服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Httpd问题,怀疑有攻击但不能确定
Intereting Posts
无法在Windows主机上的docker中连接到MongoDB 更改时区而不使用tzutil – Windows Web Server 2008 无法将RDP发送到外部networking上的VM主机 apache反向代理,mod_ext_filter FreeBSD在多个接口上的DHCP服务器 使用nginx进行负载平衡时,请求速度较慢 Tinydns作为辅助名称服务器::工作,但被黑客::什么是“正确”的方式 使用Mac(10.8)作为远程日志服务器 如何在Ubuntu服务器上使用UFW阻止对WordPress的攻击? 通过邮件界面发送Postfix时反弹工作,但不适用于在CiviCRM上发送邮件 将ftp挂载为文件系统 centos 5.8 apache 2.2.3服务器PHP 5只能部分工作 nginx重写规则来replace.php结尾符合/ 如何在不使用作业的情况下并行运行我的PowerShell脚本? 删除限制访问备份服务器上的文件

Httpd问题,怀疑有攻击但不能确定

在我的一个服务器上,当我inputnetstat -n时,我得到了一个巨大的输出,就像400个httpd一样。 服务器上的带宽不高,所以我很困惑是什么原因造成的。 我怀疑有攻击,但不确定。

间歇地,Web服务器将停止响应。 发生这种情况时,所有其他服务(如ping,ftp)正常工作。 系统负载也正常。

唯一不正常的我认为是“netstat -n”输出。

你们可以看一下,看看我能做些什么吗? 我已经安装了APF,但不知道我应该采取什么规则来缓解这个问题。

顺便说一句,我用Apache 2运行CentOS 5 Linux。 

root@linux [/backup/stuff/apf-9.7-1]# netstat -n|grep :80 tcp 0 0 120.136.23.56:80 220.181.94.220:48397 TIME_WAIT tcp 0 0 120.136.23.56:80 218.86.49.153:1734 TIME_WAIT tcp 0 0 120.136.23.56:80 67.195.37.99:48316 TIME_WAIT tcp 0 0 120.136.23.56:80 208.80.193.33:54407 TIME_WAIT tcp 0 0 120.136.23.56:80 65.49.2.180:46768 TIME_WAIT tcp 0 0 120.136.23.56:80 120.0.70.180:9414 FIN_WAIT2 tcp 0 0 120.136.23.56:80 221.130.177.101:43386 TIME_WAIT tcp 0 0 120.136.23.92:80 220.181.7.112:51601 TIME_WAIT tcp 0 0 120.136.23.94:80 220.181.94.215:53097 TIME_WAIT tcp 0 0 120.136.23.56:80 202.160.188.236:53203 TIME_WAIT tcp 0 0 120.136.23.56:80 119.119.247.249:62297 TIME_WAIT tcp 0 0 120.136.23.56:80 119.119.247.249:64345 TIME_WAIT tcp 0 0 120.136.23.56:80 67.195.115.105:36600 TIME_WAIT tcp 0 0 120.136.23.56:80 118.77.25.129:1743 TIME_WAIT tcp 0 0 120.136.23.56:80 220.181.94.220:35107 TIME_WAIT tcp 0 0 120.136.23.56:80 119.119.247.249:61801 TIME_WAIT tcp 0 0 120.136.23.56:80 66.249.69.155:57641 TIME_WAIT tcp 0 1009 120.136.23.56:80 114.249.218.24:17204 CLOSING tcp 0 0 120.136.23.93:80 119.235.237.85:45355 TIME_WAIT tcp 0 0 120.136.23.56:80 217.212.224.182:45195 TIME_WAIT tcp 0 0 120.136.23.56:80 220.189.10.170:1556 TIME_WAIT tcp 0 0 120.136.23.56:80 202.160.180.102:35701 TIME_WAIT tcp 0 0 120.136.23.56:80 118.77.25.129:1745 TIME_WAIT tcp 0 0 120.136.23.56:80 118.77.25.129:1749 TIME_WAIT tcp 0 0 120.136.23.56:80 118.77.25.129:1748 TIME_WAIT tcp 0 0 120.136.23.56:80 221.195.76.250:26635 TIME_WAIT tcp 0 0 120.136.23.56:80 67.195.111.239:58417 TIME_WAIT tcp 0 0 120.136.23.56:80 67.218.116.164:53370 TIME_WAIT tcp 0 0 120.136.23.56:80 220.181.94.236:56168 TIME_WAIT tcp 0 0 120.136.23.93:80 120.136.23.93:36947 TIME_WAIT tcp 0 1009 120.136.23.56:80 114.249.218.24:16991 CLOSING tcp 0 305 120.136.23.56:80 59.58.149.147:1881 ESTABLISHED tcp 0 0 120.136.23.56:80 61.186.48.148:1405 ESTABLISHED tcp 0 0 120.136.23.56:80 123.125.66.46:26703 TIME_WAIT tcp 0 0 120.136.23.56:80 222.84.58.254:4814 TIME_WAIT tcp 0 0 120.136.23.56:80 218.86.49.153:1698 TIME_WAIT tcp 0 0 120.136.23.56:80 222.84.58.254:4813 TIME_WAIT tcp 0 0 120.136.23.56:80 222.84.58.254:4810 TIME_WAIT tcp 0 0 120.136.23.56:80 220.181.94.236:60508 TIME_WAIT tcp 0 0 120.136.23.56:80 222.84.58.254:4811 TIME_WAIT tcp 0 0 120.136.23.56:80 220.181.125.71:43991 TIME_WAIT tcp 0 0 120.136.23.56:80 220.181.125.71:52182 TIME_WAIT tcp 0 0 120.136.23.56:80 222.84.58.254:4806 TIME_WAIT tcp 0 0 120.136.23.56:80 220.181.125.71:56024 TIME_WAIT tcp 0 0 120.136.23.56:80 222.84.58.254:4805 TIME_WAIT tcp 0 0 120.136.23.56:80 222.89.251.167:2133 TIME_WAIT tcp 0 0 120.136.23.56:80 67.195.37.99:48340 TIME_WAIT tcp 0 0 120.136.23.56:80 119.119.247.249:63543 TIME_WAIT tcp 0 0 120.136.23.56:80 220.181.94.220:39544 TIME_WAIT tcp 0 0 120.136.23.56:80 220.181.125.71:48066 TIME_WAIT tcp 0 0 120.136.23.56:80 222.84.58.254:4822 TIME_WAIT tcp 0 0 120.136.23.56:80 67.195.113.253:55817 TIME_WAIT tcp 0 0 120.136.23.56:80 219.141.124.130:11316 FIN_WAIT2 tcp 0 0 120.136.23.56:80 222.84.58.254:4820 TIME_WAIT tcp 0 0 120.136.23.56:80 222.84.58.254:4816 TIME_WAIT tcp 0 0 120.136.23.56:80 202.160.180.140:40743 TIME_WAIT tcp 0 0 120.136.23.56:80 220.181.125.71:60979 TIME_WAIT tcp 0 2332 120.136.23.56:80 221.180.12.66:29255 LAST_ACK tcp 0 0 120.136.23.56:80 117.36.231.149:4078 TIME_WAIT tcp 0 2332 120.136.23.56:80 221.180.12.66:29251 LAST_ACK tcp 0 0 120.136.23.56:80 117.36.231.149:4079 TIME_WAIT tcp 0 2332 120.136.23.56:80 221.180.12.66:29260 LAST_ACK tcp 0 0 120.136.23.56:80 220.181.94.236:51379 TIME_WAIT tcp 0 0 120.136.23.56:80 114.237.16.26:1363 TIME_WAIT tcp 0 2332 120.136.23.56:80 221.180.12.66:29263 LAST_ACK tcp 0 0 120.136.23.56:80 220.181.94.220:63106 TIME_WAIT tcp 0 0 120.136.23.56:80 221.130.177.101:45795 TIME_WAIT tcp 0 0 120.136.23.56:80 111.224.115.203:46315 ESTABLISHED tcp 0 0 120.136.23.56:80 66.249.69.5:35081 ESTABLISHED tcp 0 0 120.136.23.56:80 203.209.252.26:51590 TIME_WAIT tcp 0 2332 120.136.23.56:80 221.180.12.66:29268 LAST_ACK tcp 0 0 120.136.23.80:80 216.7.175.100:54555 TIME_WAIT tcp 0 0 120.136.23.92:80 220.181.7.38:47180 TIME_WAIT tcp 0 0 120.136.23.56:80 119.119.247.249:64467 TIME_WAIT tcp 0 2332 120.136.23.56:80 221.180.12.66:29265 LAST_ACK tcp 0 0 120.136.23.92:80 220.181.7.110:46593 TIME_WAIT tcp 0 2332 120.136.23.56:80 221.180.12.66:29276 LAST_ACK tcp 0 0 120.136.23.56:80 117.36.231.149:4080 TIME_WAIT tcp 0 0 120.136.23.56:80 117.36.231.149:4081 TIME_WAIT tcp 0 0 120.136.23.56:80 67.195.37.99:50215 TIME_WAIT tcp 0 101505 120.136.23.56:80 111.166.41.15:1315 ESTABLISHED tcp 0 2332 120.136.23.56:80 221.180.12.66:29274 LAST_ACK tcp 0 0 120.136.23.56:80 222.84.58.254:4878 TIME_WAIT tcp 0 1 120.136.23.93:80 58.33.226.66:4715 FIN_WAIT1 tcp 0 0 120.136.23.56:80 222.84.58.254:4877 TIME_WAIT tcp 0 1009 120.136.23.56:80 114.249.218.24:17062 CLOSING tcp 0 2332 120.136.23.56:80 221.180.12.66:29280 LAST_ACK tcp 0 0 120.136.23.56:80 222.84.58.254:4874 TIME_WAIT tcp 0 0 120.136.23.93:80 124.115.0.28:59777 TIME_WAIT tcp 0 0 120.136.23.56:80 222.84.58.254:4872 TIME_WAIT tcp 0 0 120.136.23.56:80 222.84.58.254:4870 TIME_WAIT tcp 0 0 120.136.23.56:80 67.195.37.99:50449 TIME_WAIT tcp 0 0 120.136.23.56:80 222.84.58.254:4868 TIME_WAIT tcp 0 0 120.136.23.56:80 221.130.177.107:37579 TIME_WAIT tcp 0 0 120.136.23.56:80 67.195.114.238:34255 TIME_WAIT tcp 0 0 120.136.23.56:80 221.130.177.105:35530 TIME_WAIT tcp 0 0 120.136.23.56:80 220.181.94.220:43960 TIME_WAIT tcp 0 0 120.136.23.56:80 67.195.111.229:41667 TIME_WAIT tcp 0 0 120.136.23.56:80 220.181.94.220:52669 TIME_WAIT tcp 0 0 120.136.23.56:80 67.195.111.239:56779 TIME_WAIT tcp 1 16560 120.136.23.56:80 210.13.118.102:43675 CLOSE_WAIT tcp 0 1009 120.136.23.56:80 114.249.218.24:17084 CLOSING tcp 0 0 120.136.23.56:80 221.130.177.105:33501 TIME_WAIT tcp 0 0 120.136.23.93:80 123.116.230.132:9703 TIME_WAIT tcp 0 0 120.136.23.56:80 67.195.37.99:49414 TIME_WAIT tcp 0 0 120.136.23.56:80 220.168.66.48:3360 ESTABLISHED tcp 0 0 120.136.23.56:80 220.168.66.48:3361 FIN_WAIT2 tcp 0 0 120.136.23.56:80 220.168.66.48:3362 ESTABLISHED tcp 0 0 120.136.23.80:80 66.249.68.183:39813 TIME_WAIT tcp 0 0 120.136.23.56:80 67.195.37.99:51569 TIME_WAIT tcp 0 0 120.136.23.56:80 216.129.119.11:58377 TIME_WAIT tcp 0 0 120.136.23.56:80 67.195.111.229:41914 TIME_WAIT tcp 0 0 120.136.23.56:80 60.213.146.54:33921 TIME_WAIT tcp 0 0 120.136.23.56:80 67.195.37.99:50287 TIME_WAIT tcp 0 0 120.136.23.56:80 61.150.84.6:2094 TIME_WAIT tcp 0 0 120.136.23.56:80 67.218.116.166:33262 TIME_WAIT tcp 0 0 120.136.23.56:80 221.130.177.101:38064 TIME_WAIT tcp 0 0 120.136.23.56:80 110.75.167.223:39895 TIME_WAIT tcp 0 0 120.136.23.56:80 67.195.37.99:48991 TIME_WAIT tcp 1 16560 120.136.23.56:80 210.13.118.102:61893 CLOSE_WAIT tcp 0 0 120.136.23.93:80 61.152.250.144:42832 TIME_WAIT tcp 0 0 120.136.23.56:80 202.160.180.174:37484 TIME_WAIT tcp 0 0 120.136.23.56:80 119.119.247.249:63403 TIME_WAIT tcp 0 0 120.136.23.56:80 119.119.247.249:62121 TIME_WAIT tcp 0 0 120.136.23.56:80 66.249.69.155:62189 TIME_WAIT tcp 0 0 120.136.23.56:80 202.160.180.80:60303 TIME_WAIT tcp 0 363 120.136.23.56:80 123.89.153.157:39067 ESTABLISHED tcp 0 0 127.0.0.1:80 127.0.0.1:49406 TIME_WAIT tcp 0 0 120.136.23.92:80 66.249.65.226:61423 TIME_WAIT tcp 0 0 120.136.23.56:80 122.136.173.33:19652 TIME_WAIT tcp 0 2332 120.136.23.56:80 221.180.12.66:29243 LAST_ACK tcp 0 0 120.136.23.56:80 122.136.173.33:19653 FIN_WAIT2 tcp 0 0 120.136.23.56:80 122.86.41.132:5061 TIME_WAIT tcp 0 0 120.136.23.56:80 202.160.179.90:51318 TIME_WAIT tcp 0 0 120.136.23.56:80 122.86.41.132:5060 TIME_WAIT tcp 0 0 120.136.23.56:80 220.181.94.235:54333 TIME_WAIT tcp 0 1 120.136.23.56:80 122.86.41.132:5062 LAST_ACK tcp 0 0 120.136.23.56:80 220.181.94.229:42547 ESTABLISHED tcp 0 0 120.136.23.56:80 123.125.66.135:39557 TIME_WAIT tcp 0 0 120.136.23.56:80 122.86.41.132:5057 TIME_WAIT tcp 0 0 120.136.23.56:80 202.127.20.37:17012 ESTABLISHED tcp 0 0 120.136.23.56:80 202.127.20.37:17013 ESTABLISHED tcp 0 0 120.136.23.93:80 222.190.105.186:4641 FIN_WAIT2 tcp 0 0 120.136.23.56:80 122.86.41.132:5059 TIME_WAIT tcp 0 0 120.136.23.56:80 202.127.20.37:17014 ESTABLISHED tcp 0 0 120.136.23.56:80 60.169.49.238:64078 ESTABLISHED tcp 0 0 120.136.23.56:80 122.86.41.132:5058 TIME_WAIT tcp 0 0 120.136.23.56:80 202.127.20.37:17015 ESTABLISHED tcp 0 0 120.136.23.56:80 60.169.49.238:64079 ESTABLISHED tcp 0 0 120.136.23.56:80 202.127.20.37:17016 ESTABLISHED tcp 0 0 120.136.23.56:80 67.195.113.224:53092 TIME_WAIT tcp 0 1 120.136.23.56:80 122.86.41.132:5065 LAST_ACK tcp 0 0 120.136.23.56:80 122.86.41.132:5064 TIME_WAIT tcp 0 0 120.136.23.56:80 122.86.41.132:5067 TIME_WAIT tcp 0 0 120.136.23.56:80 122.86.41.132:5066 TIME_WAIT tcp 0 0 120.136.23.80:80 125.46.48.20:58200 TIME_WAIT tcp 0 27544 120.136.23.56:80 124.160.125.8:8189 LAST_ACK tcp 0 0 120.136.23.56:80 123.125.66.27:30477 TIME_WAIT tcp 0 0 120.136.23.56:80 221.130.177.102:60019 TIME_WAIT tcp 0 0 120.136.23.56:80 60.169.49.238:64080 FIN_WAIT2 tcp 0 0 120.136.23.56:80 220.181.94.229:37673 TIME_WAIT tcp 0 26136 120.136.23.56:80 60.169.49.238:64081 ESTABLISHED tcp 0 0 120.136.23.56:80 202.127.20.37:17002 ESTABLISHED tcp 0 0 120.136.23.56:80 60.169.49.238:64082 ESTABLISHED tcp 0 0 120.136.23.56:80 60.169.49.238:64083 ESTABLISHED tcp 0 0 120.136.23.56:80 60.169.49.238:64084 FIN_WAIT2 tcp 0 0 120.136.23.56:80 60.169.49.238:64085 FIN_WAIT2 tcp 0 0 120.136.23.56:80 219.131.92.53:4084 TIME_WAIT tcp 0 0 120.136.23.56:80 219.131.92.53:4085 TIME_WAIT tcp 0 0 120.136.23.56:80 219.131.92.53:4086 TIME_WAIT tcp 0 0 120.136.23.56:80 220.181.94.235:42269 TIME_WAIT tcp 0 0 120.136.23.56:80 125.238.149.46:56911 TIME_WAIT tcp 0 0 120.136.23.56:80 125.238.149.46:56910 TIME_WAIT tcp 0 0 120.136.23.56:80 219.131.92.53:4081 TIME_WAIT tcp 0 0 120.136.23.56:80 220.181.94.221:34606 TIME_WAIT tcp 0 0 120.136.23.56:80 219.131.92.53:4082 TIME_WAIT tcp 0 0 120.136.23.80:80 125.46.48.20:25451 TIME_WAIT tcp 0 0 120.136.23.56:80 219.131.92.53:4083 TIME_WAIT tcp 0 0 120.136.23.56:80 221.130.177.100:55875 TIME_WAIT tcp 0 0 120.136.23.56:80 221.130.177.100:51522 TIME_WAIT tcp 0 0 120.136.23.56:80 111.9.9.224:49650 TIME_WAIT tcp 0 0 120.136.23.56:80 219.131.92.53:4088 TIME_WAIT tcp 0 0 120.136.23.56:80 219.131.92.53:4089 TIME_WAIT tcp 0 0 120.136.23.56:80 124.224.63.144:18753 TIME_WAIT tcp 0 0 120.136.23.56:80 124.224.63.144:18752 TIME_WAIT tcp 0 0 120.136.23.56:80 124.224.63.144:18755 TIME_WAIT tcp 0 0 120.136.23.56:80 66.249.69.2:43954 ESTABLISHED tcp 0 0 120.136.23.56:80 124.224.63.144:18754 TIME_WAIT tcp 0 0 120.136.23.56:80 220.181.94.231:48903 TIME_WAIT tcp 0 0 120.136.23.56:80 121.0.29.194:61655 TIME_WAIT tcp 0 0 120.136.23.56:80 125.238.149.46:56915 TIME_WAIT tcp 0 0 120.136.23.56:80 125.238.149.46:56914 TIME_WAIT tcp 0 0 120.136.23.80:80 125.46.48.20:16247 TIME_WAIT tcp 0 0 120.136.23.56:80 125.238.149.46:56913 TIME_WAIT tcp 0 0 120.136.23.56:80 220.181.94.235:59909 TIME_WAIT tcp 0 0 120.136.23.56:80 220.181.94.235:48389 TIME_WAIT tcp 0 0 120.136.23.56:80 125.238.149.46:56912 TIME_WAIT tcp 0 0 120.136.23.93:80 222.190.105.186:4635 TIME_WAIT tcp 0 0 120.136.23.56:80 221.130.177.106:44326 TIME_WAIT tcp 0 0 120.136.23.56:80 222.170.217.26:1812 TIME_WAIT tcp 0 0 120.136.23.56:80 222.170.217.26:1810 TIME_WAIT tcp 0 0 120.136.23.56:80 221.130.177.104:36898 TIME_WAIT tcp 0 0 120.136.23.56:80 220.181.94.235:39033 TIME_WAIT tcp 0 0 120.136.23.56:80 220.181.94.231:58229 TIME_WAIT tcp 0 0 120.136.23.56:80 222.170.217.26:1822 TIME_WAIT tcp 0 0 120.136.23.56:80 222.170.217.26:1820 TIME_WAIT tcp 0 0 120.136.23.56:80 121.206.183.172:2214 FIN_WAIT2 tcp 0 0 120.136.23.56:80 220.181.94.221:54341 TIME_WAIT tcp 0 0 120.136.23.56:80 222.170.217.26:1818 TIME_WAIT tcp 0 0 120.136.23.56:80 124.224.63.144:18751 TIME_WAIT tcp 0 0 120.136.23.56:80 124.224.63.144:18750 TIME_WAIT tcp 0 0 120.136.23.56:80 61.177.143.210:4226 TIME_WAIT tcp 0 0 120.136.23.56:80 116.9.9.250:55700 TIME_WAIT tcp 0 39599 120.136.23.93:80 125.107.166.221:3083 ESTABLISHED tcp 0 0 120.136.23.56:80 120.86.215.180:62554 TIME_WAIT tcp 0 0 120.136.23.56:80 221.130.177.100:48442 TIME_WAIT tcp 0 0 120.136.23.56:80 123.150.182.221:34199 TIME_WAIT tcp 0 69227 120.136.23.93:80 125.107.166.221:3084 ESTABLISHED tcp 0 0 120.136.23.56:80 220.181.94.231:53605 TIME_WAIT tcp 0 0 120.136.23.56:80 123.150.182.221:34196 TIME_WAIT tcp 0 0 120.136.23.56:80 120.86.215.180:62556 TIME_WAIT tcp 0 0 120.136.23.56:80 123.150.182.221:34203 TIME_WAIT tcp 0 0 120.136.23.56:80 221.130.177.104:40252 TIME_WAIT tcp 0 0 120.136.23.56:80 123.150.182.221:34202 TIME_WAIT tcp 0 0 120.136.23.56:80 124.224.63.144:18731 TIME_WAIT tcp 0 0 120.136.23.56:80 123.150.182.221:34201 TIME_WAIT tcp 0 0 120.136.23.56:80 123.150.182.221:34200 TIME_WAIT tcp 0 0 120.136.23.56:80 111.9.9.224:49538 TIME_WAIT tcp 0 0 120.136.23.56:80 202.160.180.57:49229 TIME_WAIT tcp 0 0 120.136.23.56:80 124.224.63.144:18734 TIME_WAIT tcp 0 0 120.136.23.56:80 123.150.182.221:34204 TIME_WAIT tcp 0 0 120.136.23.56:80 111.72.156.95:2517 TIME_WAIT tcp 0 0 120.136.23.56:80 220.181.94.229:59728 TIME_WAIT tcp 0 0 120.136.23.56:80 116.20.61.208:50598 TIME_WAIT tcp 0 0 120.136.23.56:80 122.86.41.132:5031 TIME_WAIT tcp 0 0 120.136.23.56:80 122.86.41.132:5030 TIME_WAIT tcp 0 0 120.136.23.56:80 220.191.255.196:46290 FIN_WAIT2 tcp 0 0 120.136.23.56:80 122.86.41.132:5037 TIME_WAIT tcp 0 1 120.136.23.56:80 122.86.41.132:5036 LAST_ACK tcp 0 0 120.136.23.80:80 115.56.48.140:38058 TIME_WAIT tcp 0 0 120.136.23.56:80 122.86.41.132:5039 TIME_WAIT tcp 0 0 120.136.23.80:80 115.56.48.140:38057 TIME_WAIT tcp 0 0 120.136.23.56:80 122.86.41.132:5038 TIME_WAIT tcp 0 0 120.136.23.80:80 125.46.48.20:45862 TIME_WAIT tcp 0 0 120.136.23.56:80 122.86.41.132:5033 TIME_WAIT tcp 0 0 120.136.23.56:80 122.86.41.132:5032 TIME_WAIT tcp 0 0 120.136.23.56:80 122.86.41.132:5034 TIME_WAIT tcp 0 0 120.136.23.56:80 111.9.9.224:49582 TIME_WAIT tcp 0 0 120.136.23.56:80 220.181.94.221:38777 TIME_WAIT tcp 0 0 120.136.23.56:80 123.125.66.15:27007 TIME_WAIT tcp 0 0 120.136.23.56:80 67.195.37.98:59848 TIME_WAIT tcp 0 0 120.136.23.56:80 122.86.41.132:5040 TIME_WAIT tcp 0 0 120.136.23.80:80 125.46.48.20:14651 TIME_WAIT tcp 0 0 120.136.23.56:80 220.181.94.221:58495 TIME_WAIT tcp 0 0 120.136.23.56:80 111.72.156.95:2765 TIME_WAIT tcp 0 0 120.136.23.56:80 122.86.41.132:5053 TIME_WAIT tcp 0 0 120.136.23.56:80 120.86.215.180:62578 ESTABLISHED tcp 0 0 120.136.23.56:80 202.160.179.58:36715 TIME_WAIT tcp 0 0 120.136.23.56:80 122.86.41.132:5048 TIME_WAIT tcp 0 0 120.136.23.93:80 61.153.27.172:4889 TIME_WAIT tcp 0 0 120.136.23.56:80 111.72.156.95:1995 TIME_WAIT tcp 0 0 120.136.23.56:80 111.9.9.224:49501 TIME_WAIT tcp 0 12270 120.136.23.56:80 119.12.4.49:49551 ESTABLISHED tcp 0 6988 120.136.23.56:80 119.12.4.49:49550 ESTABLISHED tcp 0 0 120.136.23.56:80 66.249.67.106:60516 TIME_WAIT tcp 0 0 120.136.23.56:80 202.160.179.76:56301 TIME_WAIT tcp 0 0 120.136.23.56:80 202.160.178.41:32907 TIME_WAIT tcp 0 0 120.136.23.93:80 61.153.27.172:24811 TIME_WAIT tcp 0 0 120.136.23.56:80 202.160.180.155:35617 TIME_WAIT tcp 0 0 120.136.23.56:80 220.181.94.229:50081 TIME_WAIT tcp 0 3650 120.136.23.56:80 119.12.4.49:49555 ESTABLISHED tcp 0 0 120.136.23.56:80 116.9.9.250:55632 TIME_WAIT tcp 0 4590 120.136.23.56:80 119.12.4.49:49554 ESTABLISHED tcp 0 823 120.136.23.56:80 119.12.4.49:49553 ESTABLISHED tcp 0 778 120.136.23.56:80 119.12.4.49:49552 ESTABLISHED tcp 0 31944 120.136.23.93:80 222.67.49.170:52229 ESTABLISHED tcp 0 0 120.136.23.93:80 219.219.127.2:44661 TIME_WAIT tcp 0 0 120.136.23.56:80 221.130.177.102:38602 TIME_WAIT tcp 0 0 120.136.23.56:80 61.177.143.210:4208 TIME_WAIT tcp 0 0 120.136.23.56:80 117.23.111.2:3297 TIME_WAIT tcp 0 0 120.136.23.56:80 111.72.156.95:2079 TIME_WAIT tcp 0 0 120.136.23.92:80 220.181.7.49:44133 TIME_WAIT tcp 0 0 120.136.23.80:80 125.46.48.20:38627 TIME_WAIT tcp 0 660 120.136.23.56:80 113.16.37.24:62908 LAST_ACK tcp 0 0 120.136.23.56:80 220.181.94.231:62850 TIME_WAIT tcp 0 0 120.136.23.56:80 220.181.94.235:33423 TIME_WAIT tcp 0 0 120.136.23.56:80 216.129.119.40:53331 TIME_WAIT tcp 0 0 120.136.23.56:80 116.248.65.32:2580 ESTABLISHED tcp 0 0 120.136.23.56:80 61.177.143.210:4199 TIME_WAIT tcp 0 0 120.136.23.93:80 125.107.166.221:3052 TIME_WAIT tcp 0 0 120.136.23.56:80 216.7.175.100:36933 TIME_WAIT tcp 0 1 120.136.23.56:80 183.35.149.94:2414 FIN_WAIT1 tcp 0 26963 120.136.23.56:80 124.160.125.8:8274 LAST_ACK tcp 0 0 120.136.23.93:80 61.153.27.172:16350 TIME_WAIT tcp 0 0 120.136.23.56:80 220.181.94.229:64907 TIME_WAIT tcp 0 0 120.136.23.56:80 219.131.92.53:4116 TIME_WAIT tcp 0 0 120.136.23.56:80 221.130.177.102:32937 TIME_WAIT tcp 0 0 120.136.23.56:80 218.59.137.178:52731 FIN_WAIT2 tcp 0 0 120.136.23.56:80 123.125.66.53:31474 ESTABLISHED tcp 0 8950 120.136.23.56:80 221.194.136.245:21574 ESTABLISHED tcp 0 0 120.136.23.56:80 216.7.175.100:36922 TIME_WAIT tcp 0 0 120.136.23.56:80 216.7.175.100:36923 TIME_WAIT tcp 0 0 120.136.23.56:80 221.130.177.106:41386 TIME_WAIT tcp 0 0 120.136.23.56:80 220.181.94.221:62681 TIME_WAIT tcp 0 0 120.136.23.56:80 111.72.156.95:1639 ESTABLISHED tcp 0 0 120.136.23.56:80 219.131.92.53:4103 TIME_WAIT tcp 0 0 120.136.23.56:80 220.181.94.231:44007 TIME_WAIT tcp 0 0 120.136.23.93:80 61.153.27.172:15026 TIME_WAIT tcp 0 0 120.136.23.56:80 202.160.180.125:59521 TIME_WAIT tcp 0 660 120.136.23.56:80 113.16.37.24:62921 FIN_WAIT1 tcp 0 0 120.136.23.56:80 220.181.94.229:54767 TIME_WAIT tcp 0 0 120.136.23.56:80 219.131.92.53:4148 ESTABLISHED tcp 0 0 120.136.23.93:80 202.104.103.210:2423 TIME_WAIT tcp 0 0 120.136.23.56:80 219.131.92.53:4149 ESTABLISHED tcp 0 0 120.136.23.56:80 219.131.

也许这有点帮助你: 

 # for i in $(sort /tmp/ips | uniq); do geoiplookup $i ;done | sort | uniq -c 4 GeoIP Country Edition: AU, Australia 83 GeoIP Country Edition: CN, China 13 GeoIP Country Edition: --, N/A 1 GeoIP Country Edition: NZ, New Zealand 1 GeoIP Country Edition: SE, Sweden 21 GeoIP Country Edition: US, United States

我看过一些来自“正规”蜘蛛(百度等)。

可能是Slowloris 。

尝试运行如下所示的内容: 

 netstat -ntu | grep :80 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

它会粗略地告诉你每个IP有多less个连接,这可能更容易发现滥用/阻止它们。

tail -f /var/log/httpd/access_log告诉你什么时候攻击(或其他)发生了什么? 或者,如果您之后只是阅读日志,他们打了什么URL?

什么是您的MaxClients设置? 这听起来像你正在达到这个设置。 发生这种情况时,Apache将停止服务请求,其中一个现有客户端closures连接。 在发生这种情况时,其他服务将继续接受请求。

如果启用了服务器状态页面,则可以近乎实时地查看客户端正在执行的操作。 不过,我build议将服务器状态locking为特定的IP地址,或者使用其他forms的身份validation。

就所有这些IP地址的stream量而言,当我需要查看stream量来自何处时,我通常会用Perl翻阅访问日志。 由于我无法访问您的日志,因此下面是一个快速而脏的Perl程序,它接收来自netstat命令的输出,并执行recursionDNS查找以确定这些IP地址的来源。 它期望在一个名为“垃圾”的文件中find你的netstat的内容。

希望这可以帮助。 

 #!/usr/bin/perl -w use strict; our %iph = (); sub recDNS ( $ ) { my $arpa = shift; $arpa =~ s/^\d+\.//; print "+++++ $arpa +++++\n"; my $retVal = system ( "host", "-a", "$arpa" ); if ( $retVal != 0 ) { recDNS ( $arpa ); } } sub makeArpa ( $ ) { my $ip = shift; my @ipParts = split ( /\./, $ip ); my $arpa = ""; while ( $#ipParts > -1 ) { my $part = pop ( @ipParts ); $arpa .= "$part."; } $arpa .= "in-addr.arpa"; recDNS ( $arpa ); } open ( RD, "junk" ); while ( <RD> ) { chomp; my @nparts = split ( /\s+/, $_ ); my $ip = $nparts[4]; # print "$_\n"; $ip =~ s/:\d+$//; # print "$ip\n"; $iph{$ip} = 0 unless ( defined ( $iph{$ip} ) ); $iph{$ip}++; } close ( RD ); foreach my $ip (sort keys %iph) { print "----- $ip: count->$iph{$ip} -----\n"; my $retVal = system ( "host", "-a", "$ip" ); if ( $retVal != 0 ) { makeArpa ( $ip ); } }