iptables 不阻止 IP 地址

tag-icon tag-icon apache-2.2 iptables ddos
iptables 不阻止 IP 地址

我的服务器正在遭受 DDOS 攻击。我发现有人正在对其中一个 Wordpress 网站进行攻击。我暂时禁用了该虚拟主机。我现在正尝试使用 iptables 阻止他们的 IP 地址。但我仍然在 Apache 中看到来自这些 IP 地址的请求日志。

我使用的命令:

iptables -A INPUT -s 185.62.189.92 -j DROP
iptables -A OUTPUT -d 185.62.189.92 -j DROP

这是我的 iptables:

# iptables -nvL --line-numbers
Chain INPUT (policy ACCEPT 5146 packets, 553K bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 DROP       all  --  *      *       185.62.189.98        0.0.0.0/0           
2        0     0 DROP       all  --  *      *       185.62.189.91        0.0.0.0/0           
3        0     0 DROP       all  --  *      *       185.62.189.92        0.0.0.0/0           
4        0     0 DROP       all  --  *      *       5.196.18.195         0.0.0.0/0           
5        0     0 DROP       all  --  *      *       185.62.188.98        0.0.0.0/0           
6        0     0 DROP       all  --  *      *       185.11.144.82        0.0.0.0/0           
7        0     0 DROP       all  --  *      *       185.11.144.82        0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 6497 packets, 7556K bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 DROP       all  --  *      *       0.0.0.0/0            185.62.189.98       
2        0     0 DROP       all  --  *      *       0.0.0.0/0            185.62.189.91       
3        0     0 DROP       all  --  *      *       0.0.0.0/0            185.62.189.92       
4        0     0 DROP       all  --  *      *       0.0.0.0/0            5.196.18.195        
5        0     0 DROP       all  --  *      *       0.0.0.0/0            185.62.188.98       
6        0     0 DROP       all  --  *      *       0.0.0.0/0            185.11.144.82       
7        0     0 DROP       all  --  *      *       0.0.0.0/0            185.11.144.82

我仍然收到大量来自被阻止地址的请求:

tail -f error.log
[Thu May 14 03:35:40.483899 2015] [authz_core:error] [pid 11474] [client 5.196.18.195:48105] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:40.920629 2015] [authz_core:error] [pid 11526] [client 185.62.189.92:17158] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:41.343127 2015] [authz_core:error] [pid 11526] [client 185.62.189.92:17158] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:41.830613 2015] [authz_core:error] [pid 11511] [client 185.62.189.92:46302] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:42.387676 2015] [authz_core:error] [pid 11501] [client 185.62.189.92:40100] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:43.362905 2015] [authz_core:error] [pid 11508] [client 185.62.189.92:16423] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:44.487948 2015] [authz_core:error] [pid 11501] [client 185.62.189.92:40100] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:46.066769 2015] [authz_core:error] [pid 11508] [client 185.62.189.92:16423] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:47.908027 2015] [authz_core:error] [pid 11527] [client 5.196.18.195:54456] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:47.938903 2015] [authz_core:error] [pid 11501] [client 5.196.18.195:9522] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:48.014147 2015] [authz_core:error] [pid 11487] [client 5.196.18.195:25948] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:48.118337 2015] [authz_core:error] [pid 11445] [client 185.62.189.92:23557] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:49.381834 2015] [authz_core:error] [pid 11510] [client 185.62.189.92:14750] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:51.074766 2015] [authz_core:error] [pid 11445] [client 185.62.189.92:23557] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:51.338875 2015] [authz_core:error] [pid 11487] [client 5.196.18.195:25948] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:51.602580 2015] [authz_core:error] [pid 11445] [client 185.62.189.92:23557] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php

答案1

您可以通过重写来拒绝来自虚拟主机的这些 IP 的请求。

RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^185\.62\.189\.92 [OR]
RewriteCond %{REMOTE_ADDR} ^186\.62\.189\.92 [OR]
RewriteRule ^(.*)$ - [F,L]

答案2

尝试在您的规则中添加接口名称:

-i eth0对于 INPUT 规则

-o eth0对于 OUTPUT 规则。

要查找您自己的接口名称,您可以使用命令:
是否配置

相关内容