 16,876 views
- papers更新 - 16,907 views
- [zz]关于kcon v2我的一些见解 - 16,914 views
- [zz]http-waf-detect.nse - 16,932 views
- [zz]xss to root android - 17,033 views
- 幻影webzine 0x06发布! - 17,057 views
- 关于思维模式 - 17,085 views
- 27G数据库 - 17,095 views
- 从攻到防 - 17,128 views
- 我们要如何思考 - 17,191 views
- 进入android安全,玩玩先 - 17,222 views
- 写书有感1 - 17,260 views
- 2012.1.2 - 17,400 views
- 黑客得学会玩概率 - 17,441 views
- CSP1.0进入Firefox - 17,446 views
- web2hack.org改版上线 - 17,452 views
- 唧唧歪歪几句 - 17,455 views
- 保护好你的referer - 17,455 views
- 重整了evilcos.me - 17,455 views
- SAE云豆被刷尽,问题分析 - 17,455 views
SAE云豆被刷尽,问题分析
几天前有朋友反馈《Web前端黑客技术揭秘》的官网:web2hack.org已经打不开了,提示云豆耗尽等,我分析分析找到了原因,登录sae后台:http://sae.sina.com.cn,在web2hack的“资源报表”里发现Fetch URL的流入流量消耗了31G多!!如下图:
查看“日志中心”,发现如下频繁请求:
特征:118.26.201.238 [09/Feb/2013:13:40:46 +0800] /blog/xmlrpc.php 200 1622983 230 435
web2hack.org "POST HTTP/1.0" "-" "xmlrpclib.py/1.0.1 (by www.pythonware.com)" 118.26.201.238.1360388446415877 yq24
不断刷xmlrpc.php接口!导致流入流量很快就耗尽,解决方式:
1. 在”应用防火墙”里添加上面特征里的ip为黑名单;
2. 可以考虑删除xmlrpc.php文件;
其他同学注意了,后续的和本主题无关,不说了。
2013/2/11更新:关于WordPress xmlrpc.php Pingback缺陷与SSRF攻击。
About 余弦
一个符号而已 View all posts by 余弦 →
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK