prestashop cPanel主机中的HTTP主机HEAD攻击

我在apache日志中看到了这个巨大的日志，用于网站：

192.111.129.145 - - [07/Jun/2021:13:07:50 +0430] "HEAD /?Y256629118494u166019161242G5231293763232i55356056861y HTTP/1.1" 403 0 "hsteam-gifts.ir/" "z"
103.137.165.152 - - [07/Jun/2021:13:07:51 +0430] "POST / HTTP/1.1" 403 699 "-" "python-requests/2.25.1"
192.111.129.145 - - [07/Jun/2021:13:07:49 +0430] "HEAD /?Y256629118494u166019161242G5231293763232i55356056861y HTTP/1.1" 403 0 "hsteam-gifts.ir/" "z"
192.111.129.145 - - [07/Jun/2021:13:07:49 +0430] "HEAD /?Y256629118494u166019161242G5231293763232i55356056861y HTTP/1.1" 403 0 "hsteam-gifts.ir/" "z"
192.111.129.145 - - [07/Jun/2021:13:07:49 +0430] "HEAD /?Y256629118494u166019161242G5231293763232i55356056861y HTTP/1.1" 403 0 "hsteam-gifts.ir/" "z"
192.111.129.145 - - [07/Jun/2021:13:07:49 +0430] "HEAD /?Y256629118494u166019161242G5231293763232i55356056861y HTTP/1.1" 403 0 "hsteam-gifts.ir/" "z"
192.111.129.145 - - [07/Jun/2021:13:07:49 +0430] "GET / HTTP/1.1" 403 699 "nsteam-gifts.ir/" "a"
192.111.129.145 - - [07/Jun/2021:13:07:49 +0430] "GET / HTTP/1.1" 403 699 "nsteam-gifts.ir/" "a"
192.111.129.145 - - [07/Jun/2021:13:07:49 +0430] "GET / HTTP/1.1" 403 699 "nsteam-gifts.ir/" "a"
192.111.129.145 - - [07/Jun/2021:13:07:49 +0430] "GET / HTTP/1.1" 403 699 "nsteam-gifts.ir/" "a"
192.111.129.145 - - [07/Jun/2021:13:07:49 +0430] "GET / HTTP/1.1" 403 699 "nsteam-gifts.ir/" "a"
188.166.104.152 - - [07/Jun/2021:13:07:49 +0430] "POST / HTTP/1.1" 403 699 "-" "python-requests/2.25.1"
188.166.104.152 - - [07/Jun/2021:13:07:50 +0430] "POST / HTTP/1.1" 403 699 "-" "python-requests/2.25.1"
188.166.104.152 - - [07/Jun/2021:13:07:50 +0430] "POST / HTTP/1.1" 403 699 "-" "python-requests/2.25.1"
103.137.165.152 - - [07/Jun/2021:13:07:50 +0430] "POST / HTTP/1.1" 403 699 "-" "python-requests/2.25.1"
103.137.165.152 - - [07/Jun/2021:13:07:50 +0430] "POST / HTTP/1.1" 403 699 "-" "python-requests/2.25.1"

我在.htaccess中阻止请求，请求结果id为403我该如何防止这种攻击？waf？云闪？I用户cPanel+升速

由以下项目控制：

首先，在index.php 中添加此代码

<?php
if(!isset($_SERVER['HTTP_USER_AGENT'])){
exit();
}
if ($_SERVER['HTTP_USER_AGENT'] == "python-requests/2.25.1" || $_SERVER['HTTP_USER_AGENT'] == "a" || $_SERVER['HTTP_USER_AGENT'] == "\"){
exit();
}

下一步我用这个命令阻止IP：

cat /var/log/apache2/domlogs/mydomain.com-ssl_log | awk '{print $1}' | sort | uniq -c |sort -n |  awk '{ if($1 > 10000) print $2 }' >> /etc/csf/csf.deny

相关内容

最新更新

热门标签：