nginx 日志很大,而且大得很快
内容如下:151.1.105.132--[18/Jul/2014:15:28:19+0800]"GEThttp://soncachat.com/index.phpHTTP...
内容如下:
151.1.105.132 - - [18/Jul/2014:15:28:19 +0800] "GET http://soncachat.com/index.php HTTP/1.1" 200 15192 "-" "-" "-"
182.84.98.180 - - [18/Jul/2014:15:28:19 +0800] "GET http://www.cookac.com/zb_system/login.asp HTTP/1.1" 499 0 "http://www.baidu.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 5.1)" "-"
219.90.124.106 - - [18/Jul/2014:15:28:19 +0800] "GET http://www.zhujiwu.com/priceall.asp?id=host HTTP/1.1" 200 57912 "http://www.zhujiwu.com/domain/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 5.1)" "-"
62.210.99.156 - - [18/Jul/2014:15:28:19 +0800] "GET http://api.solvemedia.com/papi/challenge.noscript?k=KLoj-jfX2UP0GEYOmYX.NOWL0ReUhErZ HTTP/1.1" 200 88 "-" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1" "-"
109.236.84.239 - - [18/Jul/2014:15:28:19 +0800] "GET http://hoteltip.info/index.php/hawaii-aenean-ut-sem?regioncfg=1,3,4,5,6&start=6580 HTTP/1.1" 200 227 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" "-"
60.55.42.74 - - [18/Jul/2014:15:28:19 +0800] "GET http://www.wikizquierda.org/ HTTP/1.0" 200 1476 "http://www.wikizquierda.org/" "Mozilla/5.0 (Windows NT 6.1; rv:27.0) Gecko/20100101 Firefox/27.0" "-" 展开
151.1.105.132 - - [18/Jul/2014:15:28:19 +0800] "GET http://soncachat.com/index.php HTTP/1.1" 200 15192 "-" "-" "-"
182.84.98.180 - - [18/Jul/2014:15:28:19 +0800] "GET http://www.cookac.com/zb_system/login.asp HTTP/1.1" 499 0 "http://www.baidu.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 5.1)" "-"
219.90.124.106 - - [18/Jul/2014:15:28:19 +0800] "GET http://www.zhujiwu.com/priceall.asp?id=host HTTP/1.1" 200 57912 "http://www.zhujiwu.com/domain/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 5.1)" "-"
62.210.99.156 - - [18/Jul/2014:15:28:19 +0800] "GET http://api.solvemedia.com/papi/challenge.noscript?k=KLoj-jfX2UP0GEYOmYX.NOWL0ReUhErZ HTTP/1.1" 200 88 "-" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1" "-"
109.236.84.239 - - [18/Jul/2014:15:28:19 +0800] "GET http://hoteltip.info/index.php/hawaii-aenean-ut-sem?regioncfg=1,3,4,5,6&start=6580 HTTP/1.1" 200 227 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" "-"
60.55.42.74 - - [18/Jul/2014:15:28:19 +0800] "GET http://www.wikizquierda.org/ HTTP/1.0" 200 1476 "http://www.wikizquierda.org/" "Mozilla/5.0 (Windows NT 6.1; rv:27.0) Gecko/20100101 Firefox/27.0" "-" 展开
1个回答
展开全部
这个一般有2种可能,一个是你这个日志是做代理的nginx的访问日志
另一个就是有人恶意攻击你的服务器,发送虚假的请求,因为你这个服务器里get的hostname都不一样,如果不做代理的话正常是不会出现请求的hostname不一致,这种情况可以由用户指定了错误的host然后访问到你的服务器上导致,这个很像CC攻击
另一个就是有人恶意攻击你的服务器,发送虚假的请求,因为你这个服务器里get的hostname都不一样,如果不做代理的话正常是不会出现请求的hostname不一致,这种情况可以由用户指定了错误的host然后访问到你的服务器上导致,这个很像CC攻击
追问
怎么看是不是做了代理呢?还有被攻击了要怎样防范?
追答
查看nginx配置文件里有没有proxy_pass
建代理通常要用proxy_pass,如果有,那产生这么多日志是正常的,因为用你这个代理的用户访问的每个网址都在日志里面有体现,如果嫌多可以关闭代理的日志
从日志的IP上看,有很多国外IP,所以攻击的可能性要大些
这种攻击应该是伪造http数据包,没有太好的防范方法,你可以试试将请求的URL不是你站点的IP临时加入防火墙的很名单中,不过攻击者也可以伪造IP或更换各种代理来发大量垃圾请求
封IP只能治标
本回答由提问者推荐
已赞过
已踩过<
评论
收起
你对这个回答的评价是?
推荐律师服务:
若未解决您的问题,请您详细描述您的问题,通过百度律临进行免费专业咨询
