我注册了一个域,一旦我设置了它,我就会在日志中看到每分钟来自不同 IP 的不同引荐,他们都会在网站上敲击某种脚本。以下是日志中的错误示例:
2019/04/25 11:54:52 [error] 18771#18771: *968 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 83.97.110.197, server: xerxes.ru, request: "GET /getscripts2?&b=c98aecda097f2a52964c89167f60f61d&publisher_id=81c675d4733cd5376ff43d2bc7005e0a&uid=1b10b02d377e8c936434a509e7747005&r=&h=www.google.com&rand=1556193290958&_=1556193290480 HTTP/2.0", upstream: "fastcgi://unix:/run/php/php7.3-fpm.sock:", host: "xerxes.ru", referrer: "https://www.google.com/"
2019/04/25 11:54:59 [error] 18771#18771: *968 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 83.97.110.197, server: xerxes.ru, request: "GET /getscripts2?&b=c98aecda097f2a52964c89167f60f61d&publisher_id=81c675d4733cd5376ff43d2bc7005e0a&uid=1b10b02d377e8c936434a509e7747005&r=https%3A%2F%2Fwww.google.com%2F&h=www.youtube.com&rand=1556193298293&_=1556193295292 HTTP/2.0", upstream: "fastcgi://unix:/run/php/php7.3-fpm.sock:", host: "xerxes.ru", referrer: "https://www.youtube.com/"
2019/04/25 11:55:51 [error] 18771#18771: *975 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 78.85.175.231, server: xerxes.ru, request: "GET /getscripts2?&b=c98aecda097f2a52964c89167f60f61d&publisher_id=81c675d4733cd5376ff43d2bc7005e0a&uid=687b15e9a15b91aa8e54d6bc0d982283&r=&h=e.mail.ru&rand=1556193355156&_=1556193343577 HTTP/2.0", upstream: "fastcgi://unix:/run/php/php7.3-fpm.sock:", host: "xerxes.ru", referrer: "https://e.mail.ru/thread/0:15559335500000000132:500000/"
2019/04/25 11:56:17 [error] 18771#18771: *977 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 188.235.10.69, server: xerxes.ru, request: "GET /getscripts2?&b=c98aecda097f2a52964c89167f60f61d&publisher_id=81c675d4733cd5376ff43d2bc7005e0a&uid=b75f3a00d7c3ac8ba10820b87473fe92&r=&h=yandex.ru&rand=1556189834748&_=1556189832912 HTTP/2.0", upstream: "fastcgi://unix:/run/php/php7.3-fpm.sock:", host: "xerxes.ru", referrer: "https://yandex.ru/"
2019/04/25 11:56:18 [error] 18771#18771: *977 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 188.235.10.69, server: xerxes.ru, request: "GET /getscripts2?&b=c98aecda097f2a52964c89167f60f61d&publisher_id=81c675d4733cd5376ff43d2bc7005e0a&uid=b75f3a00d7c3ac8ba10820b87473fe92&r=https%3A%2F%2Fyandex.ru%2F&h=mail.yandex.ru&rand=1556189836082&_=1556189835338 HTTP/2.0", upstream: "fastcgi://unix:/run/php/php7.3-fpm.sock:", host: "xerxes.ru", referrer: "https://mail.yandex.ru/"
2019/04/25 11:56:42 [error] 18771#18771: *981 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 78.85.175.231, server: xerxes.ru, request: "GET /getscripts2?&b=c98aecda097f2a52964c89167f60f61d&publisher_id=81c675d4733cd5376ff43d2bc7005e0a&uid=687b15e9a15b91aa8e54d6bc0d982283&r=https%3A%2F%2Fe.mail.ru%2Fthread%2F0%3A15559335500000000132%3A500000%2F&h=e.mail.ru&rand=1556193406272&_=1556193393206 HTTP/2.0", upstream: "fastcgi://unix:/run/php/php7.3-fpm.sock:", host: "xerxes.ru", referrer: "https://e.mail.ru/thread/0:15559335500000000132:500000/"
2019/04/25 11:56:52 [error] 18771#18771: *983 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 78.85.175.231, server: xerxes.ru, request: "GET /getscripts2?&b=c98aecda097f2a52964c89167f60f61d&publisher_id=81c675d4733cd5376ff43d2bc7005e0a&uid=687b15e9a15b91aa8e54d6bc0d982283&r=https%3A%2F%2Fe.mail.ru%2Fthread%2F0%3A15559335500000000132%3A500000%2F&h=e.mail.ru&rand=1556193416634&_=1556193410996 HTTP/2.0", upstream: "fastcgi://unix:/run/php/php7.3-fpm.sock:", host: "xerxes.ru", referrer: "https://e.mail.ru/thread/0:15559335500000000132:500000/"
它是什么以及如何处理它,我第一次看到这个。
UPD:过去 3 天的 40mb 日志...
显然,这个以波斯国王的名字命名的域曾经被用作镜像数据的来源,以绕过阻塞。可以假设这是Kinogo 站点的内容,因为在浏览器扩展代码中有对获取一些脚本的请求的引用,该请求
/getscripts2被插入到<head>用户输入的每个页面中。在这种情况下,该参数h指定嵌入此脚本的主机。在这种情况下,正确的选择是简单地忽略请求:
另一种选择是要求用户删除扩展:
一个不太正确的选择是使用此功能在此扩展程序的不幸用户访问的所有站点上运行您的一些脚本。这对于扩展程序的用户来说可能非常令人沮丧,但对您来说也有风险:您可能会被 Google 列入黑名单并退出搜索结果。