您好,请查看访问日志。我收到了一百万条这样的条目,不知道如何阻止它。首先,这是一次攻击吗?如果是,我该如何阻止它并防止它再次发生。
192.184.54.119 — — [14/Mar/2014:14:28:48 +0200] “GET http://ads.pubrnatic.com/Adserver/js/ibshowad.js HTTP/1.O” 200 1204S “http://ads.yoo.com/st?adtype=iframe&adsize=728x9O§ion=S13OO96&pubur1=mostgamespa1y.com” “Mozilla/ atible; MSIE 6.0; Windows NT 5.0; Alexa Toolbar)”
192.184.40.105 — — [14/Mar/2014:14:28:46 +0200] “GET http:f/ads.yoo.coget—user—id?ver2&s542598O&tsl3948OOO99&sig42da229369dO7a3O HTTP/l.O” 200 589 “http://ads.yahoo.coznlst?ad_typeiframe&ad_size72Sx9O§ionS42S98O&pt cenews.com” “Mozilla/4.O (compatible; MSIE 6.0; Windows NT 4.0; Alexa Toolbar)”
192.184.62.133 — — [l4/Mar/2014:14:28:46 +02001 “GET http://ads.yahoo.com/pixel?idl080229&t2 HflP/l.O” 302 835 /5.0 (Windows; U; Windows NT 5.1; en—US; rv:l.7) Gecko/20040626 Firefox/O.9.l”
192.184.62.131 — — [14/Mar/2014:14:28:53 +0200J “GET http://ib.adnxs.com/seg?add35728l&t2 HTTP/1.O” 302 1090 “http://ads.yahoo.comst?ad_teiframe&ad_size728x9O§ion53O46S4&pub_urlpcgamesofun.com” “Mozilla/4.O (compati 5.5; Windows 98; Alexa Toolbar)”
107.160.10.76 — — [14/Mar/2014:14:28:43 +0200] “GET http://content.yieldmanager.edgesuite.net/atonis/Od/65/5a/8b/Od6SSaBbeca597ed6b64l6f7dal67aec.gif HTTP/l.O” 200 17745 “http://www.thedthosaurgames.com” “Mozilla/4.O (compatible; ; Windows NT 5.0; Alexa Toolbar)”
192.184.40.98 — — [14/Mar/2014:14:28:53 +0200J “GET http://ib.adnxs.coWpx?idl5959l&t2 HflP/l.O” 200 1015 cM100000cSO9600aRCRÐ&cidWS_OMG_BM_SA_786_RTBLifestyle_SWF_CRO2_C230_acts_NA” “Mozilla/4.O (compatible; 1151E 5.01; Windows 95; Alexa Toolbar)”
192.184.54.114 — — [l4/Mar/2014:14:28:46 +02001 “GET http://ads.yahoo.coni/get—user—id?ver=2&s=5141567&ts=l394800009&sig=624l2e5886a1adaa HTTP/1.O” 200 589 “http://ads.yahoo.com/st?ad_typeiframe&ad_size728x90§ionSl4lS67&ptpi.com” “Mozilla/4.O (compatible; MSIE 5.0; Windows 98; DigExt; Alexa Toolbar)”
192.184.62.137 — — [l4/Mar/20l4:14:28:49 +0200] “GET http://ds.serving—sys.coxn/BurstingCachedScripts//Ad21540/ebStdBanner.js HTTPI1.O” 200 98176 “http://fral.ib.adnxs.com/if?encfkOIyt7X8D8hsHJoke3oPyGwcaiR7egLvTSXoSo7D_9p!X8SsCx6BXgUuRlrl4qOfh9STrAAAAAEvRIgB6AgAAoQcAAAIAAADÐT8YAOSwFAAAAAQBVEJOQAWNE.ANgCWgDsygAAnYOAAgUCAQIAAIwAgC35tQAAAAA . &cnd%2 1hSNtXwiS48QBEMOfmQYYACC7UBYwADjs1RtAAEihÐ1DLoosBWABgkQZoAIiAAeACAAQCIAQCQAQGYAQGgAQGoAQOwAQCSAVZSV1zjMI)4zllzP8kBzrnEYlfGj—D_ZAQAAAAAAAPA_4AEA&ccd%21FQb4OQiS48QBEMOfmQYYu7gWIAA.223954%2C+367675%2C+O%2C+O%2C+2592000%29%3ßppv%28l55649%2C+%2763l42654897l4567058%27%2C+l394800097%2C+l397392097%2C+3223954%2C+367675%2C+O%2C+O%2C+2592000%29%3B&vpid43&apid22 435&referrerjerusalemonline.com&media_subtypesl&ct “Mozilla/4.O (compatible; MSIE 6.0; Windows 98; Alexa Toolbar)”
192.184.53.236 — — [14/Mar/2014:14:28:48 +0200] “GET http://ib.adnxs.com/seg?add357300&t2 HTTP/l.O” 302 1091 “http://www.vagobond.com” “Mozilla/4.76 (Macintosh; U; PPC)”
192.184.62.135 — — [14/Mar/2014:14:28:43 +0200] “GET http://ibadnxs.com/seg?add357300&t2 HTTP/l..O” 302 1091 “http://www.splashnewsonline.com” “Mozilla/4.08 [en] (WinNT; U)”
192.184.62.137 — — [l4/Mar/2014:14:28:48 +02001 “GET http://cdn.adnxs.com/p/31/bO/bO/69/3lbObO6949e3edbSdS24Sa3bfd4bl6b7.gif HTTP/l.O” 200 22490 “http://ads.ythoo.com/st?adtype=iframe&adsize=728x90§ion=54260l9&puburl=jerine.com” “Mozilla/4.O (compatible; MSIE 6.0; Windows NT 5.0; Alexa Toolbar)”
192.184.53.231 — — [14/Mar/2014:14:28:Sl +0200J “GET http://ads.creafi—online—media.com/pixel?idl774l97&t2 HTTP/1.O” 302 751 “http://www.lifeandhealth.org” “Mozilla/4.O (compatible; MSIE 6.0;Windows NT 5.0; Alexa Toolbar)”
192.184.49.221 — — [14/Mar/20l4:14:28:49 +0200] “GET http://content.yieldmanager.edgesuite.net/atorns/29/6a/17/ee/296al7eebb6aadc7es6fadd4e96csb3s.gif HTTP/1.O” 200 11771 “http://www.yfia.com” “Mozillaf4.O (compatible; MSIE 6.01; 98; Alexa Toolbar)”
192.184.40.99 — — [l4/Mar/20l4:l4:28:47 +0200] “GET http://ads.yahoo.com/get—user—id?ver=2&s=5425844&ts=l394799996&sig=6ccfla86b3oa6dcb HTTP/l.0” 200 589 “http://www.splashnewsonline.com” “Mozilla/5.0 (Windows; U; Windows NT 5.1 rv:1.6) Gecko/20040206 Firefox/0.8”
107.160.10.75 — — [14/Mar/2014:14:28:41 +0200J “GET HTTP/1.0” 200 2066 “http://ads.yahoo.com/st iframe&ad_size728x90§ion5lo27ll&pub_url—thetraingames.com” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; Alexa Toolbar)”
192.184.49.211 — — [14/Mar/2014:14:28:4l +0200] “GET HTTP/1.0” 200 2230 “http://ads.yahoo.corn/st?ad_te&ad_size728x90§ion5l3o867&pub_urlkatheating.com” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en—US; rv:1.6) Gecko/20040113”
192.184.54.116 — — [l4/Mar/2014:14:28:Sl +0200J “GET http://ads.yahoo.coni/stadtype=iframe&adsize=728x90§ion=5150479&puburl=zcxo.com HTTP/1.0 200 6027 “http://www.zcxo.com” “Mozilla/4.0 (compatible; MSIE 5.5; AOL 6.0; Wi
192.184.40.103 — — [14/Mar/2014:14:28:49 +0200J “GET http://cdn.adnxs.com/ANX_async_usersync.js HTTP/l.0” 200 1890 “http://ads.yahoo.coni/st?adtype=iframe&adsize=728x90§ion=5426026&puburl=travelsmith.com” “Mozilla/4.0 (cot MSIE 5.5; Windows NT 4.0; Alexa Toolbar)”
192.184.62.138 — — [14/Mar/2014:14:28:43 +0200] “GET http://cdn.adnxs.coni/p/31/bO/bO/69/3lbObO6949e3edbSdS24Sa3bfd4bl6b7.gif HTTP/1.0” 200 22490 “http://ads.yahoo.cotn/st?adtype=iframe&adsize=728x90§ion=54260l9&puburl=jerine.com” “Mozilla/4.76 [en] (Win98; U)”
192.184.62.139 - - [14/Mar/2014 :14:28:54 +0200 J “GET http: //fral . ib. adnxs . AQIAAIwASy1V1QAAAAA. &udjuf%28%27a%2 7C+%275126610165993718005%27%2C+l394800132%2C+1397392132%2C+3282l78%2C+367675%2C+0%2C+0%2C+2592000%29%3B&vpid=43&apid=22435&referrer=http%3A%2F%2Fads.yahoo.com%2Fst%3Fad type%3Diframe%26adsize%3D728x90%26section%3D5426026%26pubvelsmith.com&mediasubtypes=1&ct=0&dlo=1 HTTP/1.0” 200 2855 “http://ads.yahoo.com/st?adtype=iframe&adsize=728x90§ion=5426026&puburl=travelsmith.com” “Mozilla/4.61 [en] (WinNT; I)”
107.160.10.75 — — [14/Mar/20l4:14:28:46 +0200J “GET HTTP/1.0” 200 2066 “http://ads.yahoo.com/st iframe&ad size728x90§ionSlO27ll&puburlthetraingames.com” “Mozilla/4.0 (compatible; MSIE 5.0; Windows NT;igExt)” — —
答案1
看起来有人在盲目搜索启用了代理的 Web 服务器。这里的请求大部分都是这样的形式GET http://<something>
。正常请求应该是这样的GET /mysite/index.php
(或者您 Web 根目录中的文件和目录)。
如果您收到越来越多此类请求,则可能会出现问题,因为它可能会使您的 Web 服务器超载(DOS - 拒绝服务攻击)。
如果你经常看到这些请求的来源 IP 相同,你可以添加一些iptables在 Apache 处理它们之前,使用规则来禁止它们。