0

我在网站的 apache 日志中看到了这个巨大的日志:

  192.111.129.145 - - [07/Jun/2021:13:07:50 +0430] "HEAD /?Y256629118494u166019161242G5231293763232i55356056861y HTTP/1.1" 403 0 "hsteam-gifts.ir/" "z"
103.137.165.152 - - [07/Jun/2021:13:07:51 +0430] "POST / HTTP/1.1" 403 699 "-" "python-requests/2.25.1"
192.111.129.145 - - [07/Jun/2021:13:07:49 +0430] "HEAD /?Y256629118494u166019161242G5231293763232i55356056861y HTTP/1.1" 403 0 "hsteam-gifts.ir/" "z"
192.111.129.145 - - [07/Jun/2021:13:07:49 +0430] "HEAD /?Y256629118494u166019161242G5231293763232i55356056861y HTTP/1.1" 403 0 "hsteam-gifts.ir/" "z"
192.111.129.145 - - [07/Jun/2021:13:07:49 +0430] "HEAD /?Y256629118494u166019161242G5231293763232i55356056861y HTTP/1.1" 403 0 "hsteam-gifts.ir/" "z"
192.111.129.145 - - [07/Jun/2021:13:07:49 +0430] "HEAD /?Y256629118494u166019161242G5231293763232i55356056861y HTTP/1.1" 403 0 "hsteam-gifts.ir/" "z"
192.111.129.145 - - [07/Jun/2021:13:07:49 +0430] "GET / HTTP/1.1" 403 699 "nsteam-gifts.ir/" "a"
192.111.129.145 - - [07/Jun/2021:13:07:49 +0430] "GET / HTTP/1.1" 403 699 "nsteam-gifts.ir/" "a"
192.111.129.145 - - [07/Jun/2021:13:07:49 +0430] "GET / HTTP/1.1" 403 699 "nsteam-gifts.ir/" "a"
192.111.129.145 - - [07/Jun/2021:13:07:49 +0430] "GET / HTTP/1.1" 403 699 "nsteam-gifts.ir/" "a"
192.111.129.145 - - [07/Jun/2021:13:07:49 +0430] "GET / HTTP/1.1" 403 699 "nsteam-gifts.ir/" "a"
188.166.104.152 - - [07/Jun/2021:13:07:49 +0430] "POST / HTTP/1.1" 403 699 "-" "python-requests/2.25.1"
188.166.104.152 - - [07/Jun/2021:13:07:50 +0430] "POST / HTTP/1.1" 403 699 "-" "python-requests/2.25.1"
188.166.104.152 - - [07/Jun/2021:13:07:50 +0430] "POST / HTTP/1.1" 403 699 "-" "python-requests/2.25.1"
103.137.165.152 - - [07/Jun/2021:13:07:50 +0430] "POST / HTTP/1.1" 403 699 "-" "python-requests/2.25.1"
103.137.165.152 - - [07/Jun/2021:13:07:50 +0430] "POST / HTTP/1.1" 403 699 "-" "python-requests/2.25.1"

我在 .htaccess 中阻止请求并请求结果 id 403 如何防止这种攻击?哇?云耀斑?我使用 cPanel + Litespeed

4

1 回答 1

0

由以下项目控制:

首先,在 index.php 中添加这段代码

<?php
if(!isset($_SERVER['HTTP_USER_AGENT'])){
exit();
}
if ($_SERVER['HTTP_USER_AGENT'] == "python-requests/2.25.1" || $_SERVER['HTTP_USER_AGENT'] == "a" || $_SERVER['HTTP_USER_AGENT'] == "\\"){
        exit();
}

接下来我使用以下命令阻止 IP:

cat /var/log/apache2/domlogs/mydomain.com-ssl_log | awk '{print $1}' | sort | uniq -c |sort -n |  awk '{ if($1 > 10000) print $2 }' >> /etc/csf/csf.deny
于 2021-06-08T05:32:05.447 回答