我的托管计划(托管多个网站的共享托管计划)经历了非凡的 CPU 负载,我发现许多过程来自一个电子商务网站。我关闭了网站,CPU 负载下降(再次处于正常区域)。
我试图通过有问题的网站的日志文件找出是什么触发了这种搜索。我发现日志文件每 2-3 分钟创建一次,并且所有文件都包含类似下一个块的代码行(出于安全原因,我更改了 db 用户名和真实文件夹名称):
[20-Mar-2020 06:36:30 America/Chicago] PHP Warning: mysqli_connect(): (28000/1045): Access denied for user 'dbuser'@'localhost' (using password: YES) in /home4/myroot/public_html/website_folder/includes/classes/db/mysql/query_factory.php on line 64
[20-Mar-2020 06:36:30 America/Chicago] Request URI: /, IP address: 31.13.103.24
#1 mysqli_connect() called at [/home4/myroot/public_html/website_folder/includes/classes/db/mysql/query_factory.php:64]
#2 queryFactory->connect() called at [/home4/myroot/public_html/website_folder/includes/init_includes/init_database.php:23]
#3 require(/home4/myroot/public_html/website_folder/includes/init_includes/init_database.php) called at [/home4/myroot/public_html/website_folder/includes/autoload_func.php:48]
#4 require(/home4/myroot/public_html/website_folder/includes/autoload_func.php) called at [/home4/myroot/public_html/website_folder/includes/application_top.php:170]
#5 require(/home4/myroot/public_html/website_folder/includes/application_top.php) called at [/home4/myroot/public_html/website_folder/index.php:26]
以及以这一行开头的类似代码块:
[24-Mar-2020 08:57:10 America/Chicago] PHP Warning: mysqli_connect(): (28000/1045): Access denied for user 'root'@'localhost' (using password: NO) in /home4/myroot/public_html/website_folder/includes/classes/db/mysql/query_factory.php on line 64
一个日志文件包含几十个这样的代码块——一个在另一个之下。这看起来像是为了破坏网站的外部尝试(即 sql 注入尝试)吗?
我看到许多日志文件,其中这些行与高 CPU 负载相关。有人有解释吗?
谢谢!