首页 网络营销 SEO

”近有一个客户反馈网站频繁打不开,空间是阿里云的虚拟主机,我登陆后台一看,CPU使用率”,然后就死机了,重启下服务器就正常了,然后过两天就又不行了。我猜想可能是遇到了流量攻击,造成了网站瘫痪。

首先我们来看下客户主机的配置:

然后简单了解下客户网站的运营情况。

1、日均IP不超过100个
2、网站以高清摄影图片为主

这样的情况不应该发生的,这个主机的承载力不止这么大,于是只能从网站访问日志入手了。

日志中有很多这样的记录:


217.182.132.6 - - [13/Nov/2017:01:02:21 +0800] "GET /dalian2.php?mgS/ed.html HTTP/1.1" 404 4874 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.2; +http://ahrefs.com/robot/)" byu3221150001.my3w.com text/html "/usr/home/byu3221150001/htdocs/index.php" 715395
51.255.71.111 - - [13/Nov/2017:01:03:14 +0800] "GET /eeduosi5.php?qF3/ns.html HTTP/1.1" 404 4874 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.2; +http://ahrefs.com/robot/)" byu3221150001.my3w.com text/html "/usr/home/byu3221150001/htdocs/index.php" 682825
217.182.132.190 - - [13/Nov/2017:01:03:25 +0800] "GET /eeduosi3.php?g3B/Zk.html HTTP/1.1" 404 4874 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.2; +http://ahrefs.com/robot/)" byu3221150001.my3w.com text/html "/usr/home/byu3221150001/htdocs/index.php" 613657
164.132.161.61 - - [13/Nov/2017:01:03:37 +0800] "GET /chaohu1.php?d4i/IK.html HTTP/1.1" 404 4874 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.2; +http://ahrefs.com/robot/)" byu3221150001.my3w.com text/html "/usr/home/byu3221150001/htdocs/index.php" 631536
164.132.161.91 - - [13/Nov/2017:01:03:38 +0800] "GET /foshan1.php?wvR/kM.html HTTP/1.1" 404 4874 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.2; +http://ahrefs.com/robot/)" byu3221150001.my3w.com text/html "/usr/home/byu3221150001/htdocs/index.php" 665642
217.182.132.157 - - [13/Nov/2017:01:04:16 +0800] "GET /eeduosi3.php?L3I/gU.html HTTP/1.1" 404 4874 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.2; +http://ahrefs.com/robot/)" byu3221150001.my3w.com text/html "/usr/home/byu3221150001/htdocs/index.php" 630483
217.182.132.36 - - [13/Nov/2017:01:04:19 +0800] "GET /hangzhou.php?6zg/Ab.html HTTP/1.1" 404 4874 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.2; +http://ahrefs.com/robot/)" byu3221150001.my3w.com text/html "/usr/home/byu3221150001/htdocs/index.php" 610414

它们都有一个共同的特征:访问了网站中不存在的一个路径,服务器统一返回了一个404错误,很明显有流量注入的可能,经过翻看访问日志,发生了一些比较可疑的IP段,根据阿里云客服的指导,对这些可疑IP段进行屏蔽。


deny from 164.132.161.0/255
deny from 203.208.60.0/255
deny from 217.182.132.0/255
deny from 137.74.207.0/255
deny from 164.132.162.0/255
deny from 51.255.71.0/255
deny from 51.255.65.0/255
deny from 164.132.161.0/255
deny from 137.74.207.0/255
deny from 137.74.207.0/255
deny from 51.255.65.0/255

添加至.htaccess即可。

发表回复

您的电子邮箱地址不会被公开。 必填项已用*标注

会员评论:(2)

声明:本站所有主题/文章除标明原创外,均来自网络转载,版权归原作者所有,如果有侵犯到您的权益,请联系本站删除,谢谢!
©www.sbmzenith.com 2013-2022 All Rights Reserved.
豫ICP备15009393号