Fetch the repository succeeded.
dzzoffice 2.02存在伪随机数攻击漏洞。我使用提开源版,网站日志被攻击后的日志。
119.39.103.100 - - [28/Oct/2022:09:43:13 +0800] "GET / HTTP/2.0" 200 579 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0"
119.39.103.100 - - [28/Oct/2022:09:43:14 +0800] "GET /user.php?mod=login HTTP/2.0" 200 2763 "https://gtd.mxlog.com/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0"
119.39.103.100 - - [28/Oct/2022:09:43:14 +0800] "GET /misc.php?mod=sendwx&rand=1666921393 HTTP/2.0" 200 20 "https://gtd.mxlog.com/user.php?mod=login" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0"
119.39.103.100 - - [28/Oct/2022:09:43:14 +0800] "GET /misc.php?mod=sendmail&rand=1666921393 HTTP/2.0" 200 20 "https://gtd.mxlog.com/user.php?mod=login" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0"
119.39.103.100 - - [28/Oct/2022:09:44:36 +0800] "POST /core/api/wopi/index.php?access_token=1&action=contents&path=OTRkZkNuT0pLZnJkZ2ZaQnJxckRQWjNQTm5YT0tjSnZDU0lJTmMwRDFSYjBwaTJPYXdhTU9oUXMwSk1oUk9vczUzMFRCNTJGT29jczZDN3BmR3dw HTTP/2.0" 200 20 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0"
119.39.103.100 - - [28/Oct/2022:09:44:47 +0800] "GET /sharea.php?alfa=3123511 HTTP/2.0" 200 286 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0"
120.239.32.135 - - [28/Oct/2022:09:44:53 +0800] "GET /sharea.php HTTP/1.1" 301 162 "-" "antispam/1.0.0"
119.39.103.100 - - [28/Oct/2022:09:45:24 +0800] "POST /sharea.php?alfa=3123511 HTTP/2.0" 403 779 "https://gtd.mxlog.com/sharea.php?alfa=3123511" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0"
119.39.103.100 - - [28/Oct/2022:09:45:30 +0800] "GET /sharea.php?alfa=3123511 HTTP/2.0" 200 286 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0"
119.39.103.100 - - [28/Oct/2022:09:46:30 +0800] "POST /core/api/wopi/index.php?access_token=1&action=contents&path=OTRkZkNuT0pLZnJkZ2ZaQnJxckRQWjNQTm5YT0tjSnZDU0lJTmMwRDFSYjBwaTJPYXdhTU9oUXMwSk1oUk9vczUzMFRCNTJGT29jczZDN3BmR3dw HTTP/2.0" 404 146 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0"
119.39.103.100 - - [28/Oct/2022:09:46:39 +0800] "GET /core/api/wopi/index.php?access_token=1&action=contents&path=OTRkZkNuT0pLZnJkZ2ZaQnJxckRQWjNQTm5YT0tjSnZDU0lJTmMwRDFSYjBwaTJPYXdhTU9oUXMwSk1oUk9vczUzMFRCNTJGT29jczZDN3BmR3dw HTTP/2.0" 404 146 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0"
119.39.103.100 - - [28/Oct/2022:09:46:42 +0800] "GET / HTTP/2.0" 200 2732 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0"
119.39.103.100 - - [28/Oct/2022:09:47:43 +0800] "GET / HTTP/2.0" 200 2564 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
119.39.103.100 - - [28/Oct/2022:09:47:44 +0800] "GET /robots.txt?1666921658927 HTTP/2.0" 404 131 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
119.39.103.100 - - [28/Oct/2022:09:47:44 +0800] "GET /favicon.ico HTTP/2.0" 404 131 "https://gtd.mxlog.com/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
119.39.103.100 - - [28/Oct/2022:09:47:47 +0800] "GET /robots.txt HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
119.39.103.100 - - [28/Oct/2022:09:47:47 +0800] "GET /sitemap.xml HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
119.39.103.100 - - [28/Oct/2022:09:47:47 +0800] "GET /robots.txt HTTP/2.0" 404 131 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
119.39.103.100 - - [28/Oct/2022:09:47:47 +0800] "GET /sitemap.xml HTTP/2.0" 404 131 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
35.245.188.175 - - [28/Oct/2022:09:47:47 +0800] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
35.245.188.175 - - [28/Oct/2022:09:47:48 +0800] "GET / HTTP/1.1" 200 3460 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
59.83.208.107 - - [28/Oct/2022:09:51:42 +0800] "GET /sharea.php HTTP/1.1" 301 162 "-" "antispam/1.0.0"
220.196.160.75 - - [28/Oct/2022:09:51:43 +0800] "GET /sharea.php HTTP/1.1" 404 146 "http://gtd.mxlog.com/sharea.php" "antispam/1.0.0"
119.39.103.100 - - [28/Oct/2022:09:52:27 +0800] "GET / HTTP/2.0" 304 0 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
119.39.103.100 - - [28/Oct/2022:09:52:27 +0800] "GET /robots.txt?1666921942372 HTTP/2.0" 404 131 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
119.39.103.100 - - [28/Oct/2022:09:52:28 +0800] "GET / HTTP/2.0" 304 0 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
119.39.103.100 - - [28/Oct/2022:09:52:28 +0800] "GET /robots.txt?1666921943406 HTTP/2.0" 404 131 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
119.39.103.100 - - [28/Oct/2022:10:06:10 +0800] "GET / HTTP/2.0" 304 0 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
119.39.103.100 - - [28/Oct/2022:10:06:10 +0800] "GET /robots.txt?1666922765480 HTTP/2.0" 404 131 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
百度搜:dzzoffice 2.02伪随机数攻击