男的舔女的下面视频在线播放-少妇愉情理仑片高潮日本-久久久久久国产一区二区三区-麻豆精品一区二区综合-国产精品超碰在线观看-网红极品女神精品视频在线-国产亚洲综合777-高清性视频一区二区播放-中文字幕第一页亚洲天堂

Discuz! 官方交流社區(qū)

標(biāo)題: 網(wǎng)站日志中發(fā)現(xiàn)大量的avatar.php的訪問(wèn)消耗流量如何解決? [打印本頁(yè)]
作者: 土雞瓦犬    時(shí)間: 2025-12-13 22:43
標(biāo)題: 網(wǎng)站日志中發(fā)現(xiàn)大量的avatar.php的訪問(wèn)消耗流量如何解決?
版本還是比較舊的Discuz! X3.4 R20230520,發(fā)現(xiàn)流量異常高,用的寶塔(沒(méi)買(mǎi)Nginx防火墻),一看網(wǎng)站日志中大量的
“IP地址- - [日期] "GET /uc_server/avatar.php?uid=[各種uid數(shù)值]&size=small HTTP/2.0" 301 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"”
作者: IsaacZ    時(shí)間: 2025-12-14 01:10
/uc_server/avatar.php 是對(duì)頭像的訪問(wèn),一個(gè)回復(fù)比較多的熱門(mén)帖子一打開(kāi)就會(huì)對(duì)10層樓的頭像進(jìn)行加載,訪問(wèn)數(shù)量大本身沒(méi)有什么問(wèn)題。
301永久重定向也一般看作正常,不過(guò)你這個(gè)沒(méi)有 referrer 比較可疑。看看除了301還有沒(méi)有別的錯(cuò)誤碼。

我的網(wǎng)站攻擊入口是首頁(yè)熱搜鏈接,全是503錯(cuò)誤碼,原來(lái)用 Fail2ban 見(jiàn)一個(gè)封一個(gè),現(xiàn)在被我關(guān)了熱搜,然后針對(duì)熱搜的所有訪問(wèn)被我擋在 Nginx 層,現(xiàn)在清靜多了。參考:
Fail2ban 封禁了 47700 個(gè)IP! - 站長(zhǎng)雜談
http://m.sdtechgong.com.cn/thread-27539-1-1.html
作者: crx349    時(shí)間: 2025-12-14 03:31
可以改成靜態(tài)頭像模式會(huì)好點(diǎn)
作者: 鴻茂傳媒    時(shí)間: 2025-12-14 07:55
如果流量異常高,那就改成靜態(tài)的看下,或者增加防火墻。
作者: 土雞瓦犬    時(shí)間: 2025-12-14 12:48
IsaacZ 發(fā)表于 2025-12-14 01:10
/uc_server/avatar.php 是對(duì)頭像的訪問(wèn),一個(gè)回復(fù)比較多的熱門(mén)帖子一打開(kāi)就會(huì)對(duì)10層樓的頭像進(jìn)行加載,訪問(wèn) ...

抽了一個(gè)ip看了下正常和錯(cuò)誤日志,這是被攻擊了吧- -|||

攻擊者IP - - [14/Dec/2025:12:13:30 +0800] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
攻擊者IP - - [14/Dec/2025:12:13:31 +0800] "GET / HTTP/2.0" 200 11914 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
攻擊者IP - - [14/Dec/2025:12:13:31 +0800] "GET /sslogo.gif HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
攻擊者IP - - [14/Dec/2025:12:13:33 +0800] "GET /uc_server/avatar.php?uid=184544&size=small HTTP/2.0" 301 230 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
攻擊者IP - - [14/Dec/2025:12:13:33 +0800] "GET /uc_server/avatar.php?uid=184540&size=small HTTP/2.0" 301 230 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
攻擊者IP - - [14/Dec/2025:12:13:33 +0800] "GET /uc_server/avatar.php?uid=184543&size=small HTTP/2.0" 301 230 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
攻擊者IP - - [14/Dec/2025:12:13:33 +0800] "GET /uc_server/avatar.php?uid=184542&size=small HTTP/2.0" 301 230 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
攻擊者IP - - [14/Dec/2025:12:13:33 +0800] "GET /uc_server/avatar.php?uid=184539&size=small HTTP/2.0" 301 230 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
攻擊者IP - - [14/Dec/2025:12:13:33 +0800] "GET /uc_server/avatar.php?uid=184545&size=small HTTP/2.0" 301 230 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"
攻擊者IP - - [14/Dec/2025:12:13:33 +0800] "GET /uc_server/avatar.php?uid=184541&size=small HTTP/2.0" 301 230 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"



2025/12/14 12:13:33 [error] 3997#0: *461236 FastCGI sent in stderr: "PHP message: PHP Warning: file_put_contents(./data/ip_count/7f40f4a9460074a55fb7e668184d9cbc.txt): failed to open stream: No such file or directory in /www/wwwroot/www.我的url/uc_server/avatar.php on line 33" while reading response header from upstream, client: 攻擊者IP, server: www.我的url, request: "GET /uc_server/avatar.php?uid=184544&size=small HTTP/2.0", upstream: "fastcgi://unix:/tmp/php-cgi-74.sock:", host: "www.我的url"
2025/12/14 12:13:33 [error] 3997#0: *461236 FastCGI sent in stderr: "PHP message: PHP Warning: file_put_contents(./data/ip_count/7f40f4a9460074a55fb7e668184d9cbc.txt): failed to open stream: No such file or directory in /www/wwwroot/www.我的url/uc_server/avatar.php on line 33" while reading response header from upstream, client: 攻擊者IP, server: www.我的url, request: "GET /uc_server/avatar.php?uid=184540&size=small HTTP/2.0", upstream: "fastcgi://unix:/tmp/php-cgi-74.sock:", host: "www.我的url"
2025/12/14 12:13:33 [error] 3997#0: *461236 FastCGI sent in stderr: "PHP message: PHP Warning: file_put_contents(./data/ip_count/7f40f4a9460074a55fb7e668184d9cbc.txt): failed to open stream: No such file or directory in /www/wwwroot/www.我的url/uc_server/avatar.php on line 33" while reading response header from upstream, client: 攻擊者IP, server: www.我的url, request: "GET /uc_server/avatar.php?uid=184543&size=small HTTP/2.0", upstream: "fastcgi://unix:/tmp/php-cgi-74.sock:", host: "www.我的url"
2025/12/14 12:13:33 [error] 3997#0: *461236 FastCGI sent in stderr: "PHP message: PHP Warning: file_put_contents(./data/ip_count/7f40f4a9460074a55fb7e668184d9cbc.txt): failed to open stream: No such file or directory in /www/wwwroot/www.我的url/uc_server/avatar.php on line 33" while reading response header from upstream, client: 攻擊者IP, server: www.我的url, request: "GET /uc_server/avatar.php?uid=184542&size=small HTTP/2.0", upstream: "fastcgi://unix:/tmp/php-cgi-74.sock:", host: "www.我的url"
2025/12/14 12:13:33 [error] 3997#0: *461236 FastCGI sent in stderr: "PHP message: PHP Warning: file_put_contents(./data/ip_count/7f40f4a9460074a55fb7e668184d9cbc.txt): failed to open stream: No such file or directory in /www/wwwroot/www.我的url/uc_server/avatar.php on line 33" while reading response header from upstream, client: 攻擊者IP, server: www.我的url, request: "GET /uc_server/avatar.php?uid=184539&size=small HTTP/2.0", upstream: "fastcgi://unix:/tmp/php-cgi-74.sock:", host: "www.我的url"
2025/12/14 12:13:33 [error] 3997#0: *461236 FastCGI sent in stderr: "PHP message: PHP Warning: file_put_contents(./data/ip_count/7f40f4a9460074a55fb7e668184d9cbc.txt): failed to open stream: No such file or directory in /www/wwwroot/www.我的url/uc_server/avatar.php on line 33" while reading response header from upstream, client: 攻擊者IP, server: www.我的url, request: "GET /uc_server/avatar.php?uid=184545&size=small HTTP/2.0", upstream: "fastcgi://unix:/tmp/php-cgi-74.sock:", host: "www.我的url"
2025/12/14 12:13:33 [error] 3997#0: *461236 FastCGI sent in stderr: "PHP message: PHP Warning: file_put_contents(./data/ip_count/7f40f4a9460074a55fb7e668184d9cbc.txt): failed to open stream: No such file or directory in /www/wwwroot/www.我的url/uc_server/avatar.php on line 33" while reading response header from upstream, client: 攻擊者IP, server: www.我的url, request: "GET /uc_server/avatar.php?uid=184541&size=small HTTP/2.0", upstream: "fastcgi://unix:/tmp/php-cgi-74.sock:", host: "www.我的url"
作者: IsaacZ    時(shí)間: 2025-12-14 20:20
土雞瓦犬 發(fā)表于 2025-12-14 12:48
抽了一個(gè)ip看了下正常和錯(cuò)誤日志,這是被攻擊了吧- -|||

攻擊者IP - - [14/Dec/2025:12:13:30 +0800] " ...

建議:在Nginx添加location規(guī)則:;
作者: IsaacZ    時(shí)間: 2025-12-14 20:22
土雞瓦犬 發(fā)表于 2025-12-14 12:48
抽了一個(gè)ip看了下正常和錯(cuò)誤日志,這是被攻擊了吧- -|||

攻擊者IP - - [14/Dec/2025:12:13:30 +0800] " ...

修改文件:# 寶塔面板(你日志路徑含 /www/wwwroot/,很可能是寶塔)
/www/server/panel/vhost/nginx/你的域名.conf

注意把 yourdomain.com 換成你自己的域名
作者: 土雞瓦犬    時(shí)間: 2025-12-14 21:58
IsaacZ 發(fā)表于 2025-12-14 20:22
修改文件:# 寶塔面板(你日志路徑含 /www/wwwroot/,很可能是寶塔)
/www/server/panel/vhost/nginx/你 ...

謝謝你的解答。

確實(shí)是寶塔。
其實(shí)之前問(wèn)了AI,給的是類(lèi)似的答復(fù):

# 在站點(diǎn)配置中添加:
        location ~* /uc_server/avatar\.php
        {
    # 封禁所有已知攻擊IP
    # deny IP案例;
   
    # 嚴(yán)格參數(shù)驗(yàn)證
                if ($args !~* "^uid=[0-9]{1,6}&size=(small|middle|large)$") {
                        return 403;
                }
   
    # UID范圍限制
                if ($arg_uid > 200000) {
                        return 403;
                }
   
    # 頻率限制:每秒1次
                limit_req zone=one burst=1 nodelay;
   
    # 必須來(lái)自本站
                valid_referers none blocked server_names *.我的域名;
                if ($invalid_referer) {
                        return 403;
                }
        }

我把你提供的也寫(xiě)在它前頭好了。
現(xiàn)在雖然攻擊還是有的,但流量情況正常多了…
作者: IsaacZ    時(shí)間: 2025-12-15 09:28
我的 location 規(guī)則放上面的話優(yōu)先級(jí)最高,你后面的規(guī)則可能就沒(méi)用了。
作者: 羅永浩    時(shí)間: 2025-12-15 21:02
你的網(wǎng)站如果沒(méi)有收益,以及不是很賺錢(qián)的論壇,很多攻擊都是“誤會(huì)”,有時(shí)搜索引擎爬蟲(chóng)也會(huì)出現(xiàn)這種情況,至于什么搜索 熱詞之類(lèi),直接打開(kāi) 使用搜索需要登錄就可以了,增加防火墻純粹增加系統(tǒng)負(fù)擔(dān)

你的同行攻擊直接D概率比較大,不會(huì)搞這種費(fèi)時(shí)費(fèi)力的手段
作者: 土雞瓦犬    時(shí)間: 2025-12-15 21:32
IsaacZ 發(fā)表于 2025-12-15 09:28
我的 location 規(guī)則放上面的話優(yōu)先級(jí)最高,你后面的規(guī)則可能就沒(méi)用了。

目前看是精確名字的打擊,我看情況調(diào)整好了。
作者: 土雞瓦犬    時(shí)間: 2025-12-15 21:51
羅永浩 發(fā)表于 2025-12-15 21:02
你的網(wǎng)站如果沒(méi)有收益,以及不是很賺錢(qián)的論壇,很多攻擊都是“誤會(huì)”,有時(shí)搜索引擎爬蟲(chóng)也會(huì)出現(xiàn)這種情況, ...

扒頭像并試圖寫(xiě)入一個(gè).txt的行為看起來(lái)不像“誤會(huì)”,而且IP集中在某省幾個(gè)地方。
作者: 羅永浩    時(shí)間: 2025-12-16 21:27
土雞瓦犬 發(fā)表于 2025-12-15 21:51
扒頭像并試圖寫(xiě)入一個(gè).txt的行為看起來(lái)不像“誤會(huì)”,而且IP集中在某省幾個(gè)地方。 ...

沒(méi)看到嘗試寫(xiě)入txt,如果有可以下載下來(lái)打開(kāi)看看是什么
作者: 土雞瓦犬    時(shí)間: 2025-12-17 21:29
羅永浩 發(fā)表于 2025-12-16 21:27
沒(méi)看到嘗試寫(xiě)入txt,如果有可以下載下來(lái)打開(kāi)看看是什么

沒(méi)有創(chuàng)建出來(lái),案例↓
2025/12/14 12:13:33 [error] 3997#0: *461236 FastCGI sent in stderr: "PHP message: PHP Warning: file_put_contents(./data/ip_count/7f40f4a9460074a55fb7e668184d9cbc.txt): failed to open stream: No such file or directory in /www/wwwroot/域名/uc_server/avatar.php on line 33" while reading response header from upstream, client: 對(duì)方IP, server: 域名, request: "GET /uc_server/avatar.php?uid=184544&size=small HTTP/2.0", upstream: "fastcgi://unix:/tmp/php-cgi-74.sock:", host: "域名"




歡迎光臨 Discuz! 官方交流社區(qū) (http://m.sdtechgong.com.cn/) Powered by Discuz! X5.0