广西移动一处Elasticsearch配置不当/可任意操作/涉及大量敏感信息(用户手机号码/IMEI/IMSI/上网时间/地点等)

1.://**.**.**/_
 *****542494b803e8938a0202.png&qu*****
 2.://**.**.**/_plugin/head/_
 *****广西*****
 *****91d4955b6cbbda450018.png&qu*****
 3.://**.**.**/_plugin/head/_
 *****2018e69ae1a7e48afc82.png&qu*****
 **********
 *****e>*****
 ***** ".ki*****
 *****"dash*****
 *****西移动缓*****
 *****ion&qu*****
 *****e"*****
 *****ce&quo*****
 *****西移动缓*****
 *****s&quo*****
 *****": &*****
 *****l":4,"id":"广西移动回源吐出速率","row":1,"size_x":3,"size_y":2,"type":"visualization"},{"col":4,"id":"广西移动ats状态码分布","row":6,"size_x":3,"size_y":3,"type":"visualization"},{"col":7,"id":"*****
 *****on&quo*****
 *****re"*****
 *****ObjectMet*****
 *****query_string":{"analyze_wildcard*****
 *****
 *****
 *****
 *****
 *****ode&*****
 **********
 *****/IMSI/上网*****
 **********
 *****e>*****
 ***** "log*****
 *****: "w*****
 *****AVI-vc0Bb6s_*****
 *****ion&qu*****
 *****e"*****
 *****ce&quo*****
 *****.**.**,中华人民共和国,海南省,海口市,3gnet,中国联通移动网,省内漫游,2016/01/12/15/53/45-600523929,**.**.**.******
 *****ot*****
 *****ot;: &quo*****
 *****;2016-01-14T06:*****
 *****quot;**.*******
 *****quot;/tmp/*****
 ***** "w-*****
 *****16-01-12 15:53:*****
 *****016-01-12 15:5*****
 *****"460011*****
 *****t;: "i*****
 *****;01360500266*****
 *****uot;: &quo*****
 *****;: "*****
 *****ot;: "*****
 *****ot;60000:HTTP*****
 *****ot;: "*****
 *****: "文*****
 ***** "HK*****
 *****quot;**.*******
 *****t;: "*****
 *****: "*****
 *****09A0文昌抱*****
 ***** "超时*****
 *****"**.*******
 *****t;中华人*****
 ***** "海*****
 *****quot;海*****
 *****"3gn*****
 *****t;中国联*****
 *****;: "省*****
 *****/01/12/15/53/45*****
 *****quot;**.**.*****
 *****": &qu*****
 *****_time&quo*****
 *****"首*****
 *****quot;**.*******
 *****ow&quo*****
 *****ow"*****
 *****cket&q*****
 *****"*****
 *****cket&qu*****
 *****n_time&qu*****
 *****n_byte&qu*****
 *****quot;: &q*****
 *****y": &*****
 *****ce": *****
 *****": &*****
 *****ot;: &quo*****
 *****quot;: &q*****
 *****_delay&*****
 *****ss_delay*****
 *****quot;: &q*****
 *****count&qu*****
 *****TL&quo*****
 *****quot;: &q*****
 *****elay&q*****
 *****_count&q*****
 *****delay&q*****
 *****y_count&q*****
 *****ay"*****
 *****_count&q*****
 *****up_count&*****
 *****down_coun*****
 *****_size"*****
 *****wn_size&qu*****
 *****count&q*****
 *****delay&q*****
 *****count&qu*****
 *****delay&qu*****
 *****_count&q*****
 *****_byte&qu*****
 *****;: "*****
 *****ount&q*****
 *****ay"*****
 *****delay&qu*****
 *****try_count*****
 *****: "*****
 *****;: &quo*****
 *****t;: "*****
 *****delay&q*****
 *****se_delay*****
 *****delay&qu*****
 *****se_delay&*****
 *****_delay&q*****
 *****cess_delay*****
 *****uot;: &qu*****
 *****lay": *****
 *****y": &*****
 *****delay":*****
 *****ot;: &quo*****
 *****op_count*****
 *****q_delay&*****
 *****ccess_dela*****
 *****n_req_dela*****
 *****q_success_de*****
 *****_req_dela*****
 *****uccess_del*****
 *****_delay&*****
 *****cess_dela*****
 *****q_delay&q*****
 *****ccess_del*****
 *****q_delay&*****
 *****ess_delay*****
 *****ot;: &quo*****
 *****count&qu*****
 *****delay&q*****
 *****s_delay&*****
 *****_delay&*****
 *****cess_dela*****
 *****count&qu*****
 *****count&qu*****
 *****delay&qu*****
 *****y_delay&*****
 *****count&qu*****
 *****y_count&*****
 *****ta_count&*****
 *****data_coun*****
 *****;: "1*****
 *****ot*****
 *****
 *****
 *****ode&*****
 **********
 *****e>*****
 ***** "log*****
 *****: "w*****
 *****AVI-vcyHb6s_*****
 *****ion&qu*****
 *****e"*****
 *****ce&quo*****
 *****/34-600489713,**.**.**.**,TCP,2026,首页,**.**.**.**,2596,77212,45,1149.83,58,540,79476,中国联通移动网,中华人民共和国,广东省,,,,,,,,,,0,,*****
 *****ot*****
 *****ot;: &quo*****
 *****;2016-01-14T06:*****
 *****quot;**.*******
 *****quot;/tmp/*****
 ***** "w-*****
 *****16-01-12 08:22:*****
 *****016-01-12 08:2*****
 *****"460018*****
 *****t;: "3*****
 *****;35203007216*****
 *****uot;: &quo*****
 *****;: "*****
 *****ot;: "*****
 *****quot;: &qu*****
 *****ot;: "*****
 *****": &*****
 ***** "HK*****
 *****quot;HKSAE*****
 *****t;: "*****
 *****: "*****
 *****ot;46001586*****
 *****;: "正*****
 *****"**.*******
 *****t;中华人*****
 ***** "海*****
 *****quot;海*****
 *****"3gn*****
 *****t;中国联*****
 *****;: "国*****
 *****/01/12/08/22/34*****
 *****quot;**.**.*****
 *****": &qu*****
 *****_time&quo*****
 *****"首*****
 *****quot;**.*******
 *****":*****
 *****ow"*****
 *****et"*****
 *****"*****
 *****cket&qu*****
 *****n_time&qu*****
 *****n_byte&qu*****
 *****ot;中国联*****
 *****"中华人*****
 *****: "广*****
 *****ot;: &quo*****
 *****quot;: &q*****
 *****_delay&*****
 *****ss_delay*****
 *****quot;: &q*****
 *****count&qu*****
 *****TL&quo*****
 *****quot;: &q*****
 *****elay&q*****
 *****_count&q*****
 *****delay&q*****
 *****y_count&q*****
 *****elay&q*****
 *****_count&q*****
 *****up_count&*****
 *****down_coun*****
 *****count&q*****
 *****lay"*****
 *****unt"*****
 *****delay&qu*****
 *****_count&q*****
 *****_byte&qu*****
 *****;: "*****
 *****ount&q*****
 *****elay&q*****
 *****delay&qu*****
 *****try_count*****
 *****: "*****
 ***** "1*****
 *****t;: "*****
 *****delay&q*****
 *****se_delay*****
 *****delay&qu*****
 *****se_delay&*****
 *****_delay&q*****
 *****cess_delay*****
 *****lay&quo*****
 *****se_delay&*****
 *****_delay&q*****
 *****cess_delay*****
 *****ot;: &quo*****
 *****op_count*****
 *****q_delay&*****
 *****ccess_dela*****
 *****n_req_dela*****
 *****q_success_de*****
 *****_req_dela*****
 *****uccess_del*****
 *****_delay&*****
 *****cess_dela*****
 *****q_delay&q*****
 *****ccess_del*****
 *****q_delay&*****
 *****ess_delay*****
 *****ot;: &quo*****
 *****count&qu*****
 *****delay&q*****
 *****s_delay&*****
 *****_delay&*****
 *****cess_dela*****
 *****count&qu*****
 *****count&qu*****
 *****delay&qu*****
 *****y_delay&*****
 *****count&qu*****
 *****y_count&*****
 *****ta_count&*****
 *****data_coun*****
 *****ot;: &quo*****
 *****
 *****
 *****ode&*****
 **********
 **********
 *****b1380688cde933168d25.png&qu*****
 **********
 *****3c09b0e467e78850b364.png&qu*****
 **********
 *****12w*****
 **********
 *****f27a54541a248e572bf45f.png*****
 

{
 "_index": ".kibana",
 "_type": "dashboard",
 "_id": "广西移动缓存状态",
 "_version": 9,
 "_score": 1,
 "_source": {
 "title": "广西移动缓存状态",
 "hits": 0,
 "description": "",
 "panelsJSON": "[{"col":7,"id":"广西各ats每秒访问次数","row":1,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"广西移动atsHIT-slash-MISS-slash-ERR比例","row":6,"size_x":3,"size_y":3,"type":"visualization"},{"col":1,"id":"湖南移动ats每秒访问次数","row":1,"size_x":3,"size_y":2,"type":"visualization"},{"col":10,"id":"广西移动各台ats请求次数比","row":1,"size_x":3,"size_y":2,"type":"visualization"},{"col":4,"id":"广西移动回源吐出速率","row":1,"size_x":3,"size_y":2,"type":"visualization"},{"col":4,"id":"广西移动ats状态码分布","row":6,"size_x":3,"size_y":3,"type":"visualization"},{"col":7,"id":"广西移动ats流量top50域名及其回源流量","row":3,"size_x":6,"size_y":3,"type":"visualization"},{"id":"广西移动ats响应错误次数top、","type":"visualization","size_x":6,"size_y":3,"col":1,"row":3},{"id":"ats单个域名总流量","type":"visualization","size_x":3,"size_y":3,"col":7,"row":6}]",
 "version": 1,
 "timeRestore": false,
 "kibanaSavedObjectMeta": {
 "searchSourceJSON": "{"filter":[{"query":{"query_string":{"analyze_wildcard":true,"query":"*"}}}]}"
 }
 }
 }

{
 "_index": "log_youku",
 "_type": "w-log",
 "_id": "AVI-vc0Bb6s_dT585pUZ",
 "_version": 1,
 "_score": 1,
 "_source": {
 "message": "2016-01-12 15:53:45.817000,2016-01-12 15:53:48.206000,460011951963824,iPhone4S,0136050026673423,3G,浏览,优酷,60000:HTTP超时未响应,无响应,文昌市,HKMME05,**.**.**.**,,,WCW0509A0文昌抱罗东排W1,超时未合成,**.**.**.**,中华人民共和国,海南省,海口市,3gnet,中国联通移动网,省内漫游,2016/01/12/15/53/45-600523929,**.**.**.**,TCP,2388,首页,**.**.**.**,874,92,4,2.83,2,2237,810,,,,,,,,,,,,,0,,62,,118,,3,1,212991,6760,1,70,,,,,get,1,151,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,0,0,0,0,0,13111925386
 ",
 "@version": "1",
 "@timestamp": "2016-01-14T06:06:12.048Z",
 "host": "**.**.**.**",
 "path": "/tmp/a.log",
 "type": "w-log",
 "start_t": "2016-01-12 15:53:45.817000",
 "stop_t": "2016-01-12 15:53:48.206000",
 "user_IMSI": "460011951963824",
 "client_type": "iPhone4S",
 "IMEI": "0136050026673423",
 "access_type": "3G",
 "event_type": "浏览",
 "event_sub_type": "优酷",
 "faild_reason": "60000:HTTP超时未响应",
 "process_result": "无响应",
 "access_city": "文昌市",
 "SGSN": "HKMME05",
 "GGSN": "**.**.**.**",
 "RNC_BSC": "",
 "RAC": "",
 "CELL": "WCW0509A0文昌抱罗东排W1",
 "synthetic_mark": "超时未合成",
 "user_ip": "**.**.**.**",
 "country": "中华人民共和国",
 "province": "海南省",
 "city": "海口市",
 "APN": "3gnet",
 "dst_ISP": "中国联通移动网",
 "roaming_type": "省内漫游",
 "TDRID": "2016/01/12/15/53/45-600523929",
 "DST_IP": "**.**.**.**",
 "connection_type": "TCP",
 "application_time": 2388,
 "XDR": "首页",
 "HOST": "**.**.**.**",
 "up_flow": 874,
 "down_flow": 92,
 "up_packet": 4,
 "speed": 2,
 "down_packet": 2,
 "transmission_time": 2237,
 "transmission_byte": 810,
 "client_isp": "",
 "client_country": "",
 "client_province": "",
 "client_city": "",
 "DNS_type": "",
 "DNS_result": "",
 "DNS_req_delay": 0,
 "DNS_success_delay": 0,
 "DNS_domain": "",
 "DNS_tran_count": 0,
 "DNS_TTL": 0,
 "DNS_server": "",
 "syn_delay": 0,
 "syn_retry_count": 0,
 "synACK_delay": 62,
 "synACK_retry_count": 0,
 "ack_delay": 118,
 "ack_retry_count": 0,
 "tcp_window_up_count": 3,
 "tcp_window_down_count": 1,
 "tcp_window_up_size": 212991,
 "tcp_window_down_size": 6760,
 "up_RTT_count": 1,
 "up_RTT_delay": 70,
 "down_RTT_count": 0,
 "down_RTT_delay": 0,
 "tcp_retry_count": 0,
 "tcp_retry_byte": 0,
 "method": "get",
 "req_count": 1,
 "req_delay": 151,
 "response_delay": 0,
 "response_retry_count": 0,
 "URL": "",
 "UA": "",
 "IM_type": "",
 "IM_req_delay": 0,
 "IM_response_delay": 0,
 "smtp_req_delay": 0,
 "smtp_response_delay": 0,
 "smtp_send_delay": 0,
 "smtp_send_success_delay": 0,
 "pop_delay": "",
 "pop_response_delay": "",
 "pop_resv_delay": "",
 "pop_resv_success_delay": "",
 "stream_q": "",
 "stream_stop_count": 0,
 "stream_req_delay": 0,
 "stream_req_success_delay": 0,
 "stream_session_req_delay": 0,
 "stream_session_req_success_delay": 0,
 "stream_down_req_delay": 0,
 "stream_down_success_delay": 0,
 "ftp_req_delay": 0,
 "ftp_req_success_delay": 0,
 "ftp_down_req_delay": 0,
 "ftp_down_success_delay": 0,
 "ftp_up_req_delay": 0,
 "ftp_up_success_delay": 0,
 "peer_num": "",
 "peer_num_count": 0,
 "cx_req_delay": 0,
 "cx_success_delay": 0,
 "cx_resv_delay": 0,
 "cx_resv_success_delay": 0,
 "ack_pack_count": 0,
 "date_ack_count": 0,
 "up_retry_delay": 0,
 "down_retry_delay": 0,
 "up_retry_count": 0,
 "down_retry_count": 0,
 "up_retry_data_count": 0,
 "down_retry_data_count": 0,
 "user_num": "13111925386
 "
 }
 }

{
 "_index": "log_youku",
 "_type": "w-log",
 "_id": "AVI-vcyHb6s_dT585pRt",
 "_version": 1,
 "_score": 1,
 "_source": {
 "message": "2016-01-12 08:22:34.656000,2016-01-12 08:22:36.682000,460018979902282,35203007,3520300721647006,3G,浏览,优酷,,成功,,HKMME05,HKSAEGW03,,,460015863108330,正常合成,**.**.**.**,中华人民共和国,海南省,海口市,3gnet,中国联通移动网,国内漫出,2016/01/12/08/22/34-600489713,**.**.**.**,TCP,2026,首页,**.**.**.**,2596,77212,45,1149.83,58,540,79476,中国联通移动网,中华人民共和国,广东省,,,,,,,,,,0,,66,,97,,44,57,128689,15848,1,66,33,93,1,1,get,1,117,183,,**.**.**.**/051000005693d29e6714c05b2d0038dd ,tudou/15120714 cfnetwork/711.4.6 darwin/14.0.0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,0,0,0,0,1,13198935212
 ",
 "@version": "1",
 "@timestamp": "2016-01-14T06:06:12.075Z",
 "host": "**.**.**.**",
 "path": "/tmp/a.log",
 "type": "w-log",
 "start_t": "2016-01-12 08:22:34.656000",
 "stop_t": "2016-01-12 08:22:36.682000",
 "user_IMSI": "460018979902282",
 "client_type": "35203007",
 "IMEI": "3520300721647006",
 "access_type": "3G",
 "event_type": "浏览",
 "event_sub_type": "优酷",
 "faild_reason": "",
 "process_result": "成功",
 "access_city": "",
 "SGSN": "HKMME05",
 "GGSN": "HKSAEGW03",
 "RNC_BSC": "",
 "RAC": "",
 "CELL": "460015863108330",
 "synthetic_mark": "正常合成",
 "user_ip": "**.**.**.**",
 "country": "中华人民共和国",
 "province": "海南省",
 "city": "海口市",
 "APN": "3gnet",
 "dst_ISP": "中国联通移动网",
 "roaming_type": "国内漫出",
 "TDRID": "2016/01/12/08/22/34-600489713",
 "DST_IP": "**.**.**.**",
 "connection_type": "TCP",
 "application_time": 2026,
 "XDR": "首页",
 "HOST": "**.**.**.**",
 "up_flow": 2596,
 "down_flow": 77212,
 "up_packet": 45,
 "speed": 1149,
 "down_packet": 58,
 "transmission_time": 540,
 "transmission_byte": 79476,
 "client_isp": "中国联通移动网",
 "client_province": "中华人民共和国",
 "client_city": "广东省",
 "DNS_type": "",
 "DNS_result": "",
 "DNS_req_delay": 0,
 "DNS_success_delay": 0,
 "DNS_domain": "",
 "DNS_tran_count": 0,
 "DNS_TTL": 0,
 "DNS_server": "",
 "syn_delay": 0,
 "syn_retry_count": 0,
 "synACK_delay": 0,
 "synACK_retry_count": 66,
 "ack_delay": 0,
 "ack_retry_count": 97,
 "tcp_window_up_count": 0,
 "tcp_window_down_count": 44,
 "up_RTT_count": 57,
 "up_RTT_delay": 128689,
 "down_RTT_count": 15848,
 "down_RTT_delay": 1,
 "tcp_retry_count": 66,
 "tcp_retry_byte": 33,
 "method": "93",
 "req_count": 1,
 "req_delay": 1,
 "response_delay": 0,
 "response_retry_count": 1,
 "URL": "117",
 "UA": "183",
 "IM_type": "",
 "IM_req_delay": 0,
 "IM_response_delay": 0,
 "smtp_req_delay": 0,
 "smtp_response_delay": 0,
 "smtp_send_delay": 0,
 "smtp_send_success_delay": 0,
 "post_delay": 0,
 "post_response_delay": 0,
 "post_resv_delay": 0,
 "post_resv_success_delay": 0,
 "stream_q": "",
 "stream_stop_count": 0,
 "stream_req_delay": 0,
 "stream_req_success_delay": 0,
 "stream_session_req_delay": 0,
 "stream_session_req_success_delay": 0,
 "stream_down_req_delay": 0,
 "stream_down_success_delay": 0,
 "ftp_req_delay": 0,
 "ftp_req_success_delay": 0,
 "ftp_down_req_delay": 0,
 "ftp_down_success_delay": 0,
 "ftp_up_req_delay": 0,
 "ftp_up_success_delay": 0,
 "peer_num": "",
 "peer_num_count": 0,
 "cx_req_delay": 0,
 "cx_success_delay": 0,
 "cx_resv_delay": 0,
 "cx_resv_success_delay": 0,
 "ack_pack_count": 0,
 "date_ack_count": 0,
 "up_retry_delay": 0,
 "down_retry_delay": 0,
 "up_retry_count": 0,
 "down_retry_count": 0,
 "up_retry_data_count": 0,
 "down_retry_data_count": 0,
 "user_num": "0"
 }
 }