每秒向 httpd 服务器发送 200 个请求,但未访问服务器

tag-icon tag-icon web-server httpd
每秒向 httpd 服务器发送 200 个请求,但未访问服务器

我似乎正在经历一次不寻常的袭击(或看起来如此)。我找不到任何可能发生在其他人身上的类似事件。

以下是来自/var/logs/httpd/access_log

104.202.82.76 - - [06/Dec/2015:16:19:27 +0000] "GET http://ib.adnxs.com/ttj?id=5705256&cb=${CACHEBUSTER}&pubclick=${CLICK_URL} HTTP/1.0" 302 - "http://www.healthfmbox.com/?p=952" "Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_2_1 like Mac OS X; fi-fi) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C148a Safari/6533.18.5"
104.202.82.67 - - [06/Dec/2015:16:19:27 +0000] "GET https://gum.criteo.com:443/sync?c=30&r=2&j=cr_handle_data_a HTTP/1.0" 500 534 "http://www.healthfmbox.com/?p=4" "Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; fr) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16"
23.89.251.178 - - [06/Dec/2015:16:19:27 +0000] "GET http://ib.adnxs.com/ttj?ttjb=1&bdc=1449418757&bdh=mJxlczTI4elSgTdPCRLn3nz2Ty8.&&view_vs=2&bdref=http%3A%2F%2Fwww.healthyyt.com%2F%3Fp%3D344&bdtop=true&bdifs=0&bstk=http%3A%2F%2Fwww.healthyyt.com%2F%3Fp%3D344&&id=5700353 HTTP/1.0" 200 - "http://www.healthyyt.com/?p=344" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; ja-jp) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16"
104.202.144.210 - - [06/Dec/2015:16:19:27 +0000] "GET http://47.teracreative.com/WhiteLabelBidRequestHandlerServlet?oid=47&width=728&height=90&pubid=139708&tagid=810768&pstn=ENTER_PLACEMENT_ID_HERE&noaop=1&revmod=INSERT_CONTENT_TYPE&encoded=1&cb=INSERT_CACHEBUSTER&keywords=INSERT_COMMA_SEPARATED_KEYWORDS&callback=document.write&urlonly=1 HTTP/1.0" 200 40 "http://www.autosoldbest.com/" "Mozilla/5.0 (Windows; U; Windows NT 6.1; ja-JP) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16"
104.197.151.225 - - [06/Dec/2015:16:19:26 +0000] "CONNECT lq.pbe1.lol.riotgames.com:443 HTTP/1.1" 200 - "-" "-"
85.25.198.36 - - [06/Dec/2015:16:19:27 +0000] "CONNECT lq.euw1.lol.riotgames.com:443 HTTP/1.1" 200 - "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36 OPR/30.0.1835.59"
176.31.175.202 - - [06/Dec/2015:16:19:27 +0000] "CONNECT lq.euw1.lol.riotgames.com:443 HTTP/1.1" 200 - "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36 OPR/30.0.1835.59"
74.91.17.35 - - [06/Dec/2015:16:19:27 +0000] "GET http://55.teracreative.com/WhiteLabelBidRequestHandlerServlet?oid=55&width=728&height=90&pubid=148917&tagid=854467&pstn=ENTER_PLACEMENT_ID_HERE&noaop=1&revmod=INSERT_CONTENT_TYPE&encoded=1&cb=INSERT_CACHEBUSTER&keywords=INSERT_COMMA_SEPARATED_KEYWORDS&callback=document.write&urlonly=1 HTTP/1.0" 200 837 "http://www.superkinggame.com/games/326/crash-bandicoot.html" "Mozilla/5.0 (Windows NT 5.1; U; rv:5.0) Gecko/20100101 Firefox/5.0"
104.202.82.78 - - [06/Dec/2015:16:19:27 +0000] "GET http://ib.adnxs.com/ttj?ttjb=1&bdc=1449418757&bdh=anzD4Bcoh4UlOB1sU78J1oceoXc.&&view_vs=2&bdref=http%3A%2F%2Fwww.healthfmbox.com%2F%3Fp%3D45&bdtop=true&bdifs=0&bstk=http%3A%2F%2Fwww.healthfmbox.com%2F%3Fp%3D45&&id=5705256&cb=${CACHEBUSTER}&pubclick=${CLICK_URL} HTTP/1.0" 200 - "http://www.healthfmbox.com/?p=45" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; ru-ru) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16"
104.202.144.210 - - [06/Dec/2015:16:19:27 +0000] "GET http://47.teracreative.com/WhiteLabelBidRequestHandlerServlet?oid=47&width=300&height=250&pubid=139708&tagid=810748&pstn=ENTER_PLACEMENT_ID_HERE&noaop=1&revmod=INSERT_CONTENT_TYPE&encoded=1&cb=INSERT_CACHEBUSTER&keywords=INSERT_COMMA_SEPARATED_KEYWORDS&callback=document.write&urlonly=1 HTTP/1.0" 200 40 "http://www.autosoldbest.com/the-quality-of-the-trucks-you-drive-determines-the-quality-of-work-achieved.html" "Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_2_1 like Mac OS X; de-de) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C148 Safari/6533.18.5"

< 虚拟主机 >标签来自httpd配置文件

<VirtualHost *:80>
    DocumentRoot /var/www
    ServerName my.domain.name.here
    Options -Indexes
    ProxyRequests On
    ProxyPass ... !
    ProxyPass / http://my.domain.name.here:3000/
</VirtualHost>
SSLProtocol all -SSLv2 -SSLv3

(出于安全考虑,ProxyPasses 和域名已被删除)

知道为什么会发生这种情况吗?日志文件很快就填满了服务器的硬盘!

系统操作系统及版本:

cat /etc/redhat-release
CentOS release 6.7 (Final)

谢谢。

答案1

您已将 Web 服务器设为开启代理服务器通过打开ProxyRequests。有人发现了这一点,您的服务器现在正被互联网上的许多人滥用。立即关闭它。对于您的 Web 应用程序的反向代理来说,它不是必需的,也是无用的。

相关内容