我在apache日志中看到了这个巨大的日志,用于网站:
192.111.129.145 - - [07/Jun/2021:13:07:50 +0430] "HEAD /?Y256629118494u166019161242G5231293763232i55356056861y HTTP/1.1" 403 0 "hsteam-gifts.ir/" "z"
103.137.165.152 - - [07/Jun/2021:13:07:51 +0430] "POST / HTTP/1.1" 403 699 "-" "python-requests/2.25.1"
192.111.129.145 - - [07/Jun/2021:13:07:49 +0430] "HEAD /?Y256629118494u166019161242G5231293763232i55356056861y HTTP/1.1" 403 0 "hsteam-gifts.ir/" "z"
192.111.129.145 - - [07/Jun/2021:13:07:49 +0430] "HEAD /?Y256629118494u166019161242G5231293763232i55356056861y HTTP/1.1" 403 0 "hsteam-gifts.ir/" "z"
192.111.129.145 - - [07/Jun/2021:13:07:49 +0430] "HEAD /?Y256629118494u166019161242G5231293763232i55356056861y HTTP/1.1" 403 0 "hsteam-gifts.ir/" "z"
192.111.129.145 - - [07/Jun/2021:13:07:49 +0430] "HEAD /?Y256629118494u166019161242G5231293763232i55356056861y HTTP/1.1" 403 0 "hsteam-gifts.ir/" "z"
192.111.129.145 - - [07/Jun/2021:13:07:49 +0430] "GET / HTTP/1.1" 403 699 "nsteam-gifts.ir/" "a"
192.111.129.145 - - [07/Jun/2021:13:07:49 +0430] "GET / HTTP/1.1" 403 699 "nsteam-gifts.ir/" "a"
192.111.129.145 - - [07/Jun/2021:13:07:49 +0430] "GET / HTTP/1.1" 403 699 "nsteam-gifts.ir/" "a"
192.111.129.145 - - [07/Jun/2021:13:07:49 +0430] "GET / HTTP/1.1" 403 699 "nsteam-gifts.ir/" "a"
192.111.129.145 - - [07/Jun/2021:13:07:49 +0430] "GET / HTTP/1.1" 403 699 "nsteam-gifts.ir/" "a"
188.166.104.152 - - [07/Jun/2021:13:07:49 +0430] "POST / HTTP/1.1" 403 699 "-" "python-requests/2.25.1"
188.166.104.152 - - [07/Jun/2021:13:07:50 +0430] "POST / HTTP/1.1" 403 699 "-" "python-requests/2.25.1"
188.166.104.152 - - [07/Jun/2021:13:07:50 +0430] "POST / HTTP/1.1" 403 699 "-" "python-requests/2.25.1"
103.137.165.152 - - [07/Jun/2021:13:07:50 +0430] "POST / HTTP/1.1" 403 699 "-" "python-requests/2.25.1"
103.137.165.152 - - [07/Jun/2021:13:07:50 +0430] "POST / HTTP/1.1" 403 699 "-" "python-requests/2.25.1"
我在.htaccess中阻止请求,请求结果id为403我该如何防止这种攻击?waf?云闪?I用户cPanel+升速
由以下项目控制:
首先,在index.php 中添加此代码
<?php
if(!isset($_SERVER['HTTP_USER_AGENT'])){
exit();
}
if ($_SERVER['HTTP_USER_AGENT'] == "python-requests/2.25.1" || $_SERVER['HTTP_USER_AGENT'] == "a" || $_SERVER['HTTP_USER_AGENT'] == "\"){
exit();
}
下一步我用这个命令阻止IP:
cat /var/log/apache2/domlogs/mydomain.com-ssl_log | awk '{print $1}' | sort | uniq -c |sort -n | awk '{ if($1 > 10000) print $2 }' >> /etc/csf/csf.deny