[探讨]服务器封杀某个ip
2006-02-09 16:22
288 查看
这几天服务器越来越慢.从apache mysql php 方面也找不到原因.
uptime 显示 load average: 42.05
netstat -anl
显示出很多个 apache mysql 链接按照正常链接数这些都是正常的
根据远程链接的IP查出很多是北京 江苏 广东那边 而我的网站主机用户群是云南
在网上搜索 ip 所属地基本了解这些IP应该是网络蜘蛛在抓数据. apache 我已做了 mod_limit 最多并发10个链接 ,想想会不会是搜索引擎在抓我网站的数据,导致系统负载很大,以前也碰到这种情况 再次修改 httpd.conf 把那些不正常的 ip deny 掉
先运行
netstat -na --inet|grep :80|grep -v 127.0.0.1|awk '{print $5}'|sort
来查看 80端口所有的链接 特别检查出现次数最多的IP然后在httpd.conf 禁止 再用 gggipdrop.sh
封杀
<Directory />
Options FollowSymLinks
AllowOverride None
deny from 219.134.12.119
deny from 219.133.243.148
deny from 222.50.207.21
deny from 222.88.150.107
deny from 222.35.32.240
deny from 211.148.207.111
deny from 220.174.172.56
deny from 218.93.216.66
deny from 218.82.99.225
deny from 218.18.32.198
deny from 202.107.200.72
deny from 202.108.11.234
deny from 202.108.11.235
deny from 218.69.251.123
deny from 61.141.239.141
deny from 219.147.0.3
deny from 221.214.224.228
deny from 221.219.225.130
deny from 220.163.34.199
deny from 218.63.46.202
deny from 221.192.211.158
deny from 218.93.225.75
deny from 218.93.254.243
deny from 218.17.4.205
deny from 218.247.172.20
deny from 219.134.121.167
deny from 61.135.145.204
deny from 61.135.145.208
deny from 61.135.145.221
deny from 61.135.145.216
deny from 61.135.145
deny from 61.135.146
deny from 61.145.24.1
deny from www.baidu.com baidu.com
deny from 61.147.241.249
deny from 61.147.245.69
deny from 218.17.237.217
deny from 218.71.38.113
deny from 61.147.255.85
deny from 221.5.119.171
deny from 60.28.249.101
deny from 220.165.222.14
deny from 220.189.210.18
deny from 61.181.210.245
deny from 202.96.199.133
deny from 218.18.18.57
deny from 202.108.1
</Directory>
然后用以下shell把特别顽固的几个IP封杀掉
#========================== begin gggipdrop.sh
#!/bin/bash
#args 2 $# "${0} IPADDR {on/off}" "Drops packets to/from IPADDR. Good for obnoxious networks/hosts/DoS"
if [ "$2" = "on" ]
then
#rules will be appended or inserted as normal
APPEND="-A"
INSERT="-I"
# rec_check ipdrop $1 "$1 already blocked" on
# record ipdrop $1
elif [ "$2" = "off" ]
then
#rules will be deleted instead
APPEND="-D"
INSERT="-D"
# rec_check ipdrop $1 "$1 not currently blocked" off
# unrecord ipdrop $1
else
echo "Error: /"off/" or /"on/" expected as second argument"
exit 1
fi
#block outside IP address that's causing problems
#attacker's incoming TCP connections will take a minute or so to time out,
#reducing DoS effectiveness.
iptables $INSERT INPUT -s $1 -j DROP
iptables $INSERT OUTPUT -d $1 -j DROP
iptables $INSERT FORWARD -d $1 -j DROP
echo "IP ${1} drop ${2}."
#========================== end gggipdrop.sh
apachectl restart
uptime 显示 load average: 42.05
netstat -anl
显示出很多个 apache mysql 链接按照正常链接数这些都是正常的
根据远程链接的IP查出很多是北京 江苏 广东那边 而我的网站主机用户群是云南
在网上搜索 ip 所属地基本了解这些IP应该是网络蜘蛛在抓数据. apache 我已做了 mod_limit 最多并发10个链接 ,想想会不会是搜索引擎在抓我网站的数据,导致系统负载很大,以前也碰到这种情况 再次修改 httpd.conf 把那些不正常的 ip deny 掉
先运行
netstat -na --inet|grep :80|grep -v 127.0.0.1|awk '{print $5}'|sort
来查看 80端口所有的链接 特别检查出现次数最多的IP然后在httpd.conf 禁止 再用 gggipdrop.sh
封杀
<Directory />
Options FollowSymLinks
AllowOverride None
deny from 219.134.12.119
deny from 219.133.243.148
deny from 222.50.207.21
deny from 222.88.150.107
deny from 222.35.32.240
deny from 211.148.207.111
deny from 220.174.172.56
deny from 218.93.216.66
deny from 218.82.99.225
deny from 218.18.32.198
deny from 202.107.200.72
deny from 202.108.11.234
deny from 202.108.11.235
deny from 218.69.251.123
deny from 61.141.239.141
deny from 219.147.0.3
deny from 221.214.224.228
deny from 221.219.225.130
deny from 220.163.34.199
deny from 218.63.46.202
deny from 221.192.211.158
deny from 218.93.225.75
deny from 218.93.254.243
deny from 218.17.4.205
deny from 218.247.172.20
deny from 219.134.121.167
deny from 61.135.145.204
deny from 61.135.145.208
deny from 61.135.145.221
deny from 61.135.145.216
deny from 61.135.145
deny from 61.135.146
deny from 61.145.24.1
deny from www.baidu.com baidu.com
deny from 61.147.241.249
deny from 61.147.245.69
deny from 218.17.237.217
deny from 218.71.38.113
deny from 61.147.255.85
deny from 221.5.119.171
deny from 60.28.249.101
deny from 220.165.222.14
deny from 220.189.210.18
deny from 61.181.210.245
deny from 202.96.199.133
deny from 218.18.18.57
deny from 202.108.1
</Directory>
然后用以下shell把特别顽固的几个IP封杀掉
#========================== begin gggipdrop.sh
#!/bin/bash
#args 2 $# "${0} IPADDR {on/off}" "Drops packets to/from IPADDR. Good for obnoxious networks/hosts/DoS"
if [ "$2" = "on" ]
then
#rules will be appended or inserted as normal
APPEND="-A"
INSERT="-I"
# rec_check ipdrop $1 "$1 already blocked" on
# record ipdrop $1
elif [ "$2" = "off" ]
then
#rules will be deleted instead
APPEND="-D"
INSERT="-D"
# rec_check ipdrop $1 "$1 not currently blocked" off
# unrecord ipdrop $1
else
echo "Error: /"off/" or /"on/" expected as second argument"
exit 1
fi
#block outside IP address that's causing problems
#attacker's incoming TCP connections will take a minute or so to time out,
#reducing DoS effectiveness.
iptables $INSERT INPUT -s $1 -j DROP
iptables $INSERT OUTPUT -d $1 -j DROP
iptables $INSERT FORWARD -d $1 -j DROP
echo "IP ${1} drop ${2}."
#========================== end gggipdrop.sh
apachectl restart
相关文章推荐
- ssh 使用新法公网(合法 ip)用户访问内网(私有 ip)服务器(http,ftp,sshd,cvs...),内网的朋友不妨一看[zt]
- Android模拟器访问服务器failed to connect to /(主机服务端ip) (port 8080) after 5000ms
- 2015/12/14 Python网络编程,TCP/IP客户端和服务器初探
- 服务器结构探讨(2) -- 登录服的负载均衡
- 一个服务器搭多个tomcat导致session丢失,或者同一个IP不同端口,多个应用的session会冲突解决方法
- 统计 DHCP 服务器 ip 分配情况的脚本
- Vue-cli 配置开发环境让测试服务器监听所有IP
- android手机访问网站时 出现您未被授权查看该页 您试图访问的 Web 服务器上有一个不被允许访问该网站的 IP 地
- 服务器tomcat错误:failed setting ip_tt1及Djava.net.preferIPv4Stack设置
- 通过新浪IP服务器获得的当前客户端IP地址对应的国家、省份或直辖市、城市信息
- 使用Apache的server-status,禁止IP访问服务器
- OpenStack服务器节点迁移(修改IP)后引发的nova-compute不启动
- 哨兵模式查询redis服务器ip
- 服务器硬件探讨
- 相同IP服务器下的网站受惩罚解析
- socket跟TCP/IP 的关系,单台服务器上的并发TCP连接数可以有多少
- Shell脚本实现检查服务器安全状态(用户、登录IP、防火墙检查)
- IP QoS服务模型及其相关问题的探讨
- jsp 获取服务器ip 以及端口号
- ssh 使用新法:公网(合法 ip)用户访问内网(私有 ip)服务器(http,ftp,sshd,cvs...),