Ddos
這是真正的Google機器人還是攻擊?我該如何處理?
所以基本上我的網站無法訪問,我去日誌文件夾看看出了什麼問題,並註意到來自各種 IP 的許多奇怪的請求:
155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 162.247.74.206 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 162.247.74.206 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 162.247.74.206 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 162.247.74.206 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 162.247.74.206 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 209.141.45.189 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 162.247.74.206 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 162.247.74.206 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 209.141.45.189 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 185.220.100.252 - - [30/Mar/2020:20:23:56 +0300] "GET / HTTP/1.0" 200 6344 "-" "Google Bot" 209.141.45.189 - - [30/Mar/2020:20:23:56 +0300] "GET / HTTP/1.0" 200 6344 "-" "Google Bot" 162.247.74.206 - - [30/Mar/2020:20:23:56 +0300] "GET / HTTP/1.0" 200 6344 "-" "Google Bot" 155.4.117.13 - - [30/Mar/2020:20:23:56 +0300] "GET / HTTP/1.0" 200 6344 "-" "Google Bot"我想知道這是不是某種攻擊。
做了一些whois查詢,例如這個ip 185.220.100.252來自德國,“tor-exit-1.zbau.f3netze.de”
如何保護伺服器免受此類攻擊?
他們確實喜歡每分鐘數千個請求,我無法訪問我自己的網站。
Error.log 說:
AH00161: server reached MaxRequestWorkers setting, consider raising the MaxRequestWorkers setting(我不是網站管理員,我為自己的需要託管了一個小網站,但不知道如何應對。)
這正是fail2ban 被發明所涵蓋的場景。我建議您在這裡查看:https ://www.fail2ban.org/wiki/index.php/Main_Page
可能“壞機器人”監獄會立即處理這個問題,如果不是,編寫自定義監獄/過濾器集來處理它並不難。
現在,看看他們的 IP 似乎是有限的,我建議通過 iptables 禁止這些 IP:
iptables -I INPUT -s 185.220.100.252 -j DROP這當然是fail2ban 所做的(將IP 添加到iptables),但fail2ban 會自動完成。它會在你不注意的情況下保護你免受這種攻擊。