免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
最近访问板块 发新帖
查看: 1837 | 回复: 9

[Web] 服务器被攻击,,,急急急急急 [复制链接]

论坛徽章:
0
发表于 2009-08-03 12:08 |显示全部楼层
www.hi47.com 119.120.77.30 - - [03/Aug/2009:12:17:09 +0800] "GET / HTTP/1.1" 200 33 "-" "-"
www.hi47.com 118.232.247.150 - - [03/Aug/2009:12:17:09 +0800] "GET / HTTP/1.1" 200 33 "-" "-"
www.hi47.com 203.155.20.40 - - [03/Aug/2009:12:17:09 +0800] "GET / HTTP/1.1" 200 33 "-" "-"
www.hi47.com 118.169.13.198 - - [03/Aug/2009:12:17:09 +0800] "GET / HTTP/1.1" 200 33 "-" "-"
www.hi47.com 118.169.13.198 - - [03/Aug/2009:12:17:09 +0800] "GET / HTTP/1.1" 200 33 "-" "-"
www.hi47.com 203.155.20.40 - - [03/Aug/2009:12:17:06 +0800] "GET / HTTP/1.1" 200 33 "-" "-"
www.hi47.com 60.221.10.62 - - [03/Aug/2009:12:17:09 +0800] "GET / HTTP/1.1" 200 33 "-" "-"
www.hi47.com 118.232.247.150 - - [03/Aug/2009:12:17:09 +0800] "GET / HTTP/1.1" 200 33 "-" "-"
www.hi47.com 60.165.253.225 - - [03/Aug/2009:12:17:09 +0800] "GET / HTTP/1.1" 200 33 "-" "-"
www.hi47.com 203.155.20.40 - - [03/Aug/2009:12:17:09 +0800] "GET / HTTP/1.1" 200 33 "-" "-"
www.hi47.com 122.165.29.234 - - [03/Aug/2009:12:17:09 +0800] "GET / HTTP/1.1" 200 33 "-" "-"
www.hi47.com 119.120.77.30 - - [03/Aug/2009:12:17:09 +0800] "GET / HTTP/1.1" 200 33 "-" "-"
www.hi47.com 118.169.13.198 - - [03/Aug/2009:12:17:09 +0800] "GET / HTTP/1.1" 200 33 "-" "-"
www.hi47.com 119.120.77.30 - - [03/Aug/2009:12:17:08 +0800] "GET / HTTP/1.1" 200 33 "-" "-"
www.hi47.com 119.120.77.30 - - [03/Aug/2009:12:17:09 +0800] "GET / HTTP/1.1" 200 33 "-" "-"
www.hi47.com 60.221.10.62 - - [03/Aug/2009:12:17:09 +0800] "GET / HTTP/1.1" 200 33 "-" "-"
www.hi47.com 119.117.66.115 - - [03/Aug/2009:12:17:08 +0800] "GET / HTTP/1.1" 200 33 "-" "-"
www.hi47.com 115.240.0.96 - - [03/Aug/2009:12:17:08 +0800] "GET / HTTP/1.1" 200 33 "-" "-"
www.hi47.com 119.120.77.30 - - [03/Aug/2009:12:17:09 +0800] "GET / HTTP/1.1" 200 33 "-" "-"
www.hi47.com 203.155.20.40 - - [03/Aug/2009:12:17:09 +0800] "GET / HTTP/1.1" 200 33 "-" "-"
www.hi47.com 203.155.20.40 - - [03/Aug/2009:12:17:09 +0800] "GET / HTTP/1.1" 200 33 "-" "-"
www.hi47.com 203.155.20.40 - - [03/Aug/2009:12:17:09 +0800] "GET / HTTP/1.1" 200 33 "-" "-"
www.hi47.com 203.155.20.40 - - [03/Aug/2009:12:17:09 +0800] "GET / HTTP/1.1" 200 33 "-" "-"
www.hi47.com 203.155.20.40 - - [03/Aug/2009:12:17:09 +0800] "GET / HTTP/1.1" 200 33 "-" "-"
www.hi47.com 119.120.77.30 - - [03/Aug/2009:12:17:09 +0800] "GET / HTTP/1.1" 200 33 "-" "-"
www.hi47.com 119.120.77.30 - - [03/Aug/2009:12:17:09 +0800] "GET / HTTP/1.1" 200 33 "-" "-"
www.hi47.com 203.155.20.40 - - [03/Aug/2009:12:17:09 +0800] "GET / HTTP/1.1" 200 33 "-" "-"
www.hi47.com 119.120.77.30 - - [03/Aug/2009:12:17:09 +0800] "GET / HTTP/1.1" 200 33 "-" "-"

论坛徽章:
0
发表于 2009-08-03 14:50 |显示全部楼层
看样子是CC   限制每个IP的并发数吧  然后首页文件不要用php的  用一个静态页面做跳转

apache的话换成nginx   让他CC静态页面去

论坛徽章:
0
发表于 2009-08-03 15:13 |显示全部楼层
sysctl.conf 打开sys_cookies 验证,但打开了,发现打开网站超慢。

如果按这样才改的话操作很庥麻烦,,呵呵,



还有其它处理这种攻击的方法吗

论坛徽章:
2
2015年辞旧岁徽章
日期:2015-03-03 16:54:1515-16赛季CBA联赛之上海
日期:2016-05-05 09:45:14
发表于 2009-08-03 16:25 |显示全部楼层
apache,,限制同IP防问页数

论坛徽章:
0
发表于 2009-08-06 15:18 |显示全部楼层

一些方法

sysctl -w net.ipv4.tcp_max_syn_backlog=2048


sysctl -w net.ipv4.tcp_syncookies=1


sysctl -w net.ipv4.tcp_synack_retries=3

sysctl -w net.ipv4.tcp_syn_retries=3

页面做静态化

统计攻击IP
加入
IPTABLES
-A RH-Firewall-1-INPUT -s x.x.x.x -j REJECT
-A RH-Firewall-1-INPUT -s x.x.x.x -j DROP
.
.
.
.

论坛徽章:
0
发表于 2009-08-06 16:03 |显示全部楼层
原帖由 zgkt111 于 2009-8-6 15:18 发表
sysctl -w net.ipv4.tcp_max_syn_backlog=2048


sysctl -w net.ipv4.tcp_syncookies=1


sysctl -w net.ipv4.tcp_synack_retries=3

sysctl -w net.ipv4.tcp_syn_retries=3

页面做静态化

统计攻 ...



我给你一段代码  
  1. pass in quick on lo0 all
  2. pass out quick on lo0 all

  3. table <WEBbruteforce> persist
  4. block quick from <WEBbruteforce>
  5. pass quick inet proto tcp from any to any port 80 keep state (max-src-conn 10, max-src-conn-rate 200/5,overload <WEBbruteforce> flush global)

  6. pass in quick on fxp0 from any to any
  7. pass out quick on fxp0 from any to any
复制代码


http://www.thismail.org/bbs/thread-3392-1-2.html

论坛徽章:
8
综合交流区版块每周发帖之星
日期:2015-12-02 15:03:53数据库技术版块每日发帖之星
日期:2015-10-02 06:20:00IT运维版块每日发帖之星
日期:2015-10-02 06:20:00IT运维版块每日发帖之星
日期:2015-09-14 06:20:00金牛座
日期:2014-10-10 11:23:34CU十二周年纪念徽章
日期:2013-10-24 15:41:34酉鸡
日期:2013-10-19 10:17:1315-16赛季CBA联赛之北京
日期:2017-03-06 15:12:44
发表于 2009-08-10 18:00 |显示全部楼层
用一些iptables的插件吧

论坛徽章:
1
金牛座
日期:2014-05-29 15:55:47
发表于 2009-08-10 18:07 |显示全部楼层
添加一个squid,设置浏览器信息为空的禁止访问。

论坛徽章:
0
发表于 2009-08-10 18:21 |显示全部楼层
原帖由 iceblood 于 2009-8-10 18:07 发表
添加一个squid,设置浏览器信息为空的禁止访问。

假如他跟一个存在的地址呢?老大。

论坛徽章:
0
发表于 2009-08-11 13:10 |显示全部楼层
cc 攻击 可以在apache加模块防止,效果可以的。
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP