似乎有些 Internet Explorer 用户每分钟(持续几分钟)向我的 Web 服务器发送数百个请求,以使用如下用户代理来刷新页面:
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)
这种情况每隔几个小时就会发生在不同的用户和 IP 上。我注意到,所有发送此类请求的用户都在其用户代理中。这绝对不是攻击,因为来自不同地方的不同登录用户都在这样做。而且这不是一个公共网络应用程序。我对每个 IP 进行了速率限制,目前这不会造成问题,但我想防止这种情况发生,因为如果许多用户同时这样做,可能会造成问题。Media Center PC
MSIE
更新
每次请求都来自一个用户的有效 IP。每次我都知道用户是谁。每秒大约有 5-10 个请求。持续几分钟。所有请求都是GET
,重复获取相同的 URL。
下面是我记录的一个用户在应用每个 IP 速率限制后 2 分钟内发生的情况:
xxx.xxx.21.130 - - [06/Jun/2015:13:35:31] "GET /login HTTP/1.1" 200 5966 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:36:37] "POST /login HTTP/1.1" 302 109 "http://the.server.ip.address/login" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:36:37] "GET / HTTP/1.1" 200 10594 "http://the.server.ip.address/login" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:36:39] "GET /url0/info.json HTTP/1.1" 200 7366 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:36:39] "GET /url1/info.json HTTP/1.1" 200 54 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:36:40] "GET /homepage.json HTTP/1.1" 200 26819 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:36:41] "GET /homepage.json HTTP/1.1" 200 26819 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:36:41] "GET /url0.json HTTP/1.1" 200 91 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:36:53] "GET /url3.json HTTP/1.1" 200 10254 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:36:53] "GET /url4.json HTTP/1.1" 200 41 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:36:53] "GET /url1.json HTTP/1.1" 200 1025 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:36:53] "GET / HTTP/1.1" 304 0 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:36:54] "GET /url2.json HTTP/1.1" 200 66 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:36:54] "GET /url1.json HTTP/1.1" 200 1025 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:36:54] "GET /url4.json HTTP/1.1" 200 41 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:36:54] "GET /url3.json HTTP/1.1" 200 10254 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:36:55] "GET /url2.json HTTP/1.1" 200 66 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:36:55] "GET /url1.json HTTP/1.1" 200 1025 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:36:59] "GET /url4.json HTTP/1.1" 200 41 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:36:59] "GET /url2.json HTTP/1.1" 200 66 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:36:59] "GET /url3.json HTTP/1.1" 200 10254 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:36:59] "GET /url1.json HTTP/1.1" 200 1025 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:00] "GET /url4.json HTTP/1.1" 200 41 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:07] "GET /url3.json HTTP/1.1" 200 10254 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:07] "GET /url2.json HTTP/1.1" 200 66 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:08] "GET /url1.json HTTP/1.1" 200 1025 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:08] "GET /url4.json HTTP/1.1" 200 41 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:08] "GET /url3.json HTTP/1.1" 200 10254 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:16] "GET /url2.json HTTP/1.1" 200 66 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:16] "GET /url4.json HTTP/1.1" 200 41 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:17] "GET /url1.json HTTP/1.1" 200 1025 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:17] "GET /url3.json HTTP/1.1" 200 10255 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:24] "GET /url2.json HTTP/1.1" 200 66 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:24] "GET /url1.json HTTP/1.1" 200 1025 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:24] "GET /url4.json HTTP/1.1" 200 41 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:25] "GET /url3.json HTTP/1.1" 200 10255 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:25] "GET /url2.json HTTP/1.1" 200 66 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:33] "GET /url1.json HTTP/1.1" 200 1025 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:33] "GET /url4.json HTTP/1.1" 200 41 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:34] "GET /url3.json HTTP/1.1" 200 10254 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:34] "GET /url2.json HTTP/1.1" 200 66 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:34] "GET /url1.json HTTP/1.1" 200 1025 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:44] "GET /url4.json HTTP/1.1" 200 41 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:45] "GET /url3.json HTTP/1.1" 200 10254 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:45] "GET /url2.json HTTP/1.1" 200 66 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:45] "GET /url1.json HTTP/1.1" 200 1025 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:45] "GET /url4.json HTTP/1.1" 200 41 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:55] "GET /url1.json HTTP/1.1" 304 0 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:55] "GET /url4.json HTTP/1.1" 304 0 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:55] "GET /url3.json HTTP/1.1" 200 10255 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:56] "GET /url1.json HTTP/1.1" 304 0 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:56] "GET /url2.json HTTP/1.1" 200 66 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:56] "GET /url3.json HTTP/1.1" 200 10254 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:56] "GET /url2.json HTTP/1.1" 200 66 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:57] "GET /url1.json HTTP/1.1" 304 0 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:57] "GET /url4.json HTTP/1.1" 304 0 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:37:57] "GET /url3.json HTTP/1.1" 200 10255 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:38:06] "GET /url2.json HTTP/1.1" 200 66 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:38:06] "GET /url1.json HTTP/1.1" 304 0 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:38:06] "GET /url4.json HTTP/1.1" 304 0 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:38:06] "GET /url3.json HTTP/1.1" 200 10255 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:38:06] "GET /url2.json HTTP/1.1" 200 66 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:38:16] "GET /url1.json HTTP/1.1" 304 0 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:38:16] "GET /url4.json HTTP/1.1" 304 0 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:38:16] "GET /url3.json HTTP/1.1" 200 10254 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:38:17] "GET /url2.json HTTP/1.1" 200 66 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:38:17] "GET /url1.json HTTP/1.1" 304 0 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:38:17] "GET /url1.json HTTP/1.1" 304 0 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:38:17] "GET /url4.json HTTP/1.1" 304 0 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:38:18] "GET /url3.json HTTP/1.1" 200 10255 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:38:18] "GET /url2.json HTTP/1.1" 200 66 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:38:18] "GET /url1.json HTTP/1.1" 304 0 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:38:18] "GET /url4.json HTTP/1.1" 304 0 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:38:19] "GET /url3.json HTTP/1.1" 200 10255 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:38:25] "GET /url2.json HTTP/1.1" 200 66 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:38:25] "GET /url1.json HTTP/1.1" 304 0 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:38:26] "GET /url4.json HTTP/1.1" 304 0 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:38:26] "GET /url3.json HTTP/1.1" 200 10255 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:38:26] "GET /url2.json HTTP/1.1" 200 66 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:38:41] "GET /url1.json HTTP/1.1" 304 0 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:38:41] "GET /url4.json HTTP/1.1" 304 0 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:38:41] "GET /url3.json HTTP/1.1" 200 10254 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:38:42] "GET /url2.json HTTP/1.1" 200 66 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
xxx.xxx.21.130 - - [06/Jun/2015:13:38:42] "GET /url1.json HTTP/1.1" 304 0 "http://the.server.ip.address/#/homepage" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)" "-"
是什么原因造成的?
更新
为什么这会遭到反对?
答案1
Windows 7 媒体中心 (Media Center 6 用户代理字符串) 有一个远程代码执行漏洞已于 2014 年 8 月修复。您的网站会受到同一类型 PC 的连续/半连续访问,这意味着 BotNET 使用相当狭窄的标准来搜索网络,包括仅清点特定的 Web 服务器标头以及尝试获取与漏洞相关的特定文件(通常是 *.php)。
你并不是唯一一个有这种观察的人(另一个网站运营商在 2015 年 2 月发布了类似的观察结果),并且将他的部分日志分块发布到帖子中。将他的摘录与你的摘录进行比较可能是值得的。lowendtalk.com/discussion/22374/have-you-seen-this-user-agent-string
针对您对此的忽视,Media Center 是一个失败的独立/准服务器,旨在将 Windows 作为点唱机嵌入家庭。它经历了“Windows Home Server”的迭代,只不过是一个隐蔽的 Microsoft IIS 组件,所有者将其描述为与电视/立体声控制惯常的即时反馈相比速度慢如龟,同时为半富裕的早期采用者的家庭网络提供了 IIS 服务器漏洞的绝佳网关,而这些早期采用者不知道他们购买的是没有惯常 IT 补丁管理的企业版 Microsoft Server。
Media Center,它的后代目前被微软束之高阁。
答案2
我知道您的请求是 Windows 特有的,但这并不是 Windows 独有的。我从事 Linux Web 服务器管理工作已有近十年了。“奇怪的用户代理”确实很常见。
发生的示例情况:为什么我客户在印第安纳州农村销售盆栽植物的网站突然涌入大量来自 30 个海外国家的连接,而且他们都在使用“Bing 机器人”代理。
用户代理可以被伪造。从命令行,您可以随意输入任何内容作为您的用户代理。示例代码:
wget -U "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" http://domain.com/wp-admin/
突然间,我成为了官方的 Bing Bot,访问了该网站的 Wordpress 管理页面,这是任何合法搜索引擎都不应该访问的。
您必须查看日志,以更全面地了解这些代理为何会访问您的服务器。您会遇到一些类似的奇怪情况。重要的是所有其他信息。就像@AD7six 所说的那样,他们发出了什么样的请求?他们访问了哪些页面?速度有多快?来自哪个 IP 块?来自世界哪个地区?这是预料之中的吗(网站所有者是否刚刚被列入 slashdot 或类似的东西上)?
在我的示例中,Bing Bot 绝对不应该攻击 Wordpress 管理区,而且绝对不应该每小时 30 次。此外,IP 不断路由到各个国家/地区,因此这可能是一次攻击。
其他时候,可能不那么明显。就你的情况而言,如果没有更多信息,很难说。“Media Center PC”是一个合法的用户代理,但你听起来对这种联系持怀疑态度。你进一步指出:
这绝对不是一个攻击,因为不同的用户正在这样做
您如何知道这些是合法用户而不是机器人?如果您完全确定这些是合法用户,那么您可以忘记整个问题,也许花几分钟研究一下哪些设备/软件使用了该用户代理。
不过,我建议深入研究日志并编写一些解析脚本。看看你是否能识别出这些连接中的趋势,例如:
- 连接频率(例如:每分钟连接数)
- 他们从哪些国家连接
- 请求的类型是什么(GET、POST 等...)
- 他们正在访问哪些页面。(他们是访问了单个页面,还是像合法用户一样抓取了整个网站)
我希望这些信息能有所帮助并且您可以使用其中的一些来进行调查。
编辑:我看到你在我输入这个答案时更新了你的问题。好的,非公开页面,有登录用户。这可能是你的应用程序漏洞让他们进入或用户凭据被盗用。如果你看到多个不同的用户,那么后者的可能性不大。
继续深入研究日志以了解整体情况仍将有助于确定这是否是您这边的漏洞。我还看到了 user292744 关于已知漏洞的回答。这个听起来值得调查。