当前位置:首页 > 技术教程 > 建站经验 > 正文内容

网站访问日志一直出现HTTP 408 错误的原因以及屏蔽一些恶意扫描网站漏洞的ip

爱一流网3年前 (2021-09-22)建站经验258

bbs的一个网站日志里一直出现408,偶尔出现几个还算正常,奇怪的问题,一下子出现几百甚至几千个。

不知道这些408访问是怎么产生的,没有访问来路也没有请求浏览器信息,就是408,每天都有很多,至少几十个。

网站日志样本如下

49.7.20.81 - - [22/Sep/2021:20:04:55 +0800] "-" 408 - "-" "-"

49.7.20.155 - - [22/Sep/2021:20:17:15 +0800] "-" 408 - "-" "-"

192.241.221.8 - - [22/Sep/2021:20:26:31 +0800] "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1" 404 258 "-" "Mozilla/5.0 zgrab/0.x"

49.7.20.140 - - [22/Sep/2021:20:27:26 +0800] "-" 408 - "-" "-"

123.183.224.29 - - [22/Sep/2021:20:27:48 +0800] "-" 408 - "-" "-"

49.7.20.155 - - [22/Sep/2021:20:50:35 +0800] "-" 408 - "-" "-"

49.7.20.114 - - [22/Sep/2021:20:52:18 +0800] "-" 408 - "-" "-"

49.7.20.81 - - [22/Sep/2021:20:54:21 +0800] "-" 408 - "-" "-"

49.7.20.140 - - [22/Sep/2021:21:02:30 +0800] "-" 408 - "-" "-"

123.183.224.66 - - [22/Sep/2021:21:33:53 +0800] "-" 408 - "-" "-"

维基百科上都有说的。这个信息表明有人以较慢的速度在向你的服务器发送请求。可能原因是:

用户在手动输入数据

用户的网络慢死了

用户想通过这种方式进行 DoS 攻击

用户的程序出错了

后边的「from:-」不知道是什么字段。大概是 UserAgent?

其中192.241.221.8 - - [22/Sep/2021:20:26:31 +0800] "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1" 404 258 "-" "Mozilla/5.0 zgrab/0.x"是网站漏洞扫描,可以直接屏蔽掉ip即可。

样本2:

101.36.109.176 - - [22/Sep/2021:18:38:10 +0800] "GET /index/index/andiro HTTP/1.1" 301 315 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:09 +0800] "GET /api/content_bottom HTTP/1.1" 301 315 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:04 +0800] "GET /home/GetQrCodeInfo HTTP/1.1" 301 315 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:09 +0800] "GET /legal/currency/set HTTP/1.1" 301 315 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:01 +0800] "GET /Home/Get/getJnd28 HTTP/1.1" 301 314 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:10 +0800] "GET /room/script/face.js HTTP/1.1" 301 316 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:10 +0800] "GET /public/img/cz1.png HTTP/1.1" 301 315 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:01 +0800] "GET /views/home/home.js HTTP/1.1" 301 315 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:09 +0800] "GET /Home/GetInitSource HTTP/1.1" 301 315 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:01 +0800] "GET /statics/js/API.js HTTP/1.1" 301 314 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:10 +0800] "GET /api/v1/member/kefu HTTP/1.1" 301 315 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:18 +0800] "POST /api/app/config_new HTTP/1.1" 301 315 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:12 +0800] "POST /wap/banner/details HTTP/1.1" 301 315 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:18 +0800] "GET /Public/css/hall.css HTTP/1.1" 301 316 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:19 +0800] "GET /skin/main/onload.js HTTP/1.1" 301 316 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:20 +0800] "GET /api/site/getInfo.do HTTP/1.1" 301 316 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:36 +0800] "GET /static/guide/ab.css HTTP/1.1" 301 316 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:33 +0800] "GET /room/getRoomBangFans HTTP/1.1" 301 317 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:33 +0800] "GET /api/message/webInfo HTTP/1.1" 301 316 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:33 +0800] "GET /Content/favicon.ico HTTP/1.1" 301 316 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:39 +0800] "GET /Recruit/download_url HTTP/1.1" 301 317 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:46 +0800] "POST /api/user/mobilelogin HTTP/1.1" 301 317 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

出现这个情况是有人通过工具或者软件扫描你的网站有没有漏洞,想黑你的网站。针对怀有恶意的ip,我们就毫不犹豫的拉黑它或者屏蔽ip。

整理的一些需要屏蔽的ip分类如下

网站漏洞扫描ip:

101.36.109.176

192.241.221.8

扫描网站文件类型zip,rar





扫描二维码推送至手机访问。

版权声明:本文由爱一流网发布,如需转载请注明出处。

免责声明:本站所有资源搜集整理于互联网或者网友提供,仅供学习与交流使用,如果不小心侵犯到你的权益,请及时联系我们删除该资源。

本文链接:https://aiyiliu.com/post/20.html

分享给朋友: