阻止 Apache 攻击

阻止 Apache 攻击

几天以来,我的 Apache Web 服务器一直受到攻击。我收到来自多个 IP 的多个对不存在页面的请求。除了关闭 Apache 服务器外,我还能做些什么来阻止它?

目前我已经关闭了端口 80 以阻止日志填满。这是我的 error.log 的一部分:

[Tue Aug 16 17:12:55 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/view.aspx, referer: http://www.gamesfox.info/
[Tue Aug 16 17:12:55 2011] [error] [client xxx.xxx.xxx.xxx] script '/var/www/login.php' not found or unable to stat, referer: http://www.wi8357.com/login.php
[Tue Aug 16 17:12:55 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/addyn, referer: http://www.dodomains.net
[Tue Aug 16 17:12:55 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/st, referer: http://www.addictedpeople.com
[Tue Aug 16 17:12:56 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/toindex1.asp, referer: http://98.126.93.27/toindex1.asp
[Tue Aug 16 17:12:56 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/st, referer: http://www.zopm.com
[Tue Aug 16 17:12:56 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/st, referer: http://www.zopm.com
[Tue Aug 16 17:12:56 2011] [error] [client xxx.xxx.xxx.xxx] script '/var/www/xml.php' not found or unable to stat
[Tue Aug 16 17:12:56 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/config
[Tue Aug 16 17:12:57 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/addyn, referer: http://www.hypeshot.com
[Tue Aug 16 17:12:57 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/toindex1.asp, referer: http://98.126.93.27/toindex1.asp
[Tue Aug 16 17:12:57 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/addyn, referer: http://www.gkkv.com
[Tue Aug 16 17:12:57 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/st, referer: http://www.iyens.com
[Tue Aug 16 17:12:57 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/st, referer: http://www.titist.com
[Tue Aug 16 17:12:57 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/st, referer: http://www.yfia.com
[Tue Aug 16 17:12:58 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/addyn, referer: http://www.abundancegames.com
[Tue Aug 16 17:12:58 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/st, referer: http://www.chiefwork.com
[Tue Aug 16 17:12:58 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/pp, referer: http://www.thirdgames.com
[Tue Aug 16 17:12:58 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/toindex1.asp, referer: http://98.126.93.27/toindex1.asp
[Tue Aug 16 17:12:58 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/st, referer: http://www.newbiegamer.com
[Tue Aug 16 17:12:58 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/st, referer: http://luxuryup.com
[Tue Aug 16 17:12:59 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/st, referer: http://www.monopolyfreegame.com
[Tue Aug 16 17:12:59 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/pp, referer: http://luxuryup.com/
[Tue Aug 16 17:13:02 2011] [error] [client xxx.xxx.xxx.xxx] script '/var/www/login.php' not found or unable to stat, referer: http://www.wi8357.com/login.php
[Tue Aug 16 17:13:02 2011] [error] [client xxx.xxx.xxx.xxx] script '/var/www/index.php' not found or unable to stat, referer: http://www.fire35.com

它们都是不同的 IP,所以我的 iptables 中的暴力保护没有帮助。

有什么建议么?

答案1

我在谷歌上搜索,发现了这一点:

http://mediakey.dk/~cc/block-referer-spam/

似乎 apache2 有一个特殊的模块可以防止引荐来源垃圾邮件。

或者

使用 iptables 的更手动的方法:

http://www.iospirit.com/blog/article/12/Linux-HowTo-Defeating-referer-spam/

答案2

如果您希望服务器公开,则没有办法完全阻止它,但您可以使用 mod_evasive 智能地阻止发出过多请求的主机和/或使用 mod 安全性来匹配模式并根据模式阻止主机。

这些可能最终都会消失

相关内容