由于几天我的Apache Web服务器受到攻击。 我从多个IP获取多个请求到不存在的页面。 除了closures我的apache服务器之外,还有什么可以阻止它吗?
目前我已closures80端口来阻止日志填满。 这是我的error.log的一部分:
[Tue Aug 16 17:12:55 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/view.aspx, referer: http://www.gamesfox.info/ [Tue Aug 16 17:12:55 2011] [error] [client xxx.xxx.xxx.xxx] script '/var/www/login.php' not found or unable to stat, referer: http://www.wi8357.com/login.php [Tue Aug 16 17:12:55 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/addyn, referer: http://www.dodomains.net [Tue Aug 16 17:12:55 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/st, referer: http://www.addictedpeople.com [Tue Aug 16 17:12:56 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/toindex1.asp, referer: http://98.126.93.27/toindex1.asp [Tue Aug 16 17:12:56 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/st, referer: http://www.zopm.com [Tue Aug 16 17:12:56 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/st, referer: http://www.zopm.com [Tue Aug 16 17:12:56 2011] [error] [client xxx.xxx.xxx.xxx] script '/var/www/xml.php' not found or unable to stat [Tue Aug 16 17:12:56 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/config [Tue Aug 16 17:12:57 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/addyn, referer: http://www.hypeshot.com [Tue Aug 16 17:12:57 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/toindex1.asp, referer: http://98.126.93.27/toindex1.asp [Tue Aug 16 17:12:57 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/addyn, referer: http://www.gkkv.com [Tue Aug 16 17:12:57 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/st, referer: http://www.iyens.com [Tue Aug 16 17:12:57 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/st, referer: http://www.titist.com [Tue Aug 16 17:12:57 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/st, referer: http://www.yfia.com [Tue Aug 16 17:12:58 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/addyn, referer: http://www.abundancegames.com [Tue Aug 16 17:12:58 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/st, referer: http://www.chiefwork.com [Tue Aug 16 17:12:58 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/pp, referer: http://www.thirdgames.com [Tue Aug 16 17:12:58 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/toindex1.asp, referer: http://98.126.93.27/toindex1.asp [Tue Aug 16 17:12:58 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/st, referer: http://www.newbiegamer.com [Tue Aug 16 17:12:58 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/st, referer: http://luxuryup.com [Tue Aug 16 17:12:59 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/st, referer: http://www.monopolyfreegame.com [Tue Aug 16 17:12:59 2011] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/pp, referer: http://luxuryup.com/ [Tue Aug 16 17:13:02 2011] [error] [client xxx.xxx.xxx.xxx] script '/var/www/login.php' not found or unable to stat, referer: http://www.wi8357.com/login.php [Tue Aug 16 17:13:02 2011] [error] [client xxx.xxx.xxx.xxx] script '/var/www/index.php' not found or unable to stat, referer: http://www.fire35.com 他们都是不同的知识产权,所以我在iptables的暴力保护没有帮助。
有什么build议么?
我在Google上search,发现这个:
http://mediakey.dk/~cc/block-referer-spam/
似乎有一个特殊的模块为apache2,以防止引用垃圾邮件。
要么
iptables的一个更手动的方法:
http://www.iospirit.com/blog/article/12/Linux-HowTo-Defeating-referer-spam/
如果你想公开你的服务器,将无法完全停止它,但是你可以做的是使用mod_evasive智能地阻止主机发出太多的请求和/或mod安全性来匹配模式,并根据模式阻塞主机。
可能这些最终会消失