本地nodejs设置假冒网址

Question

我有我的本地PC上运行的节点JS服务器。这台电脑无法从外部访问。

我所看到的是服务器日志中虚假网址的列表。这个URL请求来自哪里？这是什么样的攻击？

我的节点js包是否有恶意代码？

GET/200 453.427 ms - 517 
OPTIONS/200 0.901 ms - 8 
PROPFIND/404 57.119 ms - 1100 
OPTIONS * 404 28.097 ms - 1082 
GET /Rapid7/JBoss/version-check-UvBo5i.html 404 16.797 ms - 1100 
GET /console/login/LoginForm.jsp 404 16.349 ms - 1100 
GET /igsponsor 404 13.136 ms - 1100 
GET/200 14.813 ms - 517 
GET /spiffymcgee.jsp 404 5.804 ms - 1100 
GET/200 6.166 ms - 517 
GET/200 10.456 ms - 517 
GET /jbossws/ 404 9.220 ms - 1100 
GET /invoker/ 404 8.065 ms - 1100 
GET /jbossmq-httpil/ 404 9.178 ms - 1100 
GET /status/ 404 8.007 ms - 1100 
GET/200 13.990 ms - 517 
GET /reviews 404 8.054 ms - 1100 
GET/200 8.699 ms - 517 
GET /login 404 5.635 ms - 1100 
GET/200 5.436 ms - 517 
GET /login 404 6.158 ms - 1100 
GET/200 4.999 ms - 517 
GET /login.action 404 4.050 ms - 1100 
GET /login 404 4.466 ms - 1100 
GET /login 404 6.062 ms - 1100 
GET /owa/auth/logon.aspx 404 6.262 ms - 1100 
GET /owa/auth/logon.aspx 404 5.838 ms - 1100 
GET /owa/auth/logon.aspx 404 4.955 ms - 1100 
GET /console/App.html 404 5.447 ms - 1100 
GET/200 6.892 ms - 517 
GET /php/login.php 404 4.214 ms - 1100 
GET/200 7.227 ms - 517 
GET /CHANGELOG.txt 404 5.242 ms - 1100 
GET /wordpress/readme.html 404 4.887 ms - 1100 
GET/200 5.062 ms - 517 
GET /wordpress 404 5.213 ms - 1100 
GET /wordpress/wp-login.php 404 6.610 ms - 1100 
GET /index.php/login 404 4.692 ms - 1100 
GET /spiffymcgee.cfm 404 4.504 ms - 1100 
GET /servlet/ 404 5.111 ms - 1100 
GET/200 7.511 ms - 517 
GET /administrator/manifests/files/joomla.xml 404 4.363 ms - 1100 
GET /administrator/language/en-GB/en-GB.xml 404 4.109 ms - 1100 
GET /language/en-GB/en-GB.xml 404 5.029 ms - 1100 
GET/200 6.197 ms - 517 
GET /xmldata?item=All 404 4.925 ms - 1100 
GET/200 7.789 ms - 517 
GET /spiffymcgee.nsf 404 7.321 ms - 1100 
GET /jira/secure/Dashboard.jspa 404 5.877 ms - 1100 
GET /secure/Dashboard.jspa 404 4.130 ms - 1100 
GET /login.jsp 404 3.840 ms - 1100 
GET /console/faces/com_sun_web_ui/jsp/version/version_30.jsp 404 6.408 ms - 1100 
GET /console/faces/com_sun_web_ui/jsp/version/version_4.jsp 404 6.395 ms - 1100 
GET /phpmyadmin/ 404 5.518 ms - 1100 
GET /cgi-bin/htsearch?Exclude=%60/etc/passwd%60 404 5.433 ms - 1100 
GET /c99.php 404 6.251 ms - 1100 
POST /cgi/login 404 47.299 ms - 1100 
POST /data/login 404 53.409 ms - 1100 
POST /xmlrpc.php 404 22.703 ms - 1100 
POST /serendipity/serendipity_xmlrpc.php 404 10.856 ms - 1100 
GET /jkstatus/ 404 14.917 ms - 1100 
GET /conf/ssl/apache/integrity.key 404 10.338 ms - 1100 
POST /serendipity/xmlrpc.php 404 8.799 ms - 1100 
GET /conf/ssl/apache/integrity-smartcenter.key 404 5.615 ms - 1100 
GET /CFIDE/scheduler/ 404 6.504 ms - 1100 
POST /drupal/xmlrpc.php 404 5.956 ms - 1100 
GET /CFIDE/servermanager/ 404 13.669 ms - 1100 
GET /CFIDE/componentutils/cfcexplorer.cfc?method=getcfcinhtml&name=CFIDE.componentutils.cfcexplorer&path=../../../license.txt 404 11.957 ms - 1100 
POST /bblog/xmlrpc.php 404 5.526 ms - 1100 
GET /CFIDE/componentutils/cfcexplorer.cfc?method=getcfcinhtml&name=CFIDE.componentutils.cfcexplorer&path=../../../../license.html 404 10.053 ms - 1100 
POST /CFIDE/adminapi/administrator.cfc? 404 11.261 ms - 1100 
POST /blogs/xmlsrv/xmlrpc.php 404 9.342 ms - 1100 
GET /CFIDE/adminapi/customtags/soft404validationcheck.cfm 404 4.703 ms - 1100 
POST /xmlsrv/xmlrpc.php 404 5.444 ms - 1100 
GET /CFIDE/soft404validationcheck.cfm 404 8.133 ms - 1100 
GET /CFIDE/adminapi/customtags/fusebox.cfm 404 4.375 ms - 1100 
POST /xmlrpc/xmlrpc.php 404 5.083 ms - 1100 
GET /CFIDE/adminapi/customtags/adss.cfm 404 4.595 ms - 1100 
POST /script/xmlrpc.php 404 4.009 ms - 1100 
GET /CFIDE/AIR/ 404 5.960 ms - 1100 
GET /CFIDE/h.cfm 404 4.604 ms - 1100 
HEAD http://www.google.com:80/ 200 6.972 ms - 517 
GET /CFIDE/wizards/common/ 404 4.086 ms - 1100 
GET /CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en 404 7.514 ms - 1100 
GET /cgi-bin/php.ini 404 5.903 ms - 1100 
GET /CFIDE/h9.cfm 404 4.094 ms - 1100 
GET /phpmyadmin/ 404 4.024 ms - 1100 
POST /cgi-bin/home.tcl 404 5.114 ms - 1100 
GET /~bin/true 404 5.430 ms - 1100 
GET /CFIDE/help.cfm 404 5.527 ms - 1100 
POST /cgi-bin/test-cgi 404 3.858 ms - 1100 
GET /CFIDE/componentutils/ 404 3.889 ms - 1100 
GET /scripts/tools/newdsn.exe?driver=Microsoft%2BAccess%2BDriver%2B%28*.mdb%29&dsn=Web%20SQL&dbq=c:%5Ctemp%5Cxyz.mdb&newdb=CREATE_DB&attr= 404 4.677 ms - 1100 
GET /AdvWorks/equipment/catalog_type.asp?ProductType=|shell(%22c:cmd.exe%22)| 404 4.392 ms - 1100 
GET /CFIDE/i.cfm 404 4.823 ms - 1100 
GET /ASPSamp/AdvWorks/equipment/catalog_type.asp?ProductType=|shell(%22c:cmd.exe%22)| 404 3.932 ms - 1100 
GET /CFIDE/orm/ 404 4.252 ms - 1100 
GET /CFIDE/adminapi/base.cfc?wsdl 404 3.957 ms - 1100 
POST/404 5.537 ms - 1100 
GET /CFIDE/r.cfm 404 4.286 ms - 1100 
GET /cgi-bin/view-source?../../../../../../../etc/passwd 404 4.063 ms - 1100 
GET /cgi-bin/awstats.pl?debug=1 404 7.055 ms - 1100 
GET /crossdomain.xml 404 3.970 ms - 1100 
GET /cgi-bin/faxsurvey?/bin/cat%20/etc/passwd 404 4.197 ms - 1100 
GET /cgi-bin/awstats/awstats.pl?debug=1 404 4.098 ms - 1100 
GET /README.txt 404 3.921 ms - 1100 
GET /cgi-bin/faxquery?/bin/cat%20/etc/passwd 404 5.752 ms - 1100 
GET /_vti_bin/_vti_aut/author.dll 404 11.194 ms - 1100 
GET /CFIDE/adminapi/customtags/l10n.cfm?attributes.id=test&attributes.file=../../administrator/mail/download.cfm&filename=../../lib/password.properties&attributes.locale=it&attributes.var=it&attributes.jscript=false&attributes.type=text/html&attributes.charset=UTF-8&thisTag.executionmode=end&thisTag.generatedContent=test 404 6.015 ms - 1100 
POST /index.htm 404 4.393 ms - 1100 
TRACE/404 4.289 ms - 1100 
GET /bb/ 404 6.852 ms - 1100 
GET /?Class.classLoader.resources.cacheObjectMaxSize=foo 200 6.563 ms - 517 
GET /CFIDE/appdeployment/ 404 8.525 ms - 1100 
GET /cgi-bin/htgrep/file=index.html&hdr=/etc/passwd 404 4.959 ms - 1100 
GET /CFIDE/websocket/ 404 6.200 ms - 1100 
GET /struts2-showcase/employee/save.action 404 4.984 ms - 1100 
GET /CFIDE/portlets/ 404 6.358 ms - 1100 
GET /common/index.jsf 404 4.763 ms - 1100 
GET /CFIDE/adminapi/customtags/l10n.cfm?attributes.id=test&attributes.file=../../administrator/mail/download.cfm&filename=../lib/password.properties&attributes.locale=it&attributes.var=it&attributes.jscript=false&attributes.type=text/html&attributes.charset=UTF-8&thisTag.executionmode=end&thisTag.generatedContent=test 404 4.718 ms - 1100 
GET /CFIDE/wizards/common/utils.cfc?method=verifyldapserver&vserver=localhost&vport=22&vstart=&vusername=&vpassword=&returnformat=json 404 4.245 ms - 1100 
GET /CFIDE/adminiapi/ 404 6.210 ms - 1100 
GET /CFIDE/services/ 404 5.988 ms - 1100 
GET /CFIDE/administrator/ 404 4.210 ms - 1100 
GET /CFIDE/administrator/enter.cfm 404 4.537 ms - 1100 
GET /cgi-bin/awstats.pl?PluginMode=:print+%22x%22%2e(1042+%2b+1099)%2e%22x%22; 404 3.929 ms - 1100 
GET /struts2-blank/example/HelloWorld.action 404 3.957 ms - 1100 
GET /?class.classLoader.resources.cacheObjectMaxSize=foo 200 6.800 ms - 517 
GET /cgi-bin/htmlscript?../../../../../../../etc/passwd 404 4.158 ms - 1100 
GET /cgi-bin/awstats/awstats.pl?PluginMode=:print+%22x%22%2e(1042+%2b+1099)%2e%22x%22; 404 4.301 ms - 1100 
POST /flex2gateway/http 404 5.857 ms - 1100 
GET/200 15.168 ms - 517 
POST /flex2gateway/httpsecure 404 15.935 ms - 1100 
POST /messagebroker/http 404 7.137 ms - 1100 
POST /messagebroker/httpsecure 404 3.736 ms - 1100 
POST /blazeds/messagebroker/http 404 3.765 ms - 1100 
POST /blazeds/messagebroker/httpsecure 404 3.731 ms - 1100 
POST /samples/messagebroker/http 404 3.869 ms - 1100 
GET /r7.txt 404 4.059 ms - 1100 
POST /samples/messagebroker/httpsecure 404 5.445 ms - 1100 
POST /lcds/messagebroker/http 404 3.682 ms - 1100 
POST /lcds/messagebroker/httpsecure 404 3.802 ms - 1100 
POST /lcds-samples/messagebroker/http 404 3.731 ms - 1100 
POST /lcds-samples/messagebroker/httpsecure 404 3.730 ms - 1100 
PUT /r7.txt 404 3.707 ms - 1100 
GET /r7.txt 404 3.786 ms - 1100 
HEAD /index.php 404 6.588 ms - 1100 
POST /cgi-bin/webcgi/login 404 4.221 ms - 1100 
GET/200 5.813 ms - 517 
GET /portal/diag/index.jsp 404 3.786 ms - 1100 
GET /miners 304 57.834 ms - - 
GET /stylesheets/style.css 304 15.845 ms - - 
GET /xmldata?item=All 404 85.536 ms - 1100 

有没有可能增加npm start调试级别？我想查看GET请求的源IP以及时间戳。

Answer 1

在您的应用程序中实现CORS，然后所有请求都会通过它，并且您可以限制来自不同域的请求。 如果您使用的是expressJS，那么您可以通过以下方式进行。

var allowCrossDomain = function(req, res, next) { 
res.header('Access-Control-Allow-Origin', '*'); // here you can restrict Origin 
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE'); 
res.header('Access-Control-Allow-Headers', 'Content-Type'); 
next(); 
} 
app.use(allowCrossDomain);