무작위 공격시..
본문
안녕하세요. 사이트를 하나 운영중인데...
원인모를 공격이 들어오는데
동일 ip로 계속 같은 공격이면 그 아이피 차단하게끔 설정은 해놨는데
다음과 같이 공격이 들어오니 참 당황스럽네요...
이런경우 어떻게들 대응하시나요?
실제로는 이거보다 엄청나게 많지만 일부만 올립니다.
고수님들 혹시 어떤 방법이 있을까요?
118.81.14.4 - - [02/Dec/2022:13:08:25 +0800] "GET /editor_insmenu.htm HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
58.244.30.230 - - [02/Dec/2022:13:08:25 +0800] "GET /Escape.asp HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
1.85.217.32 - - [02/Dec/2022:13:08:25 +0800] "GET /pj.htm HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
180.109.49.62 - - [02/Dec/2022:13:08:25 +0800] "GET /windo-dff.asp HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
182.88.165.156 - - [02/Dec/2022:13:08:25 +0800] "GET /leishang.asp HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
221.11.5.61 - - [02/Dec/2022:13:08:25 +0800] "GET /id.txt HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
112.80.136.254 - - [02/Dec/2022:13:08:25 +0800] "GET /company.htm HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
220.250.63.207 - - [02/Dec/2022:13:08:25 +0800] "GET /2.txt HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
180.109.49.62 - - [02/Dec/2022:13:08:25 +0800] "GET /THE.htm HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
111.85.200.125 - - [02/Dec/2022:13:08:25 +0800] "GET /coli.txt HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
112.193.171.97 - - [02/Dec/2022:13:08:25 +0800] "GET /editor_marpuee.htm HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
221.11.5.55 - - [02/Dec/2022:13:08:25 +0800] "GET /anonph.htm HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
119.163.43.249 - - [02/Dec/2022:13:08:25 +0800] "GET /dirk.htm HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
117.15.89.51 - - [02/Dec/2022:13:08:25 +0800] "GET /cmd.asp HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
182.54.18.223 - - [02/Dec/2022:13:08:25 +0800] "GET /520.asp HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
114.100.176.197 - - [02/Dec/2022:13:08:25 +0800] "GET /hack.asp HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
122.139.172.171 - - [02/Dec/2022:13:08:25 +0800] "GET /LinghtNing.asp HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
222.94.163.114 - - [02/Dec/2022:13:08:25 +0800] "GET /2009820225332869.html HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
182.245.57.9 - - [02/Dec/2022:13:08:25 +0800] "GET /2008726161943933.asa HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
121.29.178.117 - - [02/Dec/2022:13:08:25 +0800] "GET /xh.htm HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
182.138.158.240 - - [02/Dec/2022:13:08:25 +0800] "GET /fuck.html HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
42.63.89.19 - - [02/Dec/2022:13:08:25 +0800] "GET /D4ck.htm HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
112.193.192.121 - - [02/Dec/2022:13:08:25 +0800] "GET /go.asp HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
61.166.198.215 - - [02/Dec/2022:13:08:25 +0800] "GET /help.html HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
36.32.2.73 - - [02/Dec/2022:13:08:25 +0800] "GET /1.jsp HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
110.87.132.159 - - [02/Dec/2022:13:08:25 +0800] "GET /xinsui.php HTTP/1.1" 404 146 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
182.54.7.154 - - [02/Dec/2022:13:08:25 +0800] "GET /hackbs.txt HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
36.32.2.90 - - [02/Dec/2022:13:08:25 +0800] "GET /2010122784038041.htm HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
223.166.22.108 - - [02/Dec/2022:13:08:25 +0800] "GET /123.htm HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
42.63.89.19 - - [02/Dec/2022:13:08:25 +0800] "GET /index2.htm HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
111.224.7.204 - - [02/Dec/2022:13:08:25 +0800] "GET /dst.asp HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
61.52.72.8 - - [02/Dec/2022:13:08:25 +0800] "GET /su.html HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
121.56.26.94 - - [02/Dec/2022:13:08:25 +0800] "GET /xiaojian.htm HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
175.152.35.250 - - [02/Dec/2022:13:08:25 +0800] "GET /homepage.htm HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
223.166.22.20 - - [02/Dec/2022:13:08:25 +0800] "GET /inde.html HTTP/1.1" 502 150 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
답변 3
간격을 넓게 보고 로그를 수집한 다음
A.B.C.D 에서 A.B 클래스가 일치하는 경우가 많으면 CIDR 표기로 막는 방법도 많이 사용합니다.
서버 업체 어디껀가요?
그리고 단독서버면 아이피테이블인가 그걸로 막아보세요
훅시 모르니 백신도 설치해보세요 디도스 조심하시길
해외차단이 젤 편하더라고요
