这几天服务器越来越慢.从apache mysql php 方面也找不到原因.
uptime 显示 load average: 42.05
netstat -anl
显示出很多个 apache mysql 链接按照正常链接数这些都是正常的
根据远程链接的IP查出很多是北京 江苏 广东那边 而我的网站主机用户群是云南
在网上搜索 ip 所属地基本了解这些IP应该是网络蜘蛛在抓数据. apache 我已做了 mod_limit 最多并发10个链接 ,想想会不会是搜索引擎在抓我网站的数据,导致系统负载很大,以前也碰到这种情况 再次修改 httpd.conf 把那些不正常的 ip deny 掉
先运行
netstat -na --inet|grep :80|grep -v 127.0.0.1|awk '{print $5}'|sort
来查看 80端口所有的链接 特别检查出现次数最多的IP然后在httpd.conf 禁止 再用 gggipdrop.sh
封杀
<Directory />
Options FollowSymLinks
AllowOverride None
deny from 219.134.12.119
deny from 219.133.243.148
deny from 222.50.207.21
deny from 222.88.150.107
deny from 222.35.32.240
deny from 211.148.207.111
deny from 220.174.172.56
deny from 218.93.216.66
deny from 218.82.99.225
deny from 218.18.32.198
deny from 202.107.200.72
deny from 202.108.11.234
deny from 202.108.11.235
deny from 218.69.251.123
deny from 61.141.239.141
deny from 219.147.0.3
deny from 221.214.224.228
deny from 221.219.225.130
deny from 220.163.34.199
deny from 218.63.46.202
deny from 221.192.211.158
deny from 218.93.225.75
deny from 218.93.254.243
deny from 218.17.4.205
deny from 218.247.172.20
deny from 219.134.121.167
deny from 61.135.145.204
deny from 61.135.145.208
deny from 61.135.145.221
deny from 61.135.145.216
deny from 61.135.145
deny from 61.135.146
deny from 61.145.24.1
deny from www.baidu.com baidu.com
deny from 61.147.241.249
deny from 61.147.245.69
deny from 218.17.237.217
deny from 218.71.38.113
deny from 61.147.255.85
deny from 221.5.119.171
deny from 60.28.249.101
deny from 220.165.222.14
deny from 220.189.210.18
deny from 61.181.210.245
deny from 202.96.199.133
deny from 218.18.18.57
deny from 202.108.1
</Directory>
然后用以下shell把特别顽固的几个IP封杀掉
#========================== begin gggipdrop.sh
#!/bin/bash
#args 2 $# "${0} IPADDR {on/off}" "Drops packets to/from IPADDR. Good for obnoxious networks/hosts/DoS"
if [ "$2" = "on" ]
then
#rules will be appended or inserted as normal
APPEND="-A"
INSERT="-I"
# rec_check ipdrop $1 "$1 already blocked" on
# record ipdrop $1
elif [ "$2" = "off" ]
then
#rules will be deleted instead
APPEND="-D"
INSERT="-D"
# rec_check ipdrop $1 "$1 not currently blocked" off
# unrecord ipdrop $1
else
echo "Error: /"off/" or /"on/" expected as second argument"
exit 1
fi
#block outside IP address that's causing problems
#attacker's incoming TCP connections will take a minute or so to time out,
#reducing DoS effectiveness.
iptables $INSERT INPUT -s $1 -j DROP
iptables $INSERT OUTPUT -d $1 -j DROP
iptables $INSERT FORWARD -d $1 -j DROP
echo "IP ${1} drop ${2}."
#========================== end gggipdrop.sh
apachectl restart
1160
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
