我有一台基于 Debian 9 的 apache 服务器,最近,我的所有网站每天都会离线多次,当我检查 apache 日志时:
[ 2020-04-29 15:57:57.0921 30985/7fa03ffff700 age/Ust/UstRouterMain.cpp:422 ]: Signal received. Gracefully shutting down... (send signal 2 more time(s) to force shutdown)
[ 2020-04-29 15:57:57.0921 30977/7f771ffff700 age/Cor/CoreMain.cpp:532 ]: Signal received. Gracefully shutting down... (send signal 2 more time(s) to force shutdown)
[ 2020-04-29 15:57:57.0921 30985/7fa04a8f8600 age/Ust/UstRouterMain.cpp:492 ]: Received command to shutdown gracefully. Waiting until all clients have disconnected...
[ 2020-04-29 15:57:57.0921 30977/7f7732eca600 age/Cor/CoreMain.cpp:901 ]: Received command to shutdown gracefully. Waiting until all clients have disconnected...
[ 2020-04-29 15:57:57.0921 30985/7fa03ffff700 Ser/Server.h:464 ]: [UstRouter] Shutdown finished
[ 2020-04-29 15:57:57.0922 30985/7fa03f7fe700 Ser/Server.h:817 ]: [UstRouterApiServer] Freed 0 spare client objects
[ 2020-04-29 15:57:57.0922 30985/7fa03f7fe700 Ser/Server.h:464 ]: [UstRouterApiServer] Shutdown finished
[ 2020-04-29 15:57:57.0923 30977/7f76e77fe700 Ser/Server.h:817 ]: [ApiServer] Freed 0 spare client objects
[ 2020-04-29 15:57:57.0923 30977/7f76e77fe700 Ser/Server.h:464 ]: [ApiServer] Shutdown finished
[ 2020-04-29 15:57:57.0924 30977/7f76e7fff700 Ser/Server.h:817 ]: [ServerThr.8] Freed 128 spare client objects
[ 2020-04-29 15:57:57.0925 30977/7f76e7fff700 Ser/Server.h:464 ]: [ServerThr.8] Shutdown finished
[ 2020-04-29 15:57:57.0925 30977/7f771f7fe700 Ser/Server.h:817 ]: [ServerThr.2] Freed 128 spare client objects
[ 2020-04-29 15:57:57.0925 30977/7f771f7fe700 Ser/Server.h:464 ]: [ServerThr.2] Shutdown finished
[ 2020-04-29 15:57:57.0925 30977/7f771cff9700 Ser/Server.h:817 ]: [ServerThr.7] Freed 128 spare client objects
[ 2020-04-29 15:57:57.0925 30977/7f771cff9700 Ser/Server.h:464 ]: [ServerThr.7] Shutdown finished
[ 2020-04-29 15:57:57.0926 30977/7f771ffff700 Ser/Server.h:817 ]: [ServerThr.1] Freed 128 spare client objects
[ 2020-04-29 15:57:57.0926 30977/7f771dffb700 Ser/Server.h:817 ]: [ServerThr.5] Freed 128 spare client objects
[ 2020-04-29 15:57:57.0926 30977/7f771ffff700 Ser/Server.h:464 ]: [ServerThr.1] Shutdown finished
[ 2020-04-29 15:57:57.0926 30977/7f771dffb700 Ser/Server.h:464 ]: [ServerThr.5] Shutdown finished
[ 2020-04-29 15:57:57.0926 30977/7f771d7fa700 Ser/Server.h:817 ]: [ServerThr.6] Freed 128 spare client objects
[ 2020-04-29 15:57:57.0926 30977/7f771d7fa700 Ser/Server.h:464 ]: [ServerThr.6] Shutdown finished
[ 2020-04-29 15:57:57.0926 30977/7f771effd700 Ser/Server.h:817 ]: [ServerThr.3] Freed 128 spare client objects
[ 2020-04-29 15:57:57.0926 30977/7f771e7fc700 Ser/Server.h:817 ]: [ServerThr.4] Freed 128 spare client objects
[ 2020-04-29 15:57:57.0926 30977/7f771effd700 Ser/Server.h:464 ]: [ServerThr.3] Shutdown finished
[ 2020-04-29 15:57:57.0926 30977/7f771e7fc700 Ser/Server.h:464 ]: [ServerThr.4] Shutdown finished
[ 2020-04-29 15:57:57.0926 30985/7fa04a8f8600 age/Ust/UstRouterMain.cpp:523 ]: Passenger UstRouter shutdown finished
[ 2020-04-29 15:57:57.1361 31017/7f987925e600 age/Wat/WatchdogMain.cpp:1291 ]: Starting Passenger watchdog...
[ 2020-04-29 15:57:57.1447 31020/7fd468370600 age/Cor/CoreMain.cpp:982 ]: Starting Passenger core...
[ 2020-04-29 15:57:57.1448 31020/7fd468370600 age/Cor/CoreMain.cpp:235 ]: Passenger core running in multi-application mode.
[ 2020-04-29 15:57:57.1774 31020/7fd468370600 age/Cor/CoreMain.cpp:732 ]: Passenger core online, PID 31020
[ 2020-04-29 15:57:57.1876 31031/7f6265780600 age/Ust/UstRouterMain.cpp:529 ]: Starting Passenger UstRouter...
[ 2020-04-29 15:57:57.1882 31031/7f6265780600 age/Ust/UstRouterMain.cpp:342 ]: Passenger UstRouter online, PID 31031
[ 2020-04-29 15:57:57.1948 30977/7f7732eca600 age/Cor/CoreMain.cpp:967 ]: Passenger core shutdown finished
[Wed Apr 29 15:57:57.210403 2020] [:error] [pid 31013] python_init: Python version mismatch, expected '2.7.5+', found '2.7.13'.
[Wed Apr 29 15:57:57.210465 2020] [:error] [pid 31013] python_init: Python executable found '/usr/bin/python'.
[Wed Apr 29 15:57:57.210469 2020] [:error] [pid 31013] python_init: Python path being used '/usr/lib/python2.7:/usr/lib/python2.7/plat-x86_64-linux-gnu:/usr/lib/python2.7/lib-tk:/usr/lib/python2.7/lib-old:/usr/lib/python2.7/lib-dynload'.
[Wed Apr 29 15:57:57.210483 2020] [:notice] [pid 31013] mod_python: Creating 8 session mutexes based on 256 max processes and 0 max threads.
[Wed Apr 29 15:57:57.210487 2020] [:notice] [pid 31013] mod_python: using mutex_directory /tmp
在守护进程日志中我看到很多这样的内容:
Apr 29 16:02:14 Server1 named[13933]: FORMERR resolving 'www.yarors.top/AAAA/IN': 185.136.98.77#53
Apr 29 16:02:14 Server1 named[13933]: DNS format error from 185.136.97.77#53 resolving www.yarors.top/AAAA for client 127.0.0.1#40399: Name . (SOA) not subdomain of zone yarors.top -- invalid response
Apr 29 16:02:14 Server1 named[13933]: FORMERR resolving 'www.yarors.top/AAAA/IN': 185.136.97.77#53
Apr 29 16:02:14 Server1 named[13933]: DNS format error from 2a06:fb00:1::2:77#53 resolving www.yarors.top/AAAA for client 127.0.0.1#40399: Name . (SOA) not subdomain of zone yarors.top -- invalid response
Apr 29 16:02:14 Server1 named[13933]: FORMERR resolving 'www.yarors.top/AAAA/IN': 2a06:fb00:1::2:77#53
Apr 29 16:02:14 Server1 named[13933]: DNS format error from 2a06:fb00:1::3:77#53 resolving www.yarors.top/AAAA for client 127.0.0.1#40399: Name . (SOA) not subdomain of zone yarors.top -- invalid response
Apr 29 16:02:14 Server1 named[13933]: FORMERR resolving 'www.yarors.top/AAAA/IN': 2a06:fb00:1::3:77#53
Apr 29 16:02:14 Server1 named[13933]: DNS format error from 185.136.99.77#53 resolving www.yarors.top/AAAA for client 127.0.0.1#40399: Name . (SOA) not subdomain of zone yarors.top -- invalid response
Apr 29 16:02:14 Server1 named[13933]: FORMERR resolving 'www.yarors.top/AAAA/IN': 185.136.99.77#53
Apr 29 16:02:14 Server1 named[13933]: DNS format error from 2a06:fb00:1::1:77#53 resolving www.yarors.top/AAAA for client 127.0.0.1#40399: Name . (SOA) not subdomain of zone yarors.top -- invalid response
Apr 29 16:02:14 Server1 named[13933]: FORMERR resolving 'www.yarors.top/AAAA/IN': 2a06:fb00:1::1:77#53
Apr 29 16:02:14 Server1 named[13933]: DNS format error from 185.136.96.77#53 resolving www.yarors.top/AAAA for client 127.0.0.1#40399: Name . (SOA) not subdomain of zone yarors.top -- invalid response
Apr 29 16:02:14 Server1 named[13933]: FORMERR resolving 'www.yarors.top/AAAA/IN': 185.136.96.77#53
Apr 29 16:02:14 Server1 named[13933]: DNS format error from 2a06:fb00:1::4:77#53 resolving www.yarors.top/AAAA for client 127.0.0.1#40399: Name . (SOA) not subdomain of zone yarors.top -- invalid response
Apr 29 16:02:14 Server1 named[13933]: FORMERR resolving 'www.yarors.top/AAAA/IN': 2a06:fb00:1::4:77#53
Apr 29 16:07:30 Server1 named[13933]: validating com/SOA: no valid signature found
Apr 29 16:07:30 Server1 named[13933]: validating com/SOA: no valid signature found
Apr 29 16:07:30 Server1 named[13933]: validating CK0POJMG874LJREF7EFN8430QVIT8BSM.com/NSEC3: no valid signature found
Apr 29 16:07:30 Server1 named[13933]: validating CK0POJMG874LJREF7EFN8430QVIT8BSM.com/NSEC3: no valid signature found
Apr 29 16:07:30 Server1 named[13933]: validating L7DGFU97E1TI7QBM10HCOK1ELAV6M2HT.com/NSEC3: no valid signature found
Apr 29 16:07:30 Server1 named[13933]: validating L7DGFU97E1TI7QBM10HCOK1ELAV6M2HT.com/NSEC3: no valid signature found
Apr 29 16:07:30 Server1 named[13933]: validating 3RL2Q58205687C8I9KC9MV46DGHCNS45.com/NSEC3: no valid signature found
Apr 29 16:07:30 Server1 named[13933]: validating 3RL2Q58205687C8I9KC9MV46DGHCNS45.com/NSEC3: no valid signature found
Apr 29 16:09:00 Server1 systemd[1]: Starting Clean php session files...
Apr 29 16:09:00 Server1 systemd[1]: Started Clean php session files.
请问我该如何识别攻击源?我的服务器上有多个站点,所有站点每天都会随机离线多次
谢谢