RSS feed GET 垃圾邮件导致服务器 CPU 运行率达到 100%

tag-icon tag-icon cpu spam-prevention rss
RSS feed GET 垃圾邮件导致服务器 CPU 运行率达到 100%

我刚刚将我的网站转移到一个新的主机并发现有大量的 RSS 提要垃圾邮件。

在我的 Apache 日志中,我看到一堆对不存在的 RSS 提要 URL 的 GET 请求(每秒至少 20 个):

2017-11-03T12:06:43.128572347Z [03/Nov/2017:12:06:42 +0000] 192.168.37.231 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "GET /?feed=ads HTTP/1.1" 2475
2017-11-03T12:06:43.389441028Z 192.168.37.231 - - [03/Nov/2017:12:06:43 +0000] "GET /?feed=ads HTTP/1.1" 301 -
2017-11-03T12:06:43.389574732Z [03/Nov/2017:12:06:43 +0000] 192.168.37.231 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "GET /?feed=ads HTTP/1.1" -
2017-11-03T12:06:43.408464613Z 192.168.37.231 - - [03/Nov/2017:12:06:43 +0000] "GET /?feed=ads HTTP/1.1" 301 -
2017-11-03T12:06:43.40850661Z [03/Nov/2017:12:06:43 +0000] 192.168.37.231 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "GET /?feed=ads HTTP/1.1" -
2017-11-03T12:06:43.411540849Z 192.168.37.231 - - [03/Nov/2017:12:06:43 +0000] "GET /?feed=ads HTTP/1.1" 301 -
2017-11-03T12:06:43.411641255Z [03/Nov/2017:12:06:43 +0000] 192.168.37.231 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "GET /?feed=ads HTTP/1.1" -
2017-11-03T12:06:43.468777814Z 192.168.37.231 - - [03/Nov/2017:12:06:43 +0000] "GET /?feed=ads HTTP/1.1" 503 2475

我在 Apache 日志中没有看到任何其他可能导致此 CPU 持续以 100% 运行的问题的原因。

在我的 php-fpm 日志中我看到:

2017-11-03T13:20:07.466546451Z [03-Nov-2017 13:20:07] NOTICE: [pool www] child 117 started
2017-11-03T13:20:14.359871929Z [03-Nov-2017 13:20:14] NOTICE: [pool www] child 91 exited with code 0 after 606.968836 seconds from start
2017-11-03T13:20:14.359917735Z [03-Nov-2017 13:20:14] NOTICE: [pool www] child 127 started
2017-11-03T13:20:43.867682884Z [03-Nov-2017 13:20:43] NOTICE: [pool www] child 90 exited with code 0 after 637.440716 seconds from start
2017-11-03T13:20:43.867694486Z [03-Nov-2017 13:20:43] NOTICE: [pool www] child 135 started
2017-11-03T13:20:58.577836366Z [03-Nov-2017 13:20:58] NOTICE: [pool www] child 86 exited with code 0 after 662.714762 seconds from start
2017-11-03T13:20:58.578920398Z [03-Nov-2017 13:20:58] NOTICE: [pool www] child 136 started
2017-11-03T13:22:25.865573438Z [03-Nov-2017 13:22:25] NOTICE: [pool www] child 89 exited with code 0 after 742.035998 seconds from start

然后最终 fpm 池达到其极限:

2017-11-03T11:59:03.178672211Z [03-Nov-2017 11:59:03] WARNING: [pool www] server reached max_children setting (15), consider raising it

我不知道如何防止这种情况发生,但它导致我的 CPU 以 100% 的速度旋转并使我的网站无法访问。

此外,我不确定为什么在我的上一个主机上这不是一个问题,但现在我已经转移了,这却成了一个问题。

我该如何阻止这些 GET 请求?我一直试图在我的 .htaccess 文件中阻止这些请求,我删除了我所有的 RSS 提要模板文件,并且我在网站上禁用了 RSS - 但这些似乎都不起作用。

答案1

也许你可以使用这里

简而言之:

RewriteCond %{QUERY_STRING} feed=ads
RewriteRule .* - [F]

相关内容