论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2010-01-25 16:05 |只看该作者 |倒序浏览

外部网页服务器apache+iptables,经常被恶意攻击,一攻击APACHE就档掉,重启APACHE又档掉,要把攻击的IP禁止了才能开启APACHE,过一会又换一个IP来,但IP都是同一段,每次攻击的IP段又不一样,请看日志:拼命的下载网站附件,直档掉为止.

222.85.70.242 - - [15/Jan/2010:21:05:06 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 20480
222.85.70.242 - - [15/Jan/2010:21:05:06 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 20480
222.85.70.242 - - [15/Jan/2010:21:05:12 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 5242880
124.115.0.161 - - [15/Jan/2010:21:05:56 +0800] "GET /bds/showProduct.php?idd=14 HTTP/1.1" 200 7180
222.85.70.242 - - [15/Jan/2010:21:05:21 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 5242880
222.85.70.242 - - [15/Jan/2010:21:05:26 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 5242880
124.115.0.161 - - [15/Jan/2010:21:06:07 +0800] "GET /bds/css/css/style.css HTTP/1.1" 404 285
222.85.70.242 - - [15/Jan/2010:21:05:21 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 5242880
222.85.70.242 - - [15/Jan/2010:21:05:55 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 5237120
222.85.70.242 - - [15/Jan/2010:21:05:14 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 3181183
222.85.70.242 - - [15/Jan/2010:21:06:24 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 5176640
222.85.70.242 - - [15/Jan/2010:21:05:20 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 5242880
203.208.60.227 - - [15/Jan/2010:21:06:40 +0800] "GET /index.php/bds/swf/toycenter/toycenter/bds/news/20090922/swf/newjoin.php?theid=n001 HTTP/1.1" 200 13261
220.181.94.219 - - [15/Jan/2010:21:06:48 +0800] "GET /robots.txt HTTP/1.1" 304 -
222.85.70.242 - - [15/Jan/2010:21:05:19 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 5242880
222.85.70.242 - - [15/Jan/2010:21:06:36 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 5166560
222.85.70.242 - - [15/Jan/2010:21:07:08 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 2900747
222.85.70.242 - - [15/Jan/2010:21:06:28 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 5083040
222.85.70.242 - - [15/Jan/2010:21:07:24 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 2858987
222.85.70.242 - - [15/Jan/2010:21:07:42 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 5097440
222.85.70.242 - - [15/Jan/2010:21:07:11 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 5204000
222.85.70.242 - - [15/Jan/2010:21:07:42 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 5018604
203.208.60.219 - - [15/Jan/2010:21:08:26 +0800] "GET /news/20090922/Welcome%20to%20join%20The%20Fourth%20Asia-Pacific%20Robot%20Championship.pdf HTTP/1.1" 304 -
222.85.70.242 - - [15/Jan/2010:21:07:50 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 2843147
222.85.70.242 - - [15/Jan/2010:21:07:38 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 4933280
222.85.70.242 - - [15/Jan/2010:21:08:06 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 5067200
222.85.70.242 - - [15/Jan/2010:21:08:43 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 5242880
222.85.70.242 - - [15/Jan/2010:21:08:43 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 5009600
222.85.70.242 - - [15/Jan/2010:21:08:33 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 4818080
222.85.70.242 - - [15/Jan/2010:21:08:49 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 4907724
67.195.114.232 - - [15/Jan/2010:21:09:15 +0800] "GET /robots.txt HTTP/1.0" 404 271
222.85.70.242 - - [15/Jan/2010:21:08:32 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 4809440
203.208.60.226 - - [15/Jan/2010:21:09:24 +0800] "GET /news/20070608_001/001.jpg HTTP/1.1" 304 -
222.85.70.242 - - [15/Jan/2010:21:08:52 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 4907360
222.85.70.242 - - [15/Jan/2010:21:09:08 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 4806560
67.195.114.232 - - [15/Jan/2010:21:09:16 +0800] "GET /investor/0203Eng.pdf HTTP/1.0" 200 1137247
222.85.70.242 - - [15/Jan/2010:21:09:33 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 4881804
222.85.70.242 - - [15/Jan/2010:21:09:49 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 4717280
218.23.59.154 - - [15/Jan/2010:21:10:03 +0800] "GET /nazha/images/new_index_r10_c1.jpg HTTP/1.1" 200 9702
222.85.70.242 - - [15/Jan/2010:21:08:20 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 2830187
222.85.70.242 - - [15/Jan/2010:21:09:56 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 4916000
222.85.70.242 - - [15/Jan/2010:21:09:14 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 4793600
222.85.70.242 - - [15/Jan/2010:21:08:42 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 4669760
222.85.70.242 - - [15/Jan/2010:21:10:15 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 4865964
222.85.70.242 - - [15/Jan/2010:21:11:14 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 4897280
221.226.167.167 - - [15/Jan/2010:21:11:37 +0800] "GET /product/product/hikarian/images/9916.jpg HTTP/1.1" 200 18840
111.164.188.210 - - [15/Jan/2010:21:11:54 +0800] "GET /index.php HTTP/1.1" 200 8033
222.85.70.242 - - [15/Jan/2010:21:11:54 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 4766240
222.85.70.242 - - [15/Jan/2010:21:06:08 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 5218400
222.85.70.242 - - [15/Jan/2010:21:05:13 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 5242880
222.85.70.242 - - [15/Jan/2010:21:04:21 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 200 72872830
222.85.70.242 - - [15/Jan/2010:21:06:50 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 2933867
65.55.109.45 - - [15/Jan/2010:21:32:00 +0800] "GET /service/china/index.htm HTTP/1.1" 200 13243
222.85.70.242 - - [15/Jan/2010:21:06:59 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 4989440
222.85.70.242 - - [15/Jan/2010:21:07:24 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 5006720
203.208.60.226 - - [15/Jan/2010:21:33:12 +0800] "GET /index.php/news/20090317/toycenter/news/20090210_001/bds/swf/toycenter/news/20090520/news/20090922/robotgamefile3.pdf HTTP/1.1" 200 13261
222.85.70.242 - - [15/Jan/2010:21:06:05 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 5198240
222.85.70.242 - - [15/Jan/2010:21:05:32 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 5215520
222.85.70.242 - - [15/Jan/2010:21:07:32 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 4972160
222.85.70.242 - - [15/Jan/2010:21:09:45 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 4779200
222.85.70.242 - - [15/Jan/2010:21:05:58 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 5227040
222.85.70.242 - - [15/Jan/2010:21:07:08 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 5130560
222.85.70.242 - - [15/Jan/2010:21:10:58 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 4724480
222.85.70.242 - - [15/Jan/2010:21:06:50 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 5027244
222.85.70.242 - - [15/Jan/2010:21:05:12 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 5242880
222.85.70.242 - - [15/Jan/2010:21:10:21 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 2579627
222.85.70.242 - - [15/Jan/2010:21:14:42 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 4312640
222.85.70.242 - - [15/Jan/2010:21:09:42 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 4643840
222.85.70.242 - - [15/Jan/2010:21:10:12 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 4776320
60.22.233.197 - - [15/Jan/2010:21:39:22 +0800] "GET /newproductImage/image007.jpg HTTP/1.1" 200 51075
60.22.233.197 - - [15/Jan/2010:21:39:22 +0800] "GET /newproductImage/image003.jpg HTTP/1.1" 200 217156
60.22.233.197 - - [15/Jan/2010:21:39:22 +0800] "GET /newproductImage/image005.jpg HTTP/1.1" 200 80587
222.85.70.242 - - [15/Jan/2010:21:10:20 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 4685600
222.85.70.242 - - [15/Jan/2010:21:25:12 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 4679840
222.85.70.242 - - [15/Jan/2010:21:28:51 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 2474507
222.85.70.242 - - [15/Jan/2010:21:52:00 +0800] "GET /css/main.css HTTP/1.1" 304 -
60.22.233.197 - - [15/Jan/2010:21:52:15 +0800] "GET /newproductImage/small_arrow.gif HTTP/1.1" 200 119
222.85.70.242 - - [15/Jan/2010:21:29:55 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 65536
220.181.94.225 - - [15/Jan/2010:21:53:04 +0800] "GET /robots.txt HTTP/1.1" 404 279
222.85.70.242 - - [15/Jan/2010:21:32:00 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 4799360
222.85.70.242 - - [15/Jan/2010:21:32:16 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 4462400
220.181.7.122 - - [15/Jan/2010:21:33:13 +0800] "GET / HTTP/1.1" 200 16256
222.85.70.242 - - [15/Jan/2010:21:33:57 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 65536
222.85.70.242 - - [15/Jan/2010:21:34:27 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 65536
203.208.60.225 - - [15/Jan/2010:21:57:36 +0800] "GET /index.php/bds/swf/bds/news/20090922/toycenter/toycenter/swf/competition_college_feisi.php HTTP/1.1" 200 13261
128.1.20.52 - - [15/Jan/2010:21:57:37 +0800] "GET / HTTP/1.1" 302 -
222.85.70.242 - - [15/Jan/2010:21:34:44 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 65536
222.85.70.242 - - [15/Jan/2010:21:34:55 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 4312640
222.85.70.242 - - [15/Jan/2010:21:35:10 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 4679840
222.85.70.242 - - [15/Jan/2010:21:35:35 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 2474507
222.85.70.242 - - [15/Jan/2010:21:35:40 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 4811244
222.85.70.242 - - [15/Jan/2010:21:36:00 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 4799360
128.1.20.52 - - [15/Jan/2010:21:59:09 +0800] "GET / HTTP/1.1" 302 -
222.85.70.242 - - [15/Jan/2010:21:36:43 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 4462400
222.85.70.242 - - [15/Jan/2010:21:36:47 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 131072
222.85.70.242 - - [15/Jan/2010:21:37:51 +0800] "GET /downloads/danceVideo.rar HTTP/1.1" 206 65536

文库|博客

nagaregawa

巨富豪门

招聘 : 技术支持/维

论坛徽章:: 0

2楼 [报告]

发表于 2010-01-27 15:47 |只看该作者

回复 #1 internet04 的帖子

用iptables connlimit模块阻止一下试试

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

Dxx_守护精灵

白手起家

论坛徽章:: 0

3楼 [报告]

发表于 2010-01-29 13:48 |只看该作者

iptables -A INPUT -s 222.85.70.242 -j DROP

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

wendaozhe

家境小康

论坛徽章:: 0

4楼 [报告]

发表于 2010-01-29 13:53 |只看该作者

connlimit
hashlimit
recent

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

wendaozhe

家境小康

论坛徽章:: 0

5楼 [报告]

发表于 2010-01-29 14:02 |只看该作者

对于大量的有针对性的攻击，的确麻烦，业务受影响是肯定的，你最好先通过、日志、抓包确定攻击的手法、在寻求解决方案！

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

comcn2

家境小康

论坛徽章:: 3

6楼 [报告]

发表于 2010-02-03 09:33 |只看该作者

建议楼主首先对攻击来源进行分析，如果地址数量较少，可以直接用iptables Drop掉，如果地址数量庞大，但是在连续的网段内，可以使用iptables封网段，或者使用connlimit/recent 限制单位时间单个子网的联接数量。如果针对你的攻击是有预谋，有针对性，且地址毫无规律，持续时间特别长，那建议你报警！

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

gnome_dj

白手起家

论坛徽章:: 0

7楼 [报告]

发表于 2010-02-03 16:28 |只看该作者

建议楼主首先对攻击来源进行分析，如果地址数量较少，可以直接用iptables Drop掉，如果地址数量庞大，但是在 ...
comcn2 发表于 2010-02-03 09:33

6F 正解

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

comcn2

家境小康

论坛徽章:: 3

8楼 [报告]

发表于 2010-02-25 13:08 |只看该作者

楼主的问题解决没有啊，出来说说啊

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

Godbach

版主

论坛徽章:: 36

9楼 [报告]

发表于 2010-02-25 23:44 |只看该作者

日志的显示是按照时间排列的吗。LZ统计出来单位时间内有多少Get请求，而你的服务器又能处理多少？

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

liulihua_cu

白手起家

论坛徽章:: 0

10楼 [报告]

发表于 2010-03-13 20:09 |只看该作者

加载iptables的recent模块：
/usr/src/linux/.config内
CONFIG_NETFILTER_XT_MATCH_RECENT=y

iptables -N HTTPSCAN
iptables -A INPUT -p tcp --dport 80 -m state --state NEW -j HTTPSCAN
iptables -A HTTPSCAN -m recent --set --name HTTP
iptables -A HTTPSCAN -m recent --update --seconds 300 --hitcount 10 --name HTTP -j DROP

任何一个IP在300秒内访问超过10次则会被DROP

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

返回列表

Chinaunix › 论坛 › IT运维 › 数据安全 › 求助,外部网页服务器天天被攻击,请看日志,高手支招~~~感 ...

求助,外部网页服务器天天被攻击,请看日志,高手支招~~~感激涕零 [复制链接]

回复 #1 internet04 的帖子

浏览过的版块