apache2 代理错误 - 我们是否受到攻击/劫持?

tag-icon tag-icon apache-2.4 proxy ddos attacks
apache2 代理错误 - 我们是否受到攻击/劫持?

我们的网络服务器(apache2.4、wordpress + woocommerce、nodeJS 服务器)从两天前开始就负载过大

现在我在错误日志中看到很多我不认识的 URL。其中大部分来自中国。看起来我们正受到攻击/劫持。

我们今天已经设置了 cloudflare,但这没有帮助。

我们的网络服务器有可能被入侵吗?

    [Sun Dec 17 19:16:56.518298 2017] [proxy:warn] [pid 28468] [client 119.23.132.94:54654] AH01144: No protocol handler was valid for the URL kyfw.12306.cn:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Sun Dec 17 19:16:56.754870 2017] [proxy_http:error] [pid 28458] (20014)Internal error (specific information not available): [client 89.35.52.133:63271] AH01102: error reading status line from remote server en.027steel.com:80, referer: http://en.027steel.com/messages_list.html
[Sun Dec 17 19:16:56.755036 2017] [proxy:error] [pid 28458] [client 89.35.52.133:63271] AH00898: Error reading from remote server returned by http://en.027steel.com/messages_list.html, referer: http://en.027steel.com/messages_list.html
[Sun Dec 17 19:16:56.757022 2017] [proxy:warn] [pid 28554] [client 49.79.224.12:63799] AH01144: No protocol handler was valid for the URL gslb.miaopai.com:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Sun Dec 17 19:16:56.928145 2017] [proxy:warn] [pid 28533] [client 120.24.184.163:58018] AH01144: No protocol handler was valid for the URL kyfw.12306.cn:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Sun Dec 17 19:16:56.960927 2017] [proxy:warn] [pid 28554] [client 112.74.200.139:25871] AH01144: No protocol handler was valid for the URL 121.9.223.53:8084. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Sun Dec 17 19:16:56.989820 2017] [proxy:warn] [pid 28529] [client 119.23.132.94:51602] AH01144: No protocol handler was valid for the URL kyfw.12306.cn:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Sun Dec 17 19:16:57.016958 2017] [proxy:warn] [pid 28545] [client 120.77.59.113:57570] AH01144: No protocol handler was valid for the URL kyfw.12306.cn:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Sun Dec 17 19:16:57.055387 2017] [proxy:error] [pid 28562] [client 212.7.220.19:47966] AH00898: DNS lookup failure for: www.timberland-outlet.us.org returned by http://www.timberland-outlet.us.org/, referer: http://www.us.org
[Sun Dec 17 19:16:57.155617 2017] [proxy:warn] [pid 28549] [client 188.190.33.30:57847] AH01144: No protocol handler was valid for the URL static.doubleclick.net:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Sun Dec 17 19:16:57.270051 2017] [proxy:warn] [pid 28485] [client 119.23.151.217:49512] AH01144: No protocol handler was valid for the URL kyfw.12306.cn:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Sun Dec 17 19:16:57.484263 2017] [proxy:warn] [pid 28485] [client 144.255.150.191:50266] AH01144: No protocol handler was valid for the URL lgn.yy.com:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Sun Dec 17 19:16:57.484438 2017] [proxy:warn] [pid 28485] [client 122.114.240.237:61281] AH01144: No protocol handler was valid for the URL livecmt-1.bilibili.com:2243. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Sun Dec 17 19:16:57.671504 2017] [proxy:warn] [pid 28485] [client 123.129.217.12:65502] AH01144: No protocol handler was valid for the URL lgn.yy.com:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Sun Dec 17 19:16:58.246495 2017] [proxy:warn] [pid 28485] [client 47.93.38.251:18652] AH01144: No protocol handler was valid for the URL kyfw.12306.cn:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Sun Dec 17 19:16:58.546077 2017] [proxy:warn] [pid 28455] [client 119.39.174.124:11956] AH01144: No protocol handler was valid for the URL m.flycua.com:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Sun Dec 17 19:16:58.629628 2017] [proxy:warn] [pid 28481] [client 221.194.44.242:38339] AH01144: No protocol handler was valid for the URL lgn.yy.com:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Sun Dec 17 19:16:58.741615 2017] [proxy:warn] [pid 28565] [client 139.211.192.12:57312] AH01144: No protocol handler was valid for the URL guestapi.ihg.com:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Sun Dec 17 19:16:58.783764 2017] [proxy:warn] [pid 28511] [client 168.1.195.212:1802] AH01144: No protocol handler was valid for the URL m.facebook.com:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Sun Dec 17 19:16:58.977043 2017] [proxy:warn] [pid 28540] [client 173.208.246.26:63285] AH01144: No protocol handler was valid for the URL www.google.co.uk:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Sun Dec 17 19:16:59.079705 2017] [proxy:warn] [pid 28532] [client 119.29.169.74:3535] AH01144: No protocol handler was valid for the URL 114.236.143.110:8091. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Sun Dec 17 19:16:59.252594 2017] [proxy:warn] [pid 28443] [client 120.24.184.163:41568] AH01144: No protocol handler was valid for the URL kyfw.12306.cn:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Sun Dec 17 19:16:59.816122 2017] [proxy:warn] [pid 28466] [client 58.221.58.108:32196] AH01144: No protocol handler was valid for the URL lgn.yy.com:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Sun Dec 17 19:17:00.041293 2017] [proxy:warn] [pid 28466] [client 119.23.132.94:40324] AH01144: No protocol handler was valid for the URL kyfw.12306.cn:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Sun Dec 17 19:17:00.163881 2017] [proxy:warn] [pid 28569] [client 119.23.151.217:54842] AH01144: No protocol handler was valid for the URL kyfw.12306.cn:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Sun Dec 17 19:17:00.292064 2017] [proxy:warn] [pid 28489] [client 119.23.132.94:46098] AH01144: No protocol handler was valid for the URL kyfw.12306.cn:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Sun Dec 17 19:17:00.301479 2017] [proxy:warn] [pid 28527] [client 123.129.217.12:9064] AH01144: No protocol handler was valid for the URL lgn.yy.com:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Sun Dec 17 19:17:00.395634 2017] [proxy:warn] [pid 28519] [client 123.129.217.182:17761] AH01144: No protocol handler was valid for the URL lgn.yy.com:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Sun Dec 17 19:17:00.396112 2017] [proxy:warn] [pid 28519] [client 47.52.221.163:56439] AH01144: No protocol handler was valid for the URL booking.airasia.com:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Sun Dec 17 19:17:00.549797 2017] [proxy:warn] [pid 28430] [client 120.24.184.163:35502] AH01144: No protocol handler was valid for the URL kyfw.12306.cn:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Sun Dec 17 19:17:00.675536 2017] [proxy:warn] [pid 28519] [client 117.87.220.93:55935] AH01144: No protocol handler was valid for the URL appblog.sina.com.cn:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Sun Dec 17 19:17:00.743393 2017] [proxy:warn] [pid 28496] [client 120.24.184.163:48210] AH01144: No protocol handler was valid for the URL kyfw.12306.cn:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Sun Dec 17 19:17:00.858752 2017] [proxy:warn] [pid 28533] [client 117.48.215.28:59581] AH01144: No protocol handler was valid for the URL m.10010.com:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Sun Dec 17 19:17:00.915752 2017] [proxy:warn] [pid 28497] [client 120.78.15.46:37622] AH01144: No protocol handler was valid for the URL kyfw.12306.cn:443. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.

我们的虚拟主机配置:

<VirtualHost *:80>
  ServerName app.test.laflor.ch
  DocumentRoot /var/www/html/la-flor-frontend
  Options -Indexes

  ProxyRequests on
  ProxyPass /api/ http://wordpress.local/wp-json/frontend/
  ProxyPassReverse /api/ http://wordpress.local/wp-json/frontend/
  ProxyPass / http://localhost:61010/
  ProxyPassReverse / http://localhost:61010/

</VirtualHost>

<VirtualHost 127.0.0.1:80>
  DocumentRoot /var/www/html/wordpress
  ServerName wordpress.local
  Options -Indexes

</VirtualHost>

<VirtualHost *:80>
  ServerName wordpress.test.laflor.ch
  DocumentRoot /var/www/html/wordpress
  Options -Indexes
 <Directory "/var/www/html/wordpress">
         RewriteEngine On
         RewriteBase /
         RewriteRule ^index\.php$ - [L]
         RewriteCond %{REQUEST_FILENAME} !-f
         RewriteCond %{REQUEST_FILENAME} !-d
         RewriteRule . /index.php [L]
</Directory>

</VirtualHost>

此外,虚拟机有 2GB 的 RAM,而 Apache 在约 15 分钟后就会用完所有 RAM。我认为这与攻击有关。

我们该怎么做才能阻止这种疯狂行为?重新安装服务器?获取新 IP 地址 / 转移到其他托管商?

相关内容