V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
zuoakang
V2EX  ›  问与答

第一次使用 Frp 做内网穿透,早上看服务器日志发现 5 点多有请求日志,是被黑了吗?

  •  
  •   zuoakang · 2019-04-16 14:29:26 +08:00 · 2887 次点击
    这是一个创建于 2085 天前的主题,其中的信息可能已经有所发展或是发生改变。
    • 外网服务端是 Ubuntu
    • 内网客户端使用的是 win7

    客户端配置:

    [common]
    server_addr = xxxx
    server_port = 7000
    
    [RDP]
    type = tcp
    local_ip = 0.0.0.0
    local_port = 3389
    remote_port = 6000
    
    [web]
    type = http
    local_port = 8080
    custom_domains = www.xxxx
    
    
    [vnc]
    type = tcp
    local_ip = 127.0.0.1
    local_port = 5900
    remote_port = 5900
    

    这种情况是不是被黑了? 有人晚上连我的电脑吗?日志记录如下:

    2019/04/16 05:14:59 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
     2019/04/16 05:15:00 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
     2019/04/16 05:15:07 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
     2019/04/16 05:15:15 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
     2019/04/16 05:15:16 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
     2019/04/16 05:15:24 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
     2019/04/16 05:15:32 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
     2019/04/16 05:15:32 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
     2019/04/16 05:15:43 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
     2019/04/16 05:15:51 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
     2019/04/16 05:16:58 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
     2019/04/16 05:17:06 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
     2019/04/16 05:17:22 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
     2019/04/16 05:17:23 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
     2019/04/16 05:17:30 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
     2019/04/16 05:17:41 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
     2019/04/16 05:18:06 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
     2019/04/16 05:18:55 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
     2019/04/16 05:19:03 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
     2019/04/16 05:19:20 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
     2019/04/16 05:19:20 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
     2019/04/16 05:19:37 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
     2019/04/16 05:19:48 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
     2019/04/16 05:19:48 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
     2019/04/16 05:19:56 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
     2019/04/16 05:20:03 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
     2019/04/16 05:20:04 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
     2019/04/16 05:20:11 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
     2019/04/16 05:20:19 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
     2019/04/16 05:20:19 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
     2019/04/16 05:20:27 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
     2019/04/16 05:22:02 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
     2019/04/16 05:22:10 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
     2019/04/16 05:22:17 ^[[1;34m[I] [proxy.go:82] [7acf780dee1a4431] [vnc] get a new work connection: [27.38.112.65:13377]^[[0m
    
    6 条回复    2019-04-17 00:34:39 +08:00
    soulzz
        1
    soulzz  
       2019-04-16 14:40:21 +08:00
    token 要设的吧
    现在有些爬虫专门爬你这种 frp 不设密码的
    BCy66drFCvk1Ou87
        2
    BCy66drFCvk1Ou87  
       2019-04-16 15:36:00 +08:00 via Android
    就这点请求不一定是恶意攻击 有可能是正常采集
    sodora
        3
    sodora  
       2019-04-16 15:40:00 +08:00
    token 当然要设置,但这不是 token 问题。
    5900 端口没做限制,有人 /爬虫尝试连接这个端口,如果这个 vnc 没设置密码,就可以直接操控你的电脑了哈。
    zuoakang
        4
    zuoakang  
    OP
       2019-04-16 16:36:24 +08:00
    谢谢大家,token 没有设置确实是问题。vnc 登录是需要电脑自带的账户名和密码的。爬虫为什么要爬这个端口的数据。。
    yu1u
        5
    yu1u  
       2019-04-16 16:39:00 +08:00 via Android
    @zuoakang 不一定是爬虫,可能是来自网络的扫描在请求这个端口
    flynaj
        6
    flynaj  
       2019-04-17 00:34:39 +08:00 via Android
    不要用默认端口
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   977 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 24ms · UTC 21:17 · PVG 05:17 · LAX 13:17 · JFK 16:17
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.