在我运行的许多网站中,我在 Google Analytics 中看到数以千计的访问来自一个名为 revista22.ro 的网站,但我不知道该网站,而且该网站没有提及我的任何网站。
另外,我的服务器的 access.log 中有许多记录,如下所示:
127.0.0.1 - - [13/Feb/2015:18:28:06 +0100] "GET /?lang=en HTTP/1.1" 200 17504 "http://www.revista22.ro/" "Mozilla/5.0 (Windows NT 6.1; rv:35.0) Gecko/20100101 Firefox/35.0"
127.0.0.1 - - [13/Feb/2015:18:28:08 +0100] "GET / HTTP/1.1" 301 663 "http://www.revista22.ro/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/40.0.2214.111 Chrome/40.0.2214.111 Safari/537.36"
127.0.0.1 - - [13/Feb/2015:18:28:11 +0100] "GET /?lang=en HTTP/1.1" 200 17449 "http://www.revista22.ro/" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36"
127.0.0.1 - - [13/Feb/2015:18:28:13 +0100] "GET /?lang=en HTTP/1.1" 200 17505 "http://www.revista22.ro/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/40.0.2214.111 Chrome/40.0.2214.111 Safari/537.36"
127.0.0.1 - - [13/Feb/2015:18:28:14 +0100] "GET / HTTP/1.1" 301 663 "http://www.revista22.ro/" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36"
127.0.0.1 - - [13/Feb/2015:18:28:16 +0100] "GET / HTTP/1.1" 301 663 "http://www.revista22.ro/" "Mozilla/5.0 (iPad; CPU OS 8_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) GSA/4.2.2.38484 Mobile/12B410 Safari/9537.53"
127.0.0.1 - - [13/Feb/2015:18:28:16 +0100] "GET / HTTP/1.1" 301 663 "http://www.revista22.ro/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)"
127.0.0.1 - - [13/Feb/2015:18:28:16 +0100] "GET /?lang=en HTTP/1.1" 200 17507 "http://www.revista22.ro/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)"
127.0.0.1 - - [13/Feb/2015:18:28:16 +0100] "GET /?lang=en HTTP/1.1" 200 17505 "http://www.revista22.ro/" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36"
127.0.0.1 - - [13/Feb/2015:18:28:18 +0100] "GET /?lang=en HTTP/1.1" 200 17507 "http://www.revista22.ro/" "Mozilla/5.0 (iPad; CPU OS 8_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) GSA/4.2.2.38484 Mobile/12B410 Safari/9537.53"
127.0.0.1 - - [13/Feb/2015:18:28:22 +0100] "GET / HTTP/1.1" 301 663 "http://www.revista22.ro/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36"
127.0.0.1 - - [13/Feb/2015:18:28:23 +0100] "GET /?lang=en HTTP/1.1" 200 17508 "http://www.revista22.ro/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36"
127.0.0.1 - - [13/Feb/2015:18:28:31 +0100] "GET / HTTP/1.1" 301 663 "http://www.revista22.ro/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36"
127.0.0.1 - - [13/Feb/2015:18:28:33 +0100] "GET /?lang=en HTTP/1.1" 200 17508 "http://www.revista22.ro/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36"
127.0.0.1 - - [13/Feb/2015:18:28:43 +0100] "GET / HTTP/1.1" 301 605 "http://www.revista22.ro/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0"
127.0.0.1 - - [13/Feb/2015:18:28:43 +0100] "GET / HTTP/1.1" 301 605 "http://www.revista22.ro/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36"
127.0.0.1 - - [13/Feb/2015:18:28:44 +0100] "GET /?lang=en HTTP/1.1" 200 17447 "http://www.revista22.ro/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0"
127.0.0.1 - - [13/Feb/2015:18:28:44 +0100] "GET /?lang=en HTTP/1.1" 200 17448 "http://www.revista22.ro/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36"
127.0.0.1 - - [13/Feb/2015:18:28:48 +0100] "GET /?lang=en HTTP/1.1" 200 17449 "http://www.revista22.ro/" "Mozilla/5.0 (Windows NT 5.1; rv:35.0) Gecko/20100101 Firefox/35.0"
对于我来说很奇怪,提到的主机是本地主机......
有其他人在使用 revista22.ro 时遇到过这样的问题吗?根据 access.log 中的数据,您是否认为存在某种危险?
答案1
根据您发布的访问日志判断,他们没有做任何异常。没有奇怪的查询或可疑的 POST 请求。
如果来自该主机的请求量非常高,您应该考虑使用防火墙或限制速率。
您可以尝试使用以下 iptables 规则对它们进行速率限制:
iptables -I INPUT -p tcp --dport 80 -s 37.156.33.207 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 80 -s 37.156.33.207 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP