主页 / 问题 / 974839
Accepted
Paul Wall
Asked:2020-04-25 20:00:43 +0000 UTC2020-04-25 20:00:43 +0000 UTC

不断在网站上请求 getscripts2

  • 772

我注册了一个域,一旦我设置了它,我就会在日志中看到每分钟来自不同 IP 的不同引荐,他们都会在网站上敲击某种脚本。以下是日志中的错误示例:

2019/04/25 11:54:52 [error] 18771#18771: *968 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 83.97.110.197, server: xerxes.ru, request: "GET /getscripts2?&b=c98aecda097f2a52964c89167f60f61d&publisher_id=81c675d4733cd5376ff43d2bc7005e0a&uid=1b10b02d377e8c936434a509e7747005&r=&h=www.google.com&rand=1556193290958&_=1556193290480 HTTP/2.0", upstream: "fastcgi://unix:/run/php/php7.3-fpm.sock:", host: "xerxes.ru", referrer: "https://www.google.com/"
2019/04/25 11:54:59 [error] 18771#18771: *968 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 83.97.110.197, server: xerxes.ru, request: "GET /getscripts2?&b=c98aecda097f2a52964c89167f60f61d&publisher_id=81c675d4733cd5376ff43d2bc7005e0a&uid=1b10b02d377e8c936434a509e7747005&r=https%3A%2F%2Fwww.google.com%2F&h=www.youtube.com&rand=1556193298293&_=1556193295292 HTTP/2.0", upstream: "fastcgi://unix:/run/php/php7.3-fpm.sock:", host: "xerxes.ru", referrer: "https://www.youtube.com/"
2019/04/25 11:55:51 [error] 18771#18771: *975 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 78.85.175.231, server: xerxes.ru, request: "GET /getscripts2?&b=c98aecda097f2a52964c89167f60f61d&publisher_id=81c675d4733cd5376ff43d2bc7005e0a&uid=687b15e9a15b91aa8e54d6bc0d982283&r=&h=e.mail.ru&rand=1556193355156&_=1556193343577 HTTP/2.0", upstream: "fastcgi://unix:/run/php/php7.3-fpm.sock:", host: "xerxes.ru", referrer: "https://e.mail.ru/thread/0:15559335500000000132:500000/"
2019/04/25 11:56:17 [error] 18771#18771: *977 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 188.235.10.69, server: xerxes.ru, request: "GET /getscripts2?&b=c98aecda097f2a52964c89167f60f61d&publisher_id=81c675d4733cd5376ff43d2bc7005e0a&uid=b75f3a00d7c3ac8ba10820b87473fe92&r=&h=yandex.ru&rand=1556189834748&_=1556189832912 HTTP/2.0", upstream: "fastcgi://unix:/run/php/php7.3-fpm.sock:", host: "xerxes.ru", referrer: "https://yandex.ru/"
2019/04/25 11:56:18 [error] 18771#18771: *977 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 188.235.10.69, server: xerxes.ru, request: "GET /getscripts2?&b=c98aecda097f2a52964c89167f60f61d&publisher_id=81c675d4733cd5376ff43d2bc7005e0a&uid=b75f3a00d7c3ac8ba10820b87473fe92&r=https%3A%2F%2Fyandex.ru%2F&h=mail.yandex.ru&rand=1556189836082&_=1556189835338 HTTP/2.0", upstream: "fastcgi://unix:/run/php/php7.3-fpm.sock:", host: "xerxes.ru", referrer: "https://mail.yandex.ru/"
2019/04/25 11:56:42 [error] 18771#18771: *981 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 78.85.175.231, server: xerxes.ru, request: "GET /getscripts2?&b=c98aecda097f2a52964c89167f60f61d&publisher_id=81c675d4733cd5376ff43d2bc7005e0a&uid=687b15e9a15b91aa8e54d6bc0d982283&r=https%3A%2F%2Fe.mail.ru%2Fthread%2F0%3A15559335500000000132%3A500000%2F&h=e.mail.ru&rand=1556193406272&_=1556193393206 HTTP/2.0", upstream: "fastcgi://unix:/run/php/php7.3-fpm.sock:", host: "xerxes.ru", referrer: "https://e.mail.ru/thread/0:15559335500000000132:500000/"
2019/04/25 11:56:52 [error] 18771#18771: *983 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 78.85.175.231, server: xerxes.ru, request: "GET /getscripts2?&b=c98aecda097f2a52964c89167f60f61d&publisher_id=81c675d4733cd5376ff43d2bc7005e0a&uid=687b15e9a15b91aa8e54d6bc0d982283&r=https%3A%2F%2Fe.mail.ru%2Fthread%2F0%3A15559335500000000132%3A500000%2F&h=e.mail.ru&rand=1556193416634&_=1556193410996 HTTP/2.0", upstream: "fastcgi://unix:/run/php/php7.3-fpm.sock:", host: "xerxes.ru", referrer: "https://e.mail.ru/thread/0:15559335500000000132:500000/"

它是什么以及如何处理它,我第一次看到这个。

UPD:过去 3 天的 40mb 日志...

nginx

1 个回答

  1. Best Answer

    显然,这个以波斯国王的名字命名的域曾经被用作镜像数据的来源,以绕过阻塞。可以假设这是Kinogo 站点的内容,因为在浏览器扩展代码中有对获取一些脚本的请求的引用,该请求/getscripts2被插入到<head>用户输入的每个页面中。在这种情况下,该参数h指定嵌入此脚本的主机。

    在这种情况下,正确的选择是简单地忽略请求:

    location = /getscripts2 {
    access_log off;
    expires max;
    return 200 "";
}

    另一种选择是要求用户删除扩展:

    location = /getscripts2 {
    access_log off;
    return 200 "alert('Удалите устаревшее расширение для доступа к онлайн-кинотеатру. Это сообщение будет показываться пока расширение не будет удалено.');";
}

    一个不太正确的选择是使用此功能在此扩展程序的不幸用户访问的所有站点上运行您的一些脚本。这对于扩展程序的用户来说可能非常令人沮丧,但对您来说也有风险:您可能会被 Google 列入黑名单并退出搜索结果。

    • 5

相关问题