- 论坛徽章:
- 0
|
最近发现大量的IP采用类似cc和洪泛攻击的手段进攻我们服务器,经过检查日志,发现有类似的内容:
124.205.86.20 - - [21/Mar/2016:05:21:41 +0800] "GET /forum-125-1.html HTTP/1.1" 200 16365 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)" "-"
221.204.248.141 - - [21/Mar/2016:05:21:41 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&19674 HTTP/1.1" 200 127671 "http://shop.wisehf.com/widget/images/sc.php" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "-"
61.238.193.247 - - [21/Mar/2016:05:21:41 +0800] "GET /forum-315-1.html HTTP/1.1" 200 21113 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.10) Gecko/20100915 Ubuntu/9.04 (jaunty) Firefox/3.6.10" "-"
123.126.113.138 - - [21/Mar/2016:05:21:41 +0800] "GET /forum-130-1.html HTTP/1.1" 200 22886 "-" "Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)" "-"
60.183.135.173 - - [21/Mar/2016:05:21:41 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&10243 HTTP/1.1" 200 4334 "http://shop.wisehf.com/widget/images/sc.php" "Mozilla/5.0 (iPhone; CPU iPhone OS 7_0_4 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Mobile/11B554a baiduboxapp/0_0.0.5.5_enohpi_069_046/4.0.7_1C2%254enohPi/1099a/19AAE3FF8CA24E3E5D99D5497ADA3DF119D8F6064ONJGTORNQJ/1" "-"
27.152.76.101 - - [21/Mar/2016:05:21:41 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&14104 HTTP/1.1" 200 4334 "http://shop.wisehf.com/widget/images/sc.php" "Mozilla/5.0 (iPhone; CPU iPhone OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Mobile/12F70 search%2F1.0 baiduboxapp/0_0.1.1.7_enohpi_8022_2421/3.8_1C2%257enohPi/1099a/F05496C245F2CFFFE45A16B5F6549304245410A43ORCPKONBOK/1" "-"
1.25.67.152 - - [21/Mar/2016:05:21:41 +0800] "GET /forum.php?/&luntan-beijiechi-beiheikeruqin&7069 HTTP/1.1" 200 4328 "http://shop.wisehf.com/widget/images/sc.php" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13B5119e baiduboxapp/0_0.1.1.7_enohpi_069_046/1.9_1C2%254enohPi/1099a/8B70E095D6DED9C6B651C4DA5D44E2D054306C177ORGLMLOCDG/1" "-"
数量很大,瞬间可以达到几万个IP,目前只有禁止某些网段,请教还有更好的方法吗?
谢谢! |
|