一种针对服务器的云盘空间的新型网页攻击

就在昨天，主机邦的一个网站无缘无故502了，主机邦登陆宝塔后台发现服务器云盘空间居然满了，要知道买的云服务器有50G的空间容量哈，即使装了系统和Web环境，也不过才10G，还有40G去哪了？！

一开始主机帮以为是网站空间的缓存导致的，结果查询www目录，发现只要几百M，也就是整个网站程序只有几百M，那就不是网站生成的缓存了，然后我们通过查询网站请求日志，发现网站正被自动化软件请求。

150.138.245.235 - - [10/Dec/2024:01:34:40 +0800] ＂GET /users/bACBBxumn/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/gold%5C/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/gold%5C/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/gold%5C/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/gold%5C/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/gold%5C/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/gold%5C/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/gold%5C/%5C%22javascript:void(0)%5C%22 HTTP/1.1＂ 301 5 ＂https://www.yunjiasu.cc/users/bACBBxumn/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/gold%5C/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/gold%5C/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/gold%5C/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/gold%5C/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/gold%5C/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/gold%5C/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/gold%5C/credit%5C＂ ＂Wget/1.21.1＂ 150.138.245.235 - - [10/Dec/2024:01:34:40 +0800] ＂GET /users/bACBBxumn/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/gold%5C/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/gold%5C/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/gold%5C/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/gold%5C/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/gold%5C/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/gold%5C/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/gold%5C/%5C%22javascript:void(0)%5C HTTP/1.1＂ 200 131338 ＂https://www.yunjiasu.cc/users/bACBBxumn/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/gold%5C/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/gold%5C/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/gold%5C/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/gold%5C/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/gold%5C/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/gold%5C/%5C%22https:%5C/%5C/www.yunjiasu.cc%5C/gold%5C/credit%5C＂ ＂Wget/1.21.1＂

这些请求链接不仅长，而且编码乱七八糟的，本来是对网站空间产生不了什么影响的，但不知道什么原因Debian系统会产生大量的缓存文件，直接导致云服务器的资料占用空间一直在涨，短短半小时就涨了1G的占用空间，吓得主机邦赶紧换系统，换成比较成熟的CentOS，并用百度云防护拦截UA含Wget的请求，这才恢复正常。

主机邦猜测这可能是一种利用程序漏洞攻击操作系统，让操作系统产生大量的临时文件，从而占满服务器空间，这种攻击的目的就是让你的网站无法正常访问，也不知道主机邦的网站做了什么伤天害理的事情。自从使用百度云防护拦截后，就没有再收类似的攻击请求了。