If there is an input, it must have been scanned by the line.
I've had the time of the SQL injection on the site before.
In general, there will be an injection of the scan with a keyword
such as what hex select Concat from Information_schema union and so on these key
I'll post a log here.
shop/product/129.html?cid=324+and%28select+1+from%28select+count%28*%29%2cconcat%28%28select+%28select+concat% 280x7e%2c0x27%2cunhex%28hex%28cast%28database%28%29+as+char%29%29%29%2c0x27%2c0x7e%29%29+from+%60information_ Schema%60.tables+limit+0%2c1%29%2cfloor%28rand%280%29*2%29%29x+from+%60information_schema%60.tables+group+by+x %29a%29+and+1%3d1
Like having such access to the IP don't want to drop it directly
So we can write a script to check the log status of the server as long as it involves these things you can write these IP to a log file to do the analysis or directly kill
This article is from the "believe it or not you" blog, please be sure to keep this source http://312461613.blog.51cto.com/965442/1530217