Botnet使用POST和GET请求阻止服务器

时间:2013-10-26 13:55:07

标签: php .htaccess spam botnet

每个请求来自不同的IP。 所以我认为这些僵尸网络受害者仍然要求我在一周前删除的僵尸网络脚本。

在这里,您可以看到访问日志的一小部分:

95.228.246.9 - - [26/Oct/2013:15:40:52 +0200] "POST /eze/panel/entry.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; BRI/2; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
95.228.246.9 - - [26/Oct/2013:15:40:52 +0200] "GET / HTTP/1.1" 503 41 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; BRI/2; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
72.85.226.216 - - [26/Oct/2013:15:40:53 +0200] "POST /eze/panel/entry.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.4506.2152; .NET4.0C; .NET4.0E; IPH 1.1.21.4019; BRI/2)"
72.85.226.216 - - [26/Oct/2013:15:40:53 +0200] "GET / HTTP/1.1" 503 41 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.4506.2152; .NET4.0C; .NET4.0E; IPH 1.1.21.4019; BRI/2)"
94.201.237.81 - - [26/Oct/2013:15:40:55 +0200] "POST /eze/panel/entry.php HTTP/1.1" 302 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
94.201.237.81 - - [26/Oct/2013:15:40:55 +0200] "GET / HTTP/1.1" 503 41 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
72.85.226.216 - - [26/Oct/2013:15:40:58 +0200] "POST /eze/panel/entry.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.4506.2152; .NET4.0C; .NET4.0E; IPH 1.1.21.4019; BRI/2)"
94.201.237.81 - - [26/Oct/2013:15:40:58 +0200] "POST /eze/panel/entry.php HTTP/1.1" 302 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
72.85.226.216 - - [26/Oct/2013:15:40:59 +0200] "GET / HTTP/1.1" 503 41 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.4506.2152; .NET4.0C; .NET4.0E; IPH 1.1.21.4019; BRI/2)"
94.201.237.81 - - [26/Oct/2013:15:41:00 +0200] "GET / HTTP/1.1" 503 41 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
188.135.15.144 - - [26/Oct/2013:15:41:00 +0200] "POST /eze/panel/entry.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; BRI/1; InfoPath.2; BRI/2)"
188.135.15.144 - - [26/Oct/2013:15:41:01 +0200] "GET / HTTP/1.1" 503 41 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; BRI/1; InfoPath.2; BRI/2)"
94.201.237.81 - - [26/Oct/2013:15:41:01 +0200] "GET /eze/panel/config.bin HTTP/1.1" 302 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
94.201.237.81 - - [26/Oct/2013:15:41:02 +0200] "GET / HTTP/1.1" 503 41 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
85.154.191.178 - - [26/Oct/2013:15:41:02 +0200] "POST /eze/panel/entry.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"
85.154.191.178 - - [26/Oct/2013:15:41:02 +0200] "POST /eze/panel/entry.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"
85.154.191.178 - - [26/Oct/2013:15:41:03 +0200] "GET / HTTP/1.1" 503 41 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"
94.201.237.81 - - [26/Oct/2013:15:41:03 +0200] "GET /eze/panel/config.bin HTTP/1.1" 302 - "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
85.154.191.178 - - [26/Oct/2013:15:41:03 +0200] "GET / HTTP/1.1" 503 41 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"

GET请求每次都在请求整个索引页面。 这导致疯狂的带宽使用。

我试过了:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} /eze/panel/entry\.php
RewriteRule .* - [F]
</IfModule>

但它不起作用。 可以请有人帮我阻止所有这些讨厌的东西。

0 个答案:

没有答案
相关问题
最新问题