所以基本上我的网站无法访问,我去日志文件夹查看出了什么问题,并注意到来自各种 IP 的很多奇怪的请求:
155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
162.247.74.206 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
162.247.74.206 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
162.247.74.206 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
162.247.74.206 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
162.247.74.206 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
209.141.45.189 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
162.247.74.206 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
162.247.74.206 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
209.141.45.189 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
185.220.100.252 - - [30/Mar/2020:20:23:56 +0300] "GET / HTTP/1.0" 200 6344 "-" "Google Bot"
209.141.45.189 - - [30/Mar/2020:20:23:56 +0300] "GET / HTTP/1.0" 200 6344 "-" "Google Bot"
162.247.74.206 - - [30/Mar/2020:20:23:56 +0300] "GET / HTTP/1.0" 200 6344 "-" "Google Bot"
155.4.117.13 - - [30/Mar/2020:20:23:56 +0300] "GET / HTTP/1.0" 200 6344 "-" "Google Bot"
我想知道这是不是某种攻击。
做了一些whois查询,例如这个ip 185.220.100.252来自德国,“tor-exit-1.zbau.f3netze.de”
如何保护服务器免受此类攻击?
他们喜欢每分钟数千个请求,而我无法访问我自己的网站。
Error.log 说:
AH00161: server reached MaxRequestWorkers setting, consider raising the MaxRequestWorkers setting
(我不是网站管理员,我根据自己的需要托管了一个小网站,但不知道如何反应。)
小智 5
这正是fail2ban被发明来覆盖的场景。我建议你在这里看看:https : //www.fail2ban.org/wiki/index.php/Main_Page
可能“坏人”监狱会立即处理这个问题,如果没有,编写自定义监狱/过滤器集来处理它并不困难。
现在,看到它们的 IP 似乎受到限制,我建议通过 iptables 禁止这些 IP:
iptables -I INPUT -s 185.220.100.252 -j DROP
这当然是fail2ban所做的(将IP添加到iptables),但fail2ban会自动完成。它会保护您免受这种攻击,而您甚至不会注意到。