Jamers Posted January 5, 2015 Report Share Posted January 5, 2015 最近发现本站的访问量很不正常,小小的网站有一大堆搜索请求,这点内容的网站有这个必要使用搜索么?唯一的可能,在探测注入漏洞。 赶紧分析一下访问日志吧。 本站现在的apache日志文件格式为:apache标准日志结构 203.208.60.144 - - [01/Jan/2002:21:23:38 +0800] "GET /tags/forums/A%2525E7%2525B1%2525BB/ HTTP/1.1" 404 5374 相关脚本: #查看404错误前10名IP cat access_log | grep '404' | awk '{print $1}' | sort | uniq -c | sort -nr | head -n 10 #查看访问数最多的IP awk '{print $1}' access_log | sort | uniq -c | sort -nr | head 前10名404错误数据如下: 927 183.60.243.234 87 180.106.207.91 72 114.91.24.62 19 66.249.75.41 19 66.249.64.85 16 180.154.139.126 14 66.249.75.25 14 66.249.64.93 14 203.208.60.134 14 203.208.60.127 访问数最多的IP数据: 14891 183.60.243.234 3410 *** 2181 180.106.207.91 617 117.82.237.27 526 117.62.116.132 318 222.209.108.149 311 114.91.24.62 303 61.152.129.105 232 203.208.60.142 215 203.208.60.138 以上***为我平常访问的IP地址,注入漏洞探测很执着么,幸好IPB够强大,直接把探测漏洞的IP屏蔽吧。。 ipfw add 02000 deny log logamount 100 ip from 183.60.243.234 to me Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now