hug*_*ugo 5 bots nginx spam-prevention spam amazon-waf
我有一个通过 AWS CloudFront 提供服务的网站。我在我的 nginx 日志中收到了大量类似这样的条目:
nginx_1 | 103.241.51.144 - - [09/Aug/2020:16:03:08 +0000] "GET /mysql/admin/index.php HTTP/1.1" 200 2311 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" "-"
nginx_1 | 195.54.160.21 - - [09/Aug/2020:16:20:26 +0000] "GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1" 200 2311 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" "-"
nginx_1 | 172.93.99.2 - - [09/Aug/2020:17:23:44 +0000] "POST /boaform/admin/formLogin HTTP/1.1" 405 157 "http://52.xxx.xx.xx:80/admin/login.asp" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0" "-"
nginx_1 | 172.93.99.2 - - [09/Aug/2020:17:23:44 +0000] "" 400 0 "-" "-" "-"
nginx_1 | 83.97.20.29 - - [09/Aug/2020:17:30:02 +0000] "GET / HTTP/1.0" 400 157 "-" "-" "-"
nginx_1 | 44.225.84.206 - - [09/Aug/2020:20:18:31 +0000] "GET http://[::ffff:a9fe:a9fe]/ HTTP/1.1" 200 2311 "-" "AWS Security Scanner" "-"
nginx_1 | 44.225.84.206 - - [09/Aug/2020:20:18:32 +0000] "CONNECT 52.xxx.xx.xx:80 HTTP/1.0" 400 157 "-" "-" "-"
nginx_1 | 44.225.84.206 - - [09/Aug/2020:20:18:33 +0000] "\x16\x03\x01\x00\xD2\x01\x00\x00\xCE\x03\x03\x14\x02l\xA2\x05\xBF\xBD\xBA7<\x09\x5C\xCAP\x1DM\x93a{\xFC\xC9\xC5\x1FJ\xA4Y\xC7~\x95\xBD\x1D\xC0\x00\x00b\xC00\xC0,\xC0/\xC0+\x00\x9F\x00\x9E\xC02\xC0.\xC01\xC0-\x00\xA5\x00\xA1\x00\xA4\x00\xA0\xC0(\xC0$\xC0\x14\xC0" 400 157 "-" "-" "-"
nginx_1 | 172.93.99.2 - - [10/Aug/2020:03:57:57 +0000] "POST /boaform/admin/formLogin HTTP/1.1" 405 157 "http://52.xxx.xx.xx:80/admin/login.asp" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0" "-"
在我努力阻止机器人/黑客攻击的过程中,我使用以下托管规则实施了 AWS WAF:
对于“不匹配任何规则的请求的默认 Web ACL 操作”,我将其设置为“允许”。结合起来,它们有 975/1500 WCU,但似乎仍然没有改进。我也尝试通过 IP Set 进行阻止,但无济于事,因为 IP 地址不断变化。
难道我做错了什么?有没有人有改善这个的建议?
| 归档时间: |
|
| 查看次数: |
1877 次 |
| 最近记录: |