今天服务器 cpu 直接到 100% 日志中发现/test.html 一直被访问 这是被恶意访问了吗

2019-03-07 10:57:15 +08:00
 zhuzhiqiang

113.96.109.157 - - [07/Mar/2019:08:07:03 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 119.147.39.151 - - [07/Mar/2019:08:07:03 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 121.12.109.39 - - [07/Mar/2019:08:07:03 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 47.106.50.155 - - [07/Mar/2019:08:07:03 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 202.108.249.153 - - [07/Mar/2019:08:07:04 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 60.221.194.35 - - [07/Mar/2019:08:07:05 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 202.99.114.204 - - [07/Mar/2019:08:07:05 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 117.27.235.150 - - [07/Mar/2019:08:07:05 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 122.156.57.161 - - [07/Mar/2019:08:07:05 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 123.6.31.154 - - [07/Mar/2019:08:07:05 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 113.6.227.203 - - [07/Mar/2019:08:07:05 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 121.22.229.26 - - [07/Mar/2019:08:07:06 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 39.96.119.23 - - [07/Mar/2019:08:07:06 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 183.214.130.150 - - [07/Mar/2019:08:07:07 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 120.223.240.35 - - [07/Mar/2019:08:07:07 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 39.96.135.227 - - [07/Mar/2019:08:07:07 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 120.221.154.209 - - [07/Mar/2019:08:07:08 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 118.31.194.149 - - [07/Mar/2019:08:07:08 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 61.168.101.24 - - [07/Mar/2019:08:07:08 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 58.20.147.25 - - [07/Mar/2019:08:07:09 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 118.112.13.205 - - [07/Mar/2019:08:07:10 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 39.96.151.171 - - [07/Mar/2019:08:07:11 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 119.167.151.155 - - [07/Mar/2019:08:07:11 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 27.221.56.150 - - [07/Mar/2019:08:07:11 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 106.60.80.28 - - [07/Mar/2019:08:07:12 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 120.201.253.38 - - [07/Mar/2019:08:07:12 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 111.6.251.48 - - [07/Mar/2019:08:07:12 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 223.111.105.160 - - [07/Mar/2019:08:07:13 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 183.213.20.27 - - [07/Mar/2019:08:07:13 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 119.23.169.196 - - [07/Mar/2019:08:07:13 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 112.29.216.161 - - [07/Mar/2019:08:07:13 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 124.239.234.163 - - [07/Mar/2019:08:07:13 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 61.163.8.22 - - [07/Mar/2019:08:07:14 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 118.190.214.147 - - [07/Mar/2019:08:07:15 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 140.205.253.144 - - [07/Mar/2019:08:07:15 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 111.48.30.40 - - [07/Mar/2019:08:07:15 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1" 27.221.92.164 - - [07/Mar/2019:08:07:15 +0800] "GET /test.html HTTP/1.1" 404 132 "-" "Go-http-client/1.1

6650 次点击
所在节点    信息安全
38 条回复
Humorce
2019-03-07 11:00:33 +08:00
所以这个页面是干什么的呢
zhuzhiqiang
2019-03-07 11:01:50 +08:00
@Humorce 没这个页面 返回的 404
Humorce
2019-03-07 11:07:41 +08:00
域名是新买的?

这个时间密度,先更改配置 Block 掉此 UA 吧
zhuzhiqiang
2019-03-07 12:40:58 +08:00
@Humorce 403 了 还有什么好的解决办法吗 还一直在访问 [捂脸]
blless
2019-03-07 12:41:55 +08:00
404 都能跑满 CPU 吗
fiht
2019-03-07 12:49:29 +08:00
Go-http-client 这个是 go 语言程序呀
zhuzhiqiang
2019-03-07 12:52:18 +08:00
@blless 我觉得也不至于啊 大佬 看下 CPU 和 TCP
Steps
2019-03-07 13:06:22 +08:00
是否使用了负载均衡?

我的站跟你一模一样的情况,我过滤了 UA 直接给 503 了

现在一共跑了 一千多万次吧。。。
claysec
2019-03-07 13:16:54 +08:00
@zhuzhiqiang 接个 cdn 让他慢慢跑呗
zhuzhiqiang
2019-03-07 13:20:19 +08:00
@Steps 没有使用均衡负载服务 就 Nginx 做了个热备
boris1993
2019-03-07 13:21:09 +08:00
返回个 gzip 炸弹?
zhuzhiqiang
2019-03-07 13:22:47 +08:00
@Steps 老哥你的也是这个 UA 吗
Vhc
2019-03-07 13:25:19 +08:00
1、这个访问频次并不高,CPU 占用和这一毛钱关系也没有。
2、千万不要屏蔽 "Go-http-client/1.1" 这个 UA
dbpe
2019-03-07 13:27:42 +08:00
新知识..GZIp Boom..
gamexg
2019-03-07 13:31:11 +08:00
跳转到 ubuntu iso ?
gamexg
2019-03-07 13:31:42 +08:00
@gamexg #15 额,开源社区钱不多,还是跳转到微软 iso 吧。
zhuzhiqiang
2019-03-07 13:37:24 +08:00
@Vhc 大佬 怎么说
CallMeReznov
2019-03-07 13:46:55 +08:00
@Vhc 为什么不能屏蔽?
Steps
2019-03-07 13:53:06 +08:00
@Vhc #13 不屏蔽? 你告诉我这样的请求量
已不间断运行: 61 天 18 小时 34 分钟




只是一个 503 的错误页面,61 天 867G 流量,该如何处理?
LanAiFaZuo
2019-03-07 13:54:17 +08:00
我昨天到今天也是 cpu 爆满,用的宝塔。不知道是不是被黑了。

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/542018

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX