网站访问日志一直出现HTTP 408 错误的原因以及屏蔽一些恶意扫描网站漏洞的ip
时间:2022年03月19日
/来源:网络
/编辑:佚名
bbs的一个网站日志里一直出现408,偶尔出现几个还算正常,奇怪的问题,一下子出现几百甚至几千个。
不知道这些408访问是怎么产生的,没有访问来路也没有请求浏览器信息,就是408,每天都有很多,至少几十个。
网站日志样本如下
49.7.20.81 - - [22/Sep/2021:20:04:55 +0800] "-" 408 - "-" "-"
49.7.20.155 - - [22/Sep/2021:20:17:15 +0800] "-" 408 - "-" "-"
192.241.221.8 - - [22/Sep/2021:20:26:31 +0800] "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1" 404 258 "-" "Mozilla/5.0 zgrab/0.x"
49.7.20.140 - - [22/Sep/2021:20:27:26 +0800] "-" 408 - "-" "-"
123.183.224.29 - - [22/Sep/2021:20:27:48 +0800] "-" 408 - "-" "-"
49.7.20.155 - - [22/Sep/2021:20:50:35 +0800] "-" 408 - "-" "-"
49.7.20.114 - - [22/Sep/2021:20:52:18 +0800] "-" 408 - "-" "-"
49.7.20.81 - - [22/Sep/2021:20:54:21 +0800] "-" 408 - "-" "-"
49.7.20.140 - - [22/Sep/2021:21:02:30 +0800] "-" 408 - "-" "-"
123.183.224.66 - - [22/Sep/2021:21:33:53 +0800] "-" 408 - "-" "-"
维基百科上都有说的。这个信息表明有人以较慢的速度在向你的服务器发送请求。可能原因是:
用户在手动输入数据
用户的网络慢死了
用户想通过这种方式进行 DoS 攻击
用户的程序出错了
后边的「from:-」不知道是什么字段。大概是 UserAgent?
其中192.241.221.8 - - [22/Sep/2021:20:26:31 +0800] "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1" 404 258 "-" "Mozilla/5.0 zgrab/0.x"是网站漏洞扫描,可以直接屏蔽掉ip即可。
样本2:
101.36.109.176 - - [22/Sep/2021:18:38:10 +0800] "GET /index/index/andiro HTTP/1.1" 301 315 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
101.36.109.176 - - [22/Sep/2021:18:38:09 +0800] "GET /api/content_bottom HTTP/1.1" 301 315 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
101.36.109.176 - - [22/Sep/2021:18:38:04 +0800] "GET /home/GetQrCodeInfo HTTP/1.1" 301 315 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
101.36.109.176 - - [22/Sep/2021:18:38:09 +0800] "GET /legal/currency/set HTTP/1.1" 301 315 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
101.36.109.176 - - [22/Sep/2021:18:38:01 +0800] "GET /Home/Get/getJnd28 HTTP/1.1" 301 314 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
101.36.109.176 - - [22/Sep/2021:18:38:10 +0800] "GET /room/script/face.js HTTP/1.1" 301 316 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
101.36.109.176 - - [22/Sep/2021:18:38:10 +0800] "GET /public/img/cz1.png HTTP/1.1" 301 315 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
101.36.109.176 - - [22/Sep/2021:18:38:01 +0800] "GET /views/home/home.js HTTP/1.1" 301 315 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
101.36.109.176 - - [22/Sep/2021:18:38:09 +0800] "GET /Home/GetInitSource HTTP/1.1" 301 315 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
101.36.109.176 - - [22/Sep/2021:18:38:01 +0800] "GET /statics/js/API.js HTTP/1.1" 301 314 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
101.36.109.176 - - [22/Sep/2021:18:38:10 +0800] "GET /api/v1/member/kefu HTTP/1.1" 301 315 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
101.36.109.176 - - [22/Sep/2021:18:38:18 +0800] "POST /api/app/config_new HTTP/1.1" 301 315 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
101.36.109.176 - - [22/Sep/2021:18:38:12 +0800] "POST /wap/banner/details HTTP/1.1" 301 315 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
101.36.109.176 - - [22/Sep/2021:18:38:18 +0800] "GET /Public/css/hall.css HTTP/1.1" 301 316 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
101.36.109.176 - - [22/Sep/2021:18:38:19 +0800] "GET /skin/main/onload.js HTTP/1.1" 301 316 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
101.36.109.176 - - [22/Sep/2021:18:38:20 +0800] "GET /api/site/getInfo.do HTTP/1.1" 301 316 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
101.36.109.176 - - [22/Sep/2021:18:38:36 +0800] "GET /static/guide/ab.css HTTP/1.1" 301 316 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
101.36.109.176 - - [22/Sep/2021:18:38:33 +0800] "GET /room/getRoomBangFans HTTP/1.1" 301 317 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
101.36.109.176 - - [22/Sep/2021:18:38:33 +0800] "GET /api/message/webInfo HTTP/1.1" 301 316 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
101.36.109.176 - - [22/Sep/2021:18:38:33 +0800] "GET /Content/favicon.ico HTTP/1.1" 301 316 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
101.36.109.176 - - [22/Sep/2021:18:38:39 +0800] "GET /Recruit/download_url HTTP/1.1" 301 317 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
101.36.109.176 - - [22/Sep/2021:18:38:46 +0800] "POST /api/user/mobilelogin HTTP/1.1" 301 317 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"
出现这个情况是有人通过工具或者软件扫描你的网站有没有漏洞,想黑你的网站。针对怀有恶意的ip,我们就毫不犹豫的拉黑它或者屏蔽ip。
整理的一些需要屏蔽的ip分类如下
网站漏洞扫描ip:
101.36.109.176
192.241.221.8
扫描网站文件类型zip,rar