熊宝宝 老美和台湾黑客一直在利用PHP CGI漏洞 坚持不懈的攻克我的服务器,我该如何反击这些IP
[13/Jun/2024:16:06:20 +0800] 49.85.79.223 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET / HTTP/1.1" 305
[13/Jun/2024:16:06:51 +0800] 162.216.149.99 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET / HTTP/1.1" 284
[13/Jun/2024:16:33:32 +0800] 185.59.223.68 - - "GET / HTTP/1.0" 362
[13/Jun/2024:16:44:04 +0800] 103.166.86.154 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /cgi-bin/php-cgi.exe?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 204
[13/Jun/2024:16:44:04 +0800] 103.166.86.154 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /php-cgi/php-cgi.exe?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 204
[13/Jun/2024:16:44:04 +0800] 103.166.86.154 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /cgi-bin/php.exe?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 204
[13/Jun/2024:16:44:04 +0800] 103.166.86.154 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /php-cgi/php.exe?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 204
[13/Jun/2024:16:44:04 +0800] 103.166.86.154 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /index.php?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 349
[13/Jun/2024:16:44:04 +0800] 103.166.86.154 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /index.test?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 204
[13/Jun/2024:16:45:13 +0800] 146.70.200.117 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /php-cgi/php-cgi.exe/?%ADd+allow_url_include%3Don+-d+auto_prepend_file%3Dphp%3A//input+-d+cgi.force_redirect%3D0 HTTP/1.1" 204
[13/Jun/2024:16:46:04 +0800] 103.166.86.154 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /cgi-bin/php-cgi.exe?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 204
[13/Jun/2024:16:46:04 +0800] 103.166.86.154 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /php-cgi/php-cgi.exe?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 204
[13/Jun/2024:16:46:04 +0800] 103.166.86.154 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /cgi-bin/php.exe?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 204
[13/Jun/2024:16:46:04 +0800] 103.166.86.154 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /php-cgi/php.exe?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 204
[13/Jun/2024:16:46:05 +0800] 103.166.86.154 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /index.php?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 390
[13/Jun/2024:16:46:05 +0800] 103.166.86.154 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /index.test?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 204
[13/Jun/2024:16:52:17 +0800] 146.70.200.117 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /php-cgi/php-cgi.exe/?%ADd+allow_url_include%3Don+-d+auto_prepend_file%3Dphp%3A//input+-d+cgi.force_redirect%3D0 HTTP/1.1" 204
[13/Jun/2024:17:18:24 +0800] 87.236.176.13 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET / HTTP/1.1" 283
[13/Jun/2024:18:12:37 +0800] 104.234.204.32 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /assets/.git/config HTTP/1.1" 204
[13/Jun/2024:18:23:05 +0800] 104.234.204.32 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /assets/.git/config HTTP/1.1" 204
[13/Jun/2024:18:33:32 +0800] 218.75.105.196 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /index.php?%ADd+allow_url_include%3Don+%ADd+auto_prepend_file%3Dphp%3A//input HTTP/1.1" 294
[13/Jun/2024:18:33:38 +0800] 77.36.2.28 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.1" 204
[13/Jun/2024:18:34:10 +0800] 77.36.2.28 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.1" 204
[13/Jun/2024:18:40:03 +0800] 66.103.201.244 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET / HTTP/1.1" 345
[13/Jun/2024:18:40:04 +0800] 66.103.201.244 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET / HTTP/1.1" 284
[13/Jun/2024:18:40:05 +0800] 66.103.201.244 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /favicon.ico HTTP/1.1" 204
[13/Jun/2024:18:40:15 +0800] 66.103.201.244 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /favicon.ico HTTP/1.1" 204
[13/Jun/2024:18:40:27 +0800] 66.103.201.244 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /index.php?%ADd%20allow_url_include%3d1%20-d%20auto_prepend_file%3dphp://input HTTP/1.1" 307
[13/Jun/2024:18:41:53 +0800] 123.57.13.121 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET / HTTP/1.1" 290
[13/Jun/2024:18:52:26 +0800] 66.103.201.244 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET / HTTP/1.1" 294
[13/Jun/2024:18:52:26 +0800] 66.103.201.244 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET / HTTP/1.1" 345
[13/Jun/2024:18:52:27 +0800] 66.103.201.244 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /favicon.ico HTTP/1.1" 204
[13/Jun/2024:18:52:38 +0800] 66.103.201.244 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /favicon.ico HTTP/1.1" 204
[13/Jun/2024:18:52:49 +0800] 66.103.201.244 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /index.php?%ADd%20allow_url_include%3d1%20-d%20auto_prepend_file%3dphp://input HTTP/1.1" 257
[13/Jun/2024:19:01:29 +0800] 223.113.128.227 - - "GET / HTTP/1.0" 362
[13/Jun/2024:19:01:38 +0800] 223.113.128.227 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET / HTTP/1.1" 350
[13/Jun/2024:19:01:39 +0800] 223.113.128.227 TLSv1.3 TLS_AES_256_GCM_SHA384 "t3 12.1.2\n" 226
[13/Jun/2024:19:02:31 +0800] 184.94.212.101 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /php-cgi/php-cgi.exe?%add+allow_url_include%3d1+%add+auto_prepend_file%3dphp://input HTTP/1.1" 204
[13/Jun/2024:19:03:01 +0800] 184.94.212.101 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /php-cgi/php-cgi.exe?%add+allow_url_include%3dOn+-d+auto_prepend_file%3dphp://input+-d+error_reporting%3d0 HTTP/1.1" 204
[13/Jun/2024:19:03:14 +0800] 106.75.101.79 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET / HTTP/1.1" 348
[13/Jun/2024:19:03:16 +0800] 106.75.101.79 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /favicon.ico HTTP/1.1" 204
[13/Jun/2024:19:03:46 +0800] 106.75.101.79 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /robots.txt HTTP/1.1" 204
[13/Jun/2024:19:03:46 +0800] 106.75.101.79 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /sitemap.xml HTTP/1.1" 204
[13/Jun/2024:19:04:20 +0800] 106.75.101.79 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /axis2-admin/ HTTP/1.1" 204
[13/Jun/2024:19:04:35 +0800] 106.75.101.79 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /axis2/ HTTP/1.1" 204
[13/Jun/2024:19:04:50 +0800] 106.75.101.79 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /axis2/axis2-admin/ HTTP/1.1" 204
[13/Jun/2024:19:38:24 +0800] 52.160.33.137 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /owa/auth/x.js HTTP/1.1" 204
[13/Jun/2024:19:47:22 +0800] 34.22.208.68 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET / HTTP/1.1" 292
[13/Jun/2024:20:43:11 +0800] 172.169.2.103 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /version HTTP/1.1" 204
[13/Jun/2024:21:27:32 +0800] 220.133.168.167 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "POST /php-cgi/php-cgi.exe?%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.1" 204
[13/Jun/2024:21:27:32 +0800] 220.133.168.167 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "POST /php-cgi/php-cgi.exe?%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.1" 204
[13/Jun/2024:21:32:12 +0800] 220.133.168.167 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "POST /php-cgi/php-cgi.exe?%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.1" 204
[13/Jun/2024:21:39:09 +0800] 123.57.13.121 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET / HTTP/1.1" 256
附上大神给出的防范方法
PHP CGI漏洞https://www.163.com/dy/article/J4GA0GDN05567S03.html
[13/Jun/2024:16:06:20 +0800] 49.85.79.223 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET / HTTP/1.1" 305
[13/Jun/2024:16:06:51 +0800] 162.216.149.99 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET / HTTP/1.1" 284
[13/Jun/2024:16:33:32 +0800] 185.59.223.68 - - "GET / HTTP/1.0" 362
[13/Jun/2024:16:44:04 +0800] 103.166.86.154 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /cgi-bin/php-cgi.exe?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 204
[13/Jun/2024:16:44:04 +0800] 103.166.86.154 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /php-cgi/php-cgi.exe?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 204
[13/Jun/2024:16:44:04 +0800] 103.166.86.154 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /cgi-bin/php.exe?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 204
[13/Jun/2024:16:44:04 +0800] 103.166.86.154 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /php-cgi/php.exe?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 204
[13/Jun/2024:16:44:04 +0800] 103.166.86.154 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /index.php?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 349
[13/Jun/2024:16:44:04 +0800] 103.166.86.154 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /index.test?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 204
[13/Jun/2024:16:45:13 +0800] 146.70.200.117 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /php-cgi/php-cgi.exe/?%ADd+allow_url_include%3Don+-d+auto_prepend_file%3Dphp%3A//input+-d+cgi.force_redirect%3D0 HTTP/1.1" 204
[13/Jun/2024:16:46:04 +0800] 103.166.86.154 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /cgi-bin/php-cgi.exe?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 204
[13/Jun/2024:16:46:04 +0800] 103.166.86.154 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /php-cgi/php-cgi.exe?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 204
[13/Jun/2024:16:46:04 +0800] 103.166.86.154 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /cgi-bin/php.exe?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 204
[13/Jun/2024:16:46:04 +0800] 103.166.86.154 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /php-cgi/php.exe?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 204
[13/Jun/2024:16:46:05 +0800] 103.166.86.154 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /index.php?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 390
[13/Jun/2024:16:46:05 +0800] 103.166.86.154 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /index.test?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 204
[13/Jun/2024:16:52:17 +0800] 146.70.200.117 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /php-cgi/php-cgi.exe/?%ADd+allow_url_include%3Don+-d+auto_prepend_file%3Dphp%3A//input+-d+cgi.force_redirect%3D0 HTTP/1.1" 204
[13/Jun/2024:17:18:24 +0800] 87.236.176.13 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET / HTTP/1.1" 283
[13/Jun/2024:18:12:37 +0800] 104.234.204.32 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /assets/.git/config HTTP/1.1" 204
[13/Jun/2024:18:23:05 +0800] 104.234.204.32 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /assets/.git/config HTTP/1.1" 204
[13/Jun/2024:18:33:32 +0800] 218.75.105.196 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /index.php?%ADd+allow_url_include%3Don+%ADd+auto_prepend_file%3Dphp%3A//input HTTP/1.1" 294
[13/Jun/2024:18:33:38 +0800] 77.36.2.28 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.1" 204
[13/Jun/2024:18:34:10 +0800] 77.36.2.28 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3D0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.1" 204
[13/Jun/2024:18:40:03 +0800] 66.103.201.244 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET / HTTP/1.1" 345
[13/Jun/2024:18:40:04 +0800] 66.103.201.244 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET / HTTP/1.1" 284
[13/Jun/2024:18:40:05 +0800] 66.103.201.244 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /favicon.ico HTTP/1.1" 204
[13/Jun/2024:18:40:15 +0800] 66.103.201.244 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /favicon.ico HTTP/1.1" 204
[13/Jun/2024:18:40:27 +0800] 66.103.201.244 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /index.php?%ADd%20allow_url_include%3d1%20-d%20auto_prepend_file%3dphp://input HTTP/1.1" 307
[13/Jun/2024:18:41:53 +0800] 123.57.13.121 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET / HTTP/1.1" 290
[13/Jun/2024:18:52:26 +0800] 66.103.201.244 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET / HTTP/1.1" 294
[13/Jun/2024:18:52:26 +0800] 66.103.201.244 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET / HTTP/1.1" 345
[13/Jun/2024:18:52:27 +0800] 66.103.201.244 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /favicon.ico HTTP/1.1" 204
[13/Jun/2024:18:52:38 +0800] 66.103.201.244 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /favicon.ico HTTP/1.1" 204
[13/Jun/2024:18:52:49 +0800] 66.103.201.244 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /index.php?%ADd%20allow_url_include%3d1%20-d%20auto_prepend_file%3dphp://input HTTP/1.1" 257
[13/Jun/2024:19:01:29 +0800] 223.113.128.227 - - "GET / HTTP/1.0" 362
[13/Jun/2024:19:01:38 +0800] 223.113.128.227 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET / HTTP/1.1" 350
[13/Jun/2024:19:01:39 +0800] 223.113.128.227 TLSv1.3 TLS_AES_256_GCM_SHA384 "t3 12.1.2\n" 226
[13/Jun/2024:19:02:31 +0800] 184.94.212.101 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /php-cgi/php-cgi.exe?%add+allow_url_include%3d1+%add+auto_prepend_file%3dphp://input HTTP/1.1" 204
[13/Jun/2024:19:03:01 +0800] 184.94.212.101 TLSv1.3 TLS_AES_256_GCM_SHA384 "POST /php-cgi/php-cgi.exe?%add+allow_url_include%3dOn+-d+auto_prepend_file%3dphp://input+-d+error_reporting%3d0 HTTP/1.1" 204
[13/Jun/2024:19:03:14 +0800] 106.75.101.79 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET / HTTP/1.1" 348
[13/Jun/2024:19:03:16 +0800] 106.75.101.79 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /favicon.ico HTTP/1.1" 204
[13/Jun/2024:19:03:46 +0800] 106.75.101.79 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /robots.txt HTTP/1.1" 204
[13/Jun/2024:19:03:46 +0800] 106.75.101.79 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /sitemap.xml HTTP/1.1" 204
[13/Jun/2024:19:04:20 +0800] 106.75.101.79 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /axis2-admin/ HTTP/1.1" 204
[13/Jun/2024:19:04:35 +0800] 106.75.101.79 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /axis2/ HTTP/1.1" 204
[13/Jun/2024:19:04:50 +0800] 106.75.101.79 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET /axis2/axis2-admin/ HTTP/1.1" 204
[13/Jun/2024:19:38:24 +0800] 52.160.33.137 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /owa/auth/x.js HTTP/1.1" 204
[13/Jun/2024:19:47:22 +0800] 34.22.208.68 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET / HTTP/1.1" 292
[13/Jun/2024:20:43:11 +0800] 172.169.2.103 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /version HTTP/1.1" 204
[13/Jun/2024:21:27:32 +0800] 220.133.168.167 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "POST /php-cgi/php-cgi.exe?%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.1" 204
[13/Jun/2024:21:27:32 +0800] 220.133.168.167 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "POST /php-cgi/php-cgi.exe?%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.1" 204
[13/Jun/2024:21:32:12 +0800] 220.133.168.167 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "POST /php-cgi/php-cgi.exe?%ADd+allow_url_include%3D1+%ADd+auto_prepend_file%3Dphp://input HTTP/1.1" 204
[13/Jun/2024:21:39:09 +0800] 123.57.13.121 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET / HTTP/1.1" 256
附上大神给出的防范方法
PHP CGI漏洞https://www.163.com/dy/article/J4GA0GDN05567S03.html
