首页 > Linux系统管理 > 网站被ddos攻击
2016
12-27

网站被ddos攻击

网站被ddos攻击 日志里面全部是类似这种访问

14.17.94.14 - - [27/Dec/2016:18:26:17 +0800] "GET /index.shtml HTTP/1.1" 200 11845 "-" "WordPress/4.4.5; http://52.90.136.214; verifying pingback from 191.96.249.80" "52.90.136.214"
14.17.94.16 - - [27/Dec/2016:18:26:17 +0800] "GET /index.shtml HTTP/1.1" 200 11860 "-" "WordPress/4.5.2; https://www.illycorp.com; verifying pingback from 191.96.249.80" "80.175.22.240"
14.17.94.14 - - [27/Dec/2016:18:26:17 +0800] "GET /index.shtml HTTP/1.1" 200 11832 "-" "WordPress/4.5.3; https://prominic.net; verifying pingback from 191.96.249.80" "199.103.1.14"
14.17.94.14 - - [27/Dec/2016:18:26:17 +0800] "GET /index.shtml HTTP/1.1" 200 11766 "-" "WordPress/4.4.5; http://52.37.129.99; verifying pingback from 191.96.249.80" "52.37.129.99"

本来想直接跑脚本封IP的,看了下 useragent 都是WordPress
直接在nginx 里面

if ($http_user_agent ~* "WordPress" ) {return 403;}

这样服务器就没什么压力了

最后编辑:
作者:saunix
大型互联网公司linux系统运维攻城狮,专门担当消防员

留下一个回复