問題描述

118.190.15.31 阿里云- - [26/Feb/2017:02:30:48 +0800] 'GET / HTTP

117.185.27.114 上海移動- - [26/Feb/2017:02:47:54 +0800] 'GET /v1

118.178.227.101 - - [26/Feb/2017:03:29:00 +0800] 'GET /manager/h118.178.227.101 - tomcat [26/Feb/2017:03:29:03 +0800] 'GET /mana118.178.227.101 - - [26/Feb/2017:03:31:27 +0800] 'GET /manager/h118.178.227.101 - tomcat [26/Feb/2017:03:31:27 +0800] 'GET /mana118.178.227.101 - - [26/Feb/2017:03:31:27 +0800] 'GET /manager/i118.178.227.101 - - [26/Feb/2017:03:31:27 +0800] 'GET /manager/i118.178.227.101 - - [26/Feb/2017:03:31:28 +0800] 'GET /favicon.i

112.90.82.218 深圳聯通- - [26/Feb/2017:04:30:42 +0800] 'GET /v10

180.153.212.13 上海電信- - [26/Feb/2017:04:30:51 +0800] 'GET /v1

36.34.10.89 安徽合肥- - [26/Feb/2017:04:50:46 +0800] 'CONNECT ww171.37.30.132 - - [26/Feb/2017:04:50:46 +0800] 'GET / HTTP/1.1'

125.39.207.33 天津聯通 - - [26/Feb/2017:08:46:03 +0800] 'GET / H

101.226.64.174 上海電信 - - [26/Feb/2017:09:10:19 +0800] 'GET /v

123.151.42.61 - - [26/Feb/2017:09:12:16 +0800] 'GET / HTTP/1.1'

101.226.66.177 上海電信- - [26/Feb/2017:15:52:56 +0800] 'GET /ma

107.179.126.18 - - [26/Feb/2017:16:38:16 +0800] 'GET /manager/ht

139.162.81.62 美國- - [26/Feb/2017:17:45:20 +0800] 'GET /echo.ph

101.226.64.174 - - [26/Feb/2017:17:15:19 +0800] 'GET /manager/h

112.65.193.14 - - [26/Feb/2017:19:41:59 +0800] 'GET /manager/ht

119.5.0.45 - - [26/Feb/2017:19:42:12 +0800] 'GET /manager/html/

220.191.238.115 - - [26/Feb/2017:19:56:49 +0800] 'GET /phpmyadm

42.51.194.10 河南洛陽BGP多線- - [26/Feb/2017:21:21:37 +0800] 'GE42.51.194.10 - tomcat [26/Feb/2017:21:21:38 +0800] 'GET /manager

101.226.102.97 上海電信- - [26/Feb/2017:21:22:19 +0800] 'GET /ma

112.28.129.115 - - [26/Feb/2017:21:35:17 +0800] 'GET /manager/ht

112.28.129.115 - tomcat [26/Feb/2017:21:35:18 +0800] 'GET /manag112.28.129.115 - - [26/Feb/2017:21:35:18 +0800] 'GET /manager/im112.28.129.115 - - [26/Feb/2017:21:35:18 +0800] 'GET /manager/im112.28.129.115 - - [26/Feb/2017:21:35:18 +0800] 'GET /favicon.ic

101.226.33.202 - - [26/Feb/2017:23:54:20 +0800] 'GET /manager/ht

應用放在騰訊云上，但是日志莫名其妙有一些陌生的IP，查了一下地址標注在了后面，求大牛指導是什么原因

問題解答

應用發布到網上，除了正常訪問，一般還會有如下三種情況：

爬蟲訪問 這種情況在tomcat打印access日志時，把 user-agent 打印出來就可以看到，會有搜索引擎名字，如baidu、sogou等，而且一般搜索引擎IP都可以反查到，可以IP查詢（http://www.ip138.com）反查一下

安全站點掃描 如果使用360或其他站長安全掃描工具，也會有大量IP過來訪問

惡意工具掃描 與第二項類似，安全掃描會通過之前設置好的掃描點逐步掃描，也會造成大量IP訪問

排查時主要關注掃描IP是否搜索引擎或安全站點掃描IP，以及掃描的目錄點來綜合判斷，如果判斷為惡意IP，可以配合防火墻規則進行屏蔽即可。

額，被爬蟲爬到了……

把User-Agent也打出來吧，會大開眼界的 :-)

下面這條應該不是爬蟲，是掃描程序吧

220.191.238.115 - - [26/Feb/2017:19:56:49 +0800] 'GET /phpmyadm