几天以来,我的 Apache Web 服务器一直受到攻击。我收到来自多个 IP 的多个对不存在页面的请求。除了关闭 Apache 服务器外,我还能做些什么来阻止它?
目前我已经关闭了端口 80 以阻止日志填满。这是我的 error.log 的一部分:
[Tue Aug 16 17:12:55 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/view.aspx, referer: http://www.gamesfox.info/
[Tue Aug 16 17:12:55 2011] [error] [client xxx.xxx.xxx.xxx] script '/var/www/login.php' not found or unable to stat, referer: http://www.wi8357.com/login.php
[Tue Aug 16 17:12:55 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/addyn, referer: http://www.dodomains.net
[Tue Aug 16 17:12:55 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/st, referer: http://www.addictedpeople.com
[Tue Aug 16 17:12:56 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/toindex1.asp, referer: http://98.126.93.27/toindex1.asp
[Tue Aug 16 17:12:56 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/st, referer: http://www.zopm.com
[Tue Aug 16 17:12:56 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/st, referer: http://www.zopm.com
[Tue Aug 16 17:12:56 2011] [error] [client xxx.xxx.xxx.xxx] script '/var/www/xml.php' not found or unable to stat
[Tue Aug 16 17:12:56 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/config
[Tue Aug 16 17:12:57 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/addyn, referer: http://www.hypeshot.com
[Tue Aug 16 17:12:57 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/toindex1.asp, referer: http://98.126.93.27/toindex1.asp
[Tue Aug 16 17:12:57 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/addyn, referer: http://www.gkkv.com
[Tue Aug 16 17:12:57 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/st, referer: http://www.iyens.com
[Tue Aug 16 17:12:57 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/st, referer: http://www.titist.com
[Tue Aug 16 17:12:57 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/st, referer: http://www.yfia.com
[Tue Aug 16 17:12:58 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/addyn, referer: http://www.abundancegames.com
[Tue Aug 16 17:12:58 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/st, referer: http://www.chiefwork.com
[Tue Aug 16 17:12:58 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/pp, referer: http://www.thirdgames.com
[Tue Aug 16 17:12:58 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/toindex1.asp, referer: http://98.126.93.27/toindex1.asp
[Tue Aug 16 17:12:58 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/st, referer: http://www.newbiegamer.com
[Tue Aug 16 17:12:58 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/st, referer: http://luxuryup.com
[Tue Aug 16 17:12:59 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/st, referer: http://www.monopolyfreegame.com
[Tue Aug 16 17:12:59 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/pp, referer: http://luxuryup.com/
[Tue Aug 16 17:13:02 2011] [error] [client xxx.xxx.xxx.xxx] script '/var/www/login.php' not found or unable to stat, referer: http://www.wi8357.com/login.php
[Tue Aug 16 17:13:02 2011] [error] [client xxx.xxx.xxx.xxx] script '/var/www/index.php' not found or unable to stat, referer: http://www.fire35.com
它们都是不同的 IP,所以我的 iptables 中的暴力保护没有帮助。
有什么建议么?
答案1
我在谷歌上搜索,发现了这一点:
http://mediakey.dk/~cc/block-referer-spam/
似乎 apache2 有一个特殊的模块可以防止引荐来源垃圾邮件。
或者
使用 iptables 的更手动的方法:
http://www.iospirit.com/blog/article/12/Linux-HowTo-Defeating-referer-spam/
答案2
如果您希望服务器公开,则没有办法完全阻止它,但您可以使用 mod_evasive 智能地阻止发出过多请求的主机和/或使用 mod 安全性来匹配模式并根据模式阻止主机。
这些可能最终都会消失