自 12 月 24 日起,我的服务器资源消耗增加。此外,Nginx 服务器似乎不稳定,导致出现多个错误。
这CPU使用率过去平均约为 5%。但几天前它增加了,现在稳定在 10% 到 30%。同样的行为也适用于IPv4 流量。此外,当我尝试访问我的 Nextcloud 或网站时,我经常会遇到诸如Error 525: SSL handshake failed或 之类的错误Error 500: Internal server error。错误消息和流量增加同时出现。为了排除最近进行的配置导致问题的可能性,我恢复了 12 月 20 日的备份。所以一定是外部影响导致了问题。
我使用以下方法扫描病毒ClamAV整个系统,但未发现受感染的文件:
----------- SCAN SUMMARY -----------
Known viruses: 8844122
Engine version: 0.103.0
Scanned directories: 28082
Scanned files: 167224
Infected files: 0
Data scanned: 15009.11 MB
Data read: 23880.07 MB (ratio 0.63:1)
Time: 3684.616 sec (61 m 24 s)
Start Date: 2021:01:02 23:54:21
End Date: 2021:01:03 00:55:45
我还检查了可疑活动网络状态:
$ netstat -nt | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -r
2648 104.218.232.38
2589 104.218.232.37
143 5.182.209.124
143 185.189.14.123
132 5.182.209.47
131 54.198.115.81
121 23.8.7.207
113 23.224.103.238
95 185.255.134.153
64 142.93.135.65
37 31.206.5.1
37 134.209.92.79
37 103.29.71.18
35 81.70.202.141
34 194.87.95.95
28 106.52.158.118
26 23.32.85.243
26 116.17.102.163
25 94.103.87.21
25 118.193.41.157
25 111.229.125.162
24 120.53.118.158
23 173.249.18.223
22 81.70.210.159
22 43.227.180.230
22 193.109.79.134
21 139.162.72.45
21 116.17.102.198
21 115.238.196.100
20 159.226.21.39
20 113.100.209.209
19 45.84.196.129
19 173.249.44.200
19 172.104.118.85
19 161.97.135.26
19 113.100.209.120
18 172.105.240.46
18 172.105.191.4
18 172.104.85.88
17 172.105.35.35
17 116.17.102.82
17 116.17.102.251
17 116.17.102.225
17 113.100.209.153
16 61.160.223.228
16 59.38.222.34
16 45.118.135.77
16 207.180.206.180
16 173.212.225.16
16 161.97.135.28
16 139.162.116.216
16 116.17.102.190
16 116.17.102.128
16 113.100.209.91
15 198.58.96.176
15 164.68.101.83
15 116.17.102.71
15 116.17.102.141
15 113.100.209.159
14 176.58.109.91
14 172.104.127.52
14 172.104.117.113
14 139.162.3.85
14 116.17.102.87
14 116.17.102.77
14 113.100.209.9
14 113.100.209.215
13 59.38.223.85
13 42.192.15.120
13 212.102.60.158
13 178.151.141.116
13 116.17.102.117
13 113.100.209.234
13 113.100.209.135
12 195.154.241.248
12 176.119.156.84
12 161.97.135.33
12 161.97.135.32
12 161.97.135.30
12 139.162.104.140
12 113.100.209.207
11 91.193.173.1
11 45.118.133.9
11 207.180.203.143
11 188.195.109.42
11 173.212.226.149
11 172.105.233.224
11 172.104.98.78
11 161.97.76.238
11 161.97.135.224
11 144.202.8.244
11 116.17.102.68
11 116.17.102.237
11 113.100.209.134
11 113.100.209.127
11 113.100.209.119
11 113.100.209.104
10 81.70.103.9
10 59.38.223.115
10 59.38.223.107
10 49.12.66.76
10 191.19.149.198
10 144.91.114.81
10 139.162.77.193
10 127.0.0.1
10 116.17.102.241
10 113.100.209.219
9 59.38.222.171
9 212.7.210.103
9 207.180.237.10
9 178.79.179.193
9 172.105.237.55
9 161.97.135.225
9 139.162.117.120
9 116.17.102.96
9 116.17.102.36
9 116.17.102.142
9 113.100.209.71
9 113.100.209.52
9 113.100.209.235
9 113.100.209.213
9 113.100.209.118
9 113.100.209.115
9 108.28.122.6
9 106.53.136.62
9 103.29.70.181
8 59.38.223.82
8 59.38.222.43
8 27.221.79.31
8 182.254.223.162
8 172.105.196.229
8 164.68.111.16
8 161.97.135.223
8 161.97.135.221
8 161.97.135.220
8 151.106.3.179
8 116.17.102.32
8 116.17.102.254
8 116.17.102.130
8 116.17.102.112
8 113.100.209.147
7 92.241.9.162
7 60.169.78.63
7 212.7.210.104
7 207.180.213.12
7 207.180.211.45
7 164.68.106.182
7 161.97.135.219
7 116.17.102.137
7 113.100.209.80
7 113.100.209.2
7 113.100.209.179
7 113.100.209.125
7 106.55.53.215
6 61.184.1.10
6 59.38.223.238
6 59.38.222.63
6 42.48.184.9
6 221.8.141.164
6 173.249.20.2
6 172.105.58.130
6 172.104.68.177
6 164.68.108.221
6 116.17.102.247
6 116.17.102.223
6 116.17.102.150
6 116.17.102.129
6 113.100.209.69
6 113.100.209.249
6 113.100.209.245
6 113.100.209.169
5 97.107.137.170
5 59.38.222.207
5 47.90.205.159
5 45.87.2.231
5 222.180.195.154
5 180.232.99.133
5 176.99.159.19
5 172.105.37.185
5 172.104.62.99
5 172.104.173.94
5 164.68.107.32
5 154.27.68.105
5 116.17.102.75
5 116.17.102.45
5 116.17.102.172
5 116.17.102.134
5 113.100.209.186
5 113.100.209.181
5 113.100.209.18
4 89.108.84.27
4 82.77.76.92
4 59.38.222.175
4 51.103.40.29
4 204.93.226.69
4 192.46.233.130
4 178.63.149.89
4 173.249.31.254
4 121.29.46.177
4 121.29.46.138
4 118.193.42.237
4 116.17.102.9
4 116.17.102.21
4 113.57.148.194
4 109.27.192.44
4 1.193.20.197
3 81.91.179.207
3 81.71.42.207
3 70.37.160.210
3 59.38.223.98
3 5.255.183.209
3 47.90.255.174
3 47.89.181.151
3 45.82.68.174
3 45.12.212.75
3 36.51.254.229
3 27.147.202.120
3 195.2.67.224
3 185.87.51.122
3 178.124.185.120
3 161.97.76.240
3 139.9.216.230
3 139.204.122.237
3 139.204.117.87
3 136.175.9.57
3 136.175.9.105
3 135.148.12.143
3 116.17.102.20
3 115.231.218.252
3 113.100.209.162
3 113.100.209.140
3 104.131.180.136
3 104.128.58.19
3 103.107.161.129
2 96.126.118.183
2 95.217.249.73
2 94.60.176.83
2 94.50.240.252
2 94.198.98.138
2 94.198.100.8
2 93.77.19.241
2 91.236.120.189
2 81.16.141.51
2 81.16.141.28
2 59.38.222.202
2 51.75.255.151
2 43.248.186.67
2 42.192.16.54
2 39.89.64.117
2 36.51.254.228
2 31.135.149.97
2 3.239.88.227
2 3.236.246.248
2 27.159.82.67
2 27.145.211.135
2 222.93.16.183
2 217.182.173.209
2 203.195.195.235
2 198.27.100.135
2 194.67.218.133
2 188.40.57.143
2 187.107.10.10
2 185.81.158.109
2 183.17.231.237
2 182.253.176.11
2 177.47.87.13
2 173.249.30.9
2 171.252.189.83
2 171.107.124.35
2 163.172.30.116
2 154.8.246.137
2 143.244.42.77
2 143.178.170.214
2 139.204.117.240
2 139.155.172.64
2 122.238.117.25
2 121.29.46.172
2 121.29.46.146
2 118.193.41.84
2 116.17.102.217
2 116.17.102.155
2 115.159.92.188
2 111.49.79.113
2 110.249.208.137
2 104.161.112.234
2 1.189.60.149
2 1.183.243.31
1 servers)
1 Address
1 95.216.244.56
1 95.182.120.9
1 95.168.183.69
1 95.141.46.182
1 95.106.255.97
1 95.10.232.21
1 94.249.192.218
1 94.244.50.10
1 94.103.90.30
1 93.204.184.102
1 92.53.65.210
1 91.206.15.91
1 90.225.65.71
1 88.226.100.225
1 88.218.16.105
1 84.64.221.58
1 82.223.104.78
1 82.162.58.171
1 81.69.44.108
1 8.208.82.133
1 78.47.32.154
1 75.109.4.43
1 74.208.253.135
1 69.167.7.49
1 69.164.210.76
1 66.228.34.13
1 64.64.250.83
1 61.145.49.81
1 59.80.30.164
1 59.38.222.195
1 58.58.237.82
1 51.68.120.72
1 51.210.43.24
1 51.178.240.246
1 51.103.72.158
1 5.9.215.100
1 49.232.87.68
1 47.88.170.127
1 47.75.190.154
1 46.91.22.28
1 46.4.148.26
1 46.17.43.98
1 45.91.20.228
1 45.76.161.122
1 45.236.149.152
1 44.242.167.214
1 42.192.52.67
1 42.192.138.217
1 40.120.54.92
1 39.156.65.236
然后我使用IP 地理位置 API:
$ curl "http://ip-api.com/line/example_ip_address?fields=country"
虽然它应该只有我和朋友、家人、老师才能访问,但它却收到了来自世界各地的请求。它似乎收到了来自中国、新加坡、孟加拉国、越南、俄罗斯、法国、美国、荷兰等国的数百/数千个请求。
我还检查了 中的无效登录信息/var/log/auth.log。有人多次尝试使用系统中不存在的用户名登录我的服务器。
# grep "Invalid user" /var/log/auth.log
Jan 1 10:09:54 server sshd[20560]: Invalid user jake from 117.247.183.216 port 59544
Jan 1 10:11:18 server sshd[20637]: Invalid user pydio from 106.12.97.115 port 36824
Jan 1 10:26:14 server sshd[21278]: Invalid user ts3 from 106.124.136.227 port 43942
Jan 1 11:03:58 server sshd[22909]: Invalid user test1 from 37.114.36.172 port 41906
Jan 1 11:04:00 server sshd[22912]: Invalid user paco from 67.205.142.48 port 40838
Jan 1 11:05:50 server sshd[22998]: Invalid user trade from 114.207.139.203 port 32833
Jan 1 11:07:43 server sshd[23084]: Invalid user teamspeak from 61.155.106.101 port 55632
Jan 1 11:11:05 server sshd[23265]: Invalid user maria from 81.68.83.82 port 49822
Jan 1 11:14:55 server sshd[23434]: Invalid user ts3user from 51.68.226.27 port 57540
Jan 1 11:22:02 server sshd[23737]: Invalid user dave from 43.226.69.100 port 45332
Jan 1 11:53:54 server sshd[25138]: Invalid user pi from 188.76.66.65 port 23060
Jan 1 11:53:54 server sshd[25139]: Invalid user pi from 188.76.66.65 port 22840
Jan 1 13:19:49 server sshd[28963]: Invalid user csgoserver from 61.93.240.18 port 1665
Jan 1 13:23:22 server sshd[29130]: Invalid user hxeadm from 178.128.80.85 port 39950
Jan 1 13:25:05 server sshd[29187]: Invalid user mcserver from 195.29.102.42 port 42286
Jan 1 13:28:52 server sshd[29354]: Invalid user felix from 37.252.190.224 port 59594
Jan 1 13:30:52 server sshd[29440]: Invalid user dinesh from 81.183.213.37 port 60185
Jan 1 13:41:13 server sshd[29920]: Invalid user testuser from 161.82.130.186 port 39300
Jan 1 13:41:48 server sshd[29957]: Invalid user ranger from 106.124.136.227 port 34749
Jan 1 13:46:34 server sshd[30171]: Invalid user vbox from 115.159.161.81 port 36826
Jan 1 13:51:11 server sshd[30352]: Invalid user admin2 from 105.73.83.18 port 36252
Jan 1 13:52:32 server sshd[30428]: Invalid user test from 51.210.5.171 port 54958
Jan 1 13:57:08 server sshd[30609]: Invalid user pmd from 185.234.219.5 port 15368
Jan 1 14:09:00 server sshd[31116]: Invalid user ftpadmin from 111.229.181.50 port 35512
Jan 1 14:13:01 server sshd[31338]: Invalid user maximo from 112.196.43.202 port 42158
Jan 1 14:20:54 server sshd[31680]: Invalid user www from 51.38.70.175 port 60434
Jan 1 15:06:16 server sshd[1391]: Invalid user rd from 49.235.11.137 port 36864
Jan 1 15:19:07 server sshd[1996]: Invalid user roberto from 45.155.205.86 port 44624
Jan 1 15:48:27 server sshd[3277]: Invalid user dennis from 123.58.109.42 port 40322
Jan 1 15:50:35 server sshd[3365]: Invalid user deploy from 106.52.22.230 port 48356
Jan 1 15:52:42 server sshd[3454]: Invalid user admin1 from 122.152.215.115 port 37214
Jan 1 16:05:15 server sshd[3976]: Invalid user user from 195.19.102.173 port 45690
Jan 1 16:12:21 server sshd[4322]: Invalid user git from 118.145.8.50 port 56276
Jan 1 16:51:57 server sshd[6066]: Invalid user ubuntu from 157.231.102.250 port 51841
Jan 1 16:54:17 server sshd[6157]: Invalid user hdfs from 51.77.230.49 port 36038
Jan 1 16:54:29 server sshd[6161]: Invalid user rabbit from 165.22.234.248 port 39244
Jan 1 17:47:33 server sshd[9479]: Invalid user pi from 182.84.124.120 port 50662
Jan 1 17:47:33 server sshd[9480]: Invalid user pi from 182.84.124.120 port 50660
Jan 1 18:09:04 server sshd[10427]: Invalid user test1 from 130.61.134.151 port 58688
Jan 1 18:24:56 server sshd[1387]: Invalid user botuser from 179.131.11.234 port 45754
Jan 1 18:53:49 server sshd[3748]: Invalid user jenkins from 157.230.97.148 port 47838
Jan 1 18:55:20 server sshd[3830]: Invalid user dlwsadmin from 157.230.97.148 port 49102
Jan 1 18:56:50 server sshd[3881]: Invalid user ascend from 157.230.97.148 port 50382
Jan 1 18:58:15 server sshd[3958]: Invalid user dlwsadmin from 157.230.97.148 port 51648
Jan 1 18:59:37 server sshd[4009]: Invalid user ascend from 157.230.97.148 port 52920
Jan 1 19:10:21 server sshd[4539]: Invalid user es from 157.230.97.148 port 34834
Jan 1 19:11:43 server sshd[4590]: Invalid user dolphinscheduler from 157.230.97.148 port 36114
Jan 1 19:57:54 server sshd[1466]: Invalid user bserver from 106.55.41.76 port 33176
Jan 1 19:58:11 server sshd[1500]: Invalid user www from 62.171.157.83 port 64476
Jan 1 19:58:41 server sshd[1507]: Invalid user tom from 86.61.70.243 port 51011
Jan 1 20:00:10 server sshd[1589]: Invalid user admin1 from 150.158.175.66 port 41138
Jan 1 20:09:33 server sshd[2039]: Invalid user guest3 from 49.234.24.246 port 39462
Jan 1 20:09:42 server sshd[2035]: Invalid user upload from 13.82.0.138 port 34294
Jan 1 20:43:07 server sshd[3522]: Invalid user pi from 212.68.244.157 port 45541
Jan 1 20:43:07 server sshd[3521]: Invalid user pi from 212.68.244.157 port 45542
Jan 1 20:54:24 server sshd[3993]: Invalid user support from 185.156.74.65 port 8975
Jan 1 20:54:24 server sshd[3995]: Invalid user support from 185.156.74.65 port 9161
Jan 1 21:04:18 server sshd[4437]: Invalid user ansible from 167.99.210.58 port 51446
Jan 1 21:04:26 server sshd[4441]: Invalid user ansible from 167.99.210.58 port 37472
Jan 1 21:04:59 server sshd[4484]: Invalid user butter from 167.99.210.58 port 37914
Jan 1 21:05:17 server sshd[4496]: Invalid user dev from 167.99.210.58 port 39260
Jan 1 21:05:26 server sshd[4498]: Invalid user user from 167.99.210.58 port 53592
Jan 1 21:12:36 server sshd[4857]: Invalid user sdtdserver from 36.250.229.84 port 50448
Jan 1 21:14:35 server sshd[4943]: Invalid user uftp from 107.175.153.27 port 36842
Jan 1 21:15:39 server sshd[4997]: Invalid user testa from 45.64.184.140 port 51020
Jan 1 21:16:47 server sshd[5042]: Invalid user teamspeak from 113.250.0.149 port 44582
Jan 1 21:21:01 server sshd[5247]: Invalid user jenkins from 167.172.195.99 port 36110
Jan 1 21:39:47 server sshd[6068]: Invalid user devel from 118.24.123.34 port 36368
Jan 1 21:49:22 server sshd[6489]: Invalid user debian from 129.226.225.117 port 33020
Jan 1 21:54:08 server sshd[6670]: Invalid user weblogic from 3.138.200.187 port 40742
Jan 1 21:54:17 server sshd[6705]: Invalid user spravce from 45.155.205.87 port 49303
Jan 1 21:56:04 server sshd[6765]: Invalid user smbuser from 167.172.185.34 port 37432
Jan 1 21:56:36 server sshd[6802]: Invalid user hadoop from 130.61.100.68 port 52070
Jan 1 21:57:38 server sshd[6846]: Invalid user devel from 212.64.71.254 port 55110
Jan 1 21:59:49 server sshd[6935]: Invalid user debian from 174.88.178.92 port 46002
Jan 1 22:07:14 server sshd[7269]: Invalid user ubuntu from 45.148.10.54 port 2536
Jan 1 22:17:13 server sshd[8069]: Invalid user samba from 45.155.205.87 port 15070
但是,除了我之外,其他人都无法登录,因为我很久以前就强化了 SSH 访问,通过使用以下方法限制端口 22 上的操作:联邦快递,通过安装Fail2ban并且只允许使用私有身份验证密钥进行访问和密码,这两个只有我有。运行该last命令时,我也没有看到除我之外的任何人成功登录。此外,我将我的服务器置于Cloudflare以防范 DDoS 攻击,但这无助于解决问题。
我还检查了 Nginx 错误日志/var/log/nginx/error.log,它一遍又一遍地列出警报768 worker_connections are not enough,因为我只配置了一个工作进程768工人连接。如果服务器没有受到机器人攻击/探测,那么这对于我的用例来说实际上已经足够了。我是否应该尝试增加工作连接的数量?
提前致谢!
更新
我刚刚查看了 Nginx 访问日志/var/log/nginx/access.log。以下是其内容的一小部分:
5.45.74.22 - - [04/Jan/2021:00:01:27 +0100] "POST http://5.188.211.72/check.php HTTP/1.1" 200 1161 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
172.104.98.78 - - [04/Jan/2021:00:01:27 +0100] "GET https://wesley.kunlun301.com/?u=http:// HTTP/1.1" 200 292 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13B143 Safari/601.1 (compatible; AdsBot-Google-Mobile; +http://www.google.com/mobile/adsbot.html)"
103.29.71.18 - - [04/Jan/2021:00:01:27 +0100] "GET https://wesley.kunlun301.com/?u=http:// HTTP/1.1" 500 588 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3599.0 Safari/537.36"
172.104.68.177 - - [04/Jan/2021:00:01:27 +0100] "GET http://console.bestacdn.com:1122/?u=http:// HTTP/1.1" 499 0 "-" "Mozilla/5.0 (Linux; Android 5.0; SM-G920A) AppleWebKit (KHTML, like Gecko) Chrome Mobile Safari (compatible; AdsBot-Google-Mobile; +http://www.google.com/mobile/adsbot.html)"
45.118.135.77 - - [04/Jan/2021:00:01:27 +0100] "GET http://wesley.kunlun301.com/?u=http:// HTTP/1.1" 200 292 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.18247"
176.58.109.91 - - [04/Jan/2021:00:01:27 +0100] "GET http://console.bestacdn.com:1122/?u=http:// HTTP/1.1" 499 0 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
172.105.35.35 - - [04/Jan/2021:00:01:27 +0100] "GET http://wesley.kunlun301.com/?u=http:// HTTP/1.1" 499 0 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
62.113.115.240 - - [04/Jan/2021:00:01:27 +0100] "CONNECT steamcommunity.com:443 HTTP/1.1" 400 166 "-" "-"
121.57.146.76 - - [04/Jan/2021:00:01:27 +0100] "CONNECT production-game-api.sekai.colorfulpalette.org:443 HTTP/1.1" 400 166 "-" "-"
139.162.116.216 - - [04/Jan/2021:00:01:27 +0100] "GET http://wesley.kunlun301.com/?u=http:// HTTP/1.1" 499 0 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
172.104.173.94 - - [04/Jan/2021:00:01:27 +0100] "CONNECT m.facebook.com:443 HTTP/1.1" 400 166 "-" "-"
172.104.127.52 - - [04/Jan/2021:00:01:27 +0100] "GET https://wesley.kunlun301.com/?u=http:// HTTP/1.1" 200 292 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Googlebot/2.1; +http://www.google.com/bot.html) Safari/537.36"
61.136.101.153 - - [04/Jan/2021:00:01:27 +0100] "CONNECT www.alipay.com:443 HTTP/1.0" 400 166 "-" "-"
193.109.79.134 - - [04/Jan/2021:00:01:27 +0100] "GET http://api.steampowered.com/IPlayerService/GetSteamLevel/v1/?key=682AA980899BA2C3A331538849BBC8D4&steamid=76561198013106964 HTTP/1.1" 200 52 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0"
这些请求是预料之中的吗?它们似乎会导致错误/var/log/nginx/error.log。
答案1
首先感谢@Giacomo1968和@GordonDavisson为我指明了正确的方向。在确保我的服务器没有感染恶意软件并且 SSH 访问得到强化后,我配置了 Nginx 来处理导致 DDoS 的机器人请求。配置文件通常位于/etx/nginx/nginx.conf。一个很好的资源是本指南使用 Nginx 缓解 DDoS 攻击。
增加工作连接数
我增加了最大同时连接数(工人连接)可以通过工作进程(例如 2048)。
worker_connections 2048;
限制请求率
我将 Nginx 接受传入请求的速率限制为真实用户的典型值(例如 2 秒)。
limit_req_zone $binary_remote_addr zone=one:10m rate=30r/m;
server {
# ...
location / {
limit_req zone=one;
# ...
}
}
限制连接数
我限制了单个客户端 IP 地址可以打开的连接数,同样限制为适合真实用户的值(例如 10)。
limit_conn_zone $binary_remote_addr zone=two:10m;
server {
# ...
location / {
limit_conn two 10;
# ...
}
}
关闭慢速连接
我将 Nginx 配置为关闭那些写入数据频率太低的连接,这可能表示尝试尽可能长时间保持连接打开(从而降低服务器接受新连接的能力)。慢蜂就是此类攻击的一个例子。
server {
client_body_timeout 5s;
client_header_timeout 5s;
# ...
}
现在我的 Nginx 服务器仍然比攻击前占用更多资源,但至少不再超载。我希望这对其他面临类似攻击的人有所帮助。