RError.com

RError.com Logo RError.com Logo

RError.com Navigation

  • 主页

Mobile menu

Close
  • 主页
  • 系统&网络
    • 热门问题
    • 最新问题
    • 标签
  • Ubuntu
    • 热门问题
    • 最新问题
    • 标签
  • 帮助
主页 / 问题 / 974839
Accepted
Paul Wall
Paul Wall
Asked:2020-04-25 20:00:43 +0000 UTC2020-04-25 20:00:43 +0000 UTC 2020-04-25 20:00:43 +0000 UTC

不断在网站上请求 getscripts2

  • 772

我注册了一个域,一旦我设置了它,我就会在日志中看到每分钟来自不同 IP 的不同引荐,他们都会在网站上敲击某种脚本。以下是日志中的错误示例:

2019/04/25 11:54:52 [error] 18771#18771: *968 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 83.97.110.197, server: xerxes.ru, request: "GET /getscripts2?&b=c98aecda097f2a52964c89167f60f61d&publisher_id=81c675d4733cd5376ff43d2bc7005e0a&uid=1b10b02d377e8c936434a509e7747005&r=&h=www.google.com&rand=1556193290958&_=1556193290480 HTTP/2.0", upstream: "fastcgi://unix:/run/php/php7.3-fpm.sock:", host: "xerxes.ru", referrer: "https://www.google.com/"
2019/04/25 11:54:59 [error] 18771#18771: *968 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 83.97.110.197, server: xerxes.ru, request: "GET /getscripts2?&b=c98aecda097f2a52964c89167f60f61d&publisher_id=81c675d4733cd5376ff43d2bc7005e0a&uid=1b10b02d377e8c936434a509e7747005&r=https%3A%2F%2Fwww.google.com%2F&h=www.youtube.com&rand=1556193298293&_=1556193295292 HTTP/2.0", upstream: "fastcgi://unix:/run/php/php7.3-fpm.sock:", host: "xerxes.ru", referrer: "https://www.youtube.com/"
2019/04/25 11:55:51 [error] 18771#18771: *975 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 78.85.175.231, server: xerxes.ru, request: "GET /getscripts2?&b=c98aecda097f2a52964c89167f60f61d&publisher_id=81c675d4733cd5376ff43d2bc7005e0a&uid=687b15e9a15b91aa8e54d6bc0d982283&r=&h=e.mail.ru&rand=1556193355156&_=1556193343577 HTTP/2.0", upstream: "fastcgi://unix:/run/php/php7.3-fpm.sock:", host: "xerxes.ru", referrer: "https://e.mail.ru/thread/0:15559335500000000132:500000/"
2019/04/25 11:56:17 [error] 18771#18771: *977 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 188.235.10.69, server: xerxes.ru, request: "GET /getscripts2?&b=c98aecda097f2a52964c89167f60f61d&publisher_id=81c675d4733cd5376ff43d2bc7005e0a&uid=b75f3a00d7c3ac8ba10820b87473fe92&r=&h=yandex.ru&rand=1556189834748&_=1556189832912 HTTP/2.0", upstream: "fastcgi://unix:/run/php/php7.3-fpm.sock:", host: "xerxes.ru", referrer: "https://yandex.ru/"
2019/04/25 11:56:18 [error] 18771#18771: *977 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 188.235.10.69, server: xerxes.ru, request: "GET /getscripts2?&b=c98aecda097f2a52964c89167f60f61d&publisher_id=81c675d4733cd5376ff43d2bc7005e0a&uid=b75f3a00d7c3ac8ba10820b87473fe92&r=https%3A%2F%2Fyandex.ru%2F&h=mail.yandex.ru&rand=1556189836082&_=1556189835338 HTTP/2.0", upstream: "fastcgi://unix:/run/php/php7.3-fpm.sock:", host: "xerxes.ru", referrer: "https://mail.yandex.ru/"
2019/04/25 11:56:42 [error] 18771#18771: *981 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 78.85.175.231, server: xerxes.ru, request: "GET /getscripts2?&b=c98aecda097f2a52964c89167f60f61d&publisher_id=81c675d4733cd5376ff43d2bc7005e0a&uid=687b15e9a15b91aa8e54d6bc0d982283&r=https%3A%2F%2Fe.mail.ru%2Fthread%2F0%3A15559335500000000132%3A500000%2F&h=e.mail.ru&rand=1556193406272&_=1556193393206 HTTP/2.0", upstream: "fastcgi://unix:/run/php/php7.3-fpm.sock:", host: "xerxes.ru", referrer: "https://e.mail.ru/thread/0:15559335500000000132:500000/"
2019/04/25 11:56:52 [error] 18771#18771: *983 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 78.85.175.231, server: xerxes.ru, request: "GET /getscripts2?&b=c98aecda097f2a52964c89167f60f61d&publisher_id=81c675d4733cd5376ff43d2bc7005e0a&uid=687b15e9a15b91aa8e54d6bc0d982283&r=https%3A%2F%2Fe.mail.ru%2Fthread%2F0%3A15559335500000000132%3A500000%2F&h=e.mail.ru&rand=1556193416634&_=1556193410996 HTTP/2.0", upstream: "fastcgi://unix:/run/php/php7.3-fpm.sock:", host: "xerxes.ru", referrer: "https://e.mail.ru/thread/0:15559335500000000132:500000/"

它是什么以及如何处理它,我第一次看到这个。

UPD:过去 3 天的 40mb 日志...

nginx
  • 1 1 个回答
  • 10 Views

1 个回答

  • Voted
  1. Best Answer
    sanmai
    2020-04-30T09:12:15Z2020-04-30T09:12:15Z

    显然,这个以波斯国王的名字命名的域曾经被用作镜像数据的来源,以绕过阻塞。可以假设这是Kinogo 站点的内容,因为在浏览器扩展代码中有对获取一些脚本的请求的引用,该请求/getscripts2被插入到<head>用户输入的每个页面中。在这种情况下,该参数h指定嵌入此脚本的主机。

    在这种情况下,正确的选择是简单地忽略请求:

    location = /getscripts2 {
        access_log off;
        expires max;
        return 200 "";
    }
    

    另一种选择是要求用户删除扩展:

    location = /getscripts2 {
        access_log off;
        return 200 "alert('Удалите устаревшее расширение для доступа к онлайн-кинотеатру. Это сообщение будет показываться пока расширение не будет удалено.');";
    }
    

    一个不太正确的选择是使用此功能在此扩展程序的不幸用户访问的所有站点上运行您的一些脚本。这对于扩展程序的用户来说可能非常令人沮丧,但对您来说也有风险:您可能会被 Google 列入黑名单并退出搜索结果。

    • 5

相关问题

Sidebar

Stats

  • 问题 10021
  • Answers 30001
  • 最佳答案 8000
  • 用户 6900
  • 常问
  • 回答
  • Marko Smith

    根据浏览器窗口的大小调整背景图案的大小

    • 2 个回答
  • Marko Smith

    理解for循环的执行逻辑

    • 1 个回答
  • Marko Smith

    复制动态数组时出错(C++)

    • 1 个回答
  • Marko Smith

    Or and If,elif,else 构造[重复]

    • 1 个回答
  • Marko Smith

    如何构建支持 x64 的 APK

    • 1 个回答
  • Marko Smith

    如何使按钮的输入宽度?

    • 2 个回答
  • Marko Smith

    如何显示对象变量的名称?

    • 3 个回答
  • Marko Smith

    如何循环一个函数?

    • 1 个回答
  • Marko Smith

    LOWORD 宏有什么作用?

    • 2 个回答
  • Marko Smith

    从字符串的开头删除直到并包括一个字符

    • 2 个回答
  • Martin Hope
    Alexandr_TT 2020年新年大赛! 2020-12-20 18:20:21 +0000 UTC
  • Martin Hope
    Alexandr_TT 圣诞树动画 2020-12-23 00:38:08 +0000 UTC
  • Martin Hope
    Air 究竟是什么标识了网站访问者? 2020-11-03 15:49:20 +0000 UTC
  • Martin Hope
    Qwertiy 号码显示 9223372036854775807 2020-07-11 18:16:49 +0000 UTC
  • Martin Hope
    user216109 如何为黑客设下陷阱,或充分击退攻击? 2020-05-10 02:22:52 +0000 UTC
  • Martin Hope
    Qwertiy 并变成3个无穷大 2020-11-06 07:15:57 +0000 UTC
  • Martin Hope
    koks_rs 什么是样板代码? 2020-10-27 15:43:19 +0000 UTC
  • Martin Hope
    Sirop4ik 向 git 提交发布的正确方法是什么? 2020-10-05 00:02:00 +0000 UTC
  • Martin Hope
    faoxis 为什么在这么多示例中函数都称为 foo? 2020-08-15 04:42:49 +0000 UTC
  • Martin Hope
    Pavel Mayorov 如何从事件或回调函数中返回值?或者至少等他们完成。 2020-08-11 16:49:28 +0000 UTC

热门标签

javascript python java php c# c++ html android jquery mysql

Explore

  • 主页
  • 问题
    • 热门问题
    • 最新问题
  • 标签
  • 帮助

Footer

RError.com

关于我们

  • 关于我们
  • 联系我们

Legal Stuff

  • Privacy Policy

帮助

© 2023 RError.com All Rights Reserve   沪ICP备12040472号-5