一、背景:
发现公司的网站access的访问量很大,但是业务数据却没有很明显的提升。
那么有可能是 网站被攻击。群众里面有坏人,总是在不停的尝试各种url。
以下是部分日志共大家参考。
二、 问题:查看access中哪些ip访问的次数最多(以当天的部分数据作为演示)。
日志格式:
222.14.223.214 - - [02/Feb/2024:00:52:11 +0800] "GET /phpMyAdmin-5/index.php?lang=en HTTP/1.1" 404 548 "http://182.92.102.230/phpMyAdmin-5/index.php?lang=en" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36" "-" "from: http://182.92.102.230/phpMyAdmin-5/index.php?lang=en"
222.14.223.214 - - [02/Feb/2024:00:52:11 +0800] "GET /phpmyadmin2014/index.php?lang=en HTTP/1.1" 404 548 "http://182.92.102.230/phpmyadmin2014/index.php?lang=en" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36" "-" "from: http://182.92.102.230/phpmyadmin2014/index.php?lang=en"
222.14.223.214 - - [02/Feb/2024:00:52:11 +0800] "GET /phpMyAdmin-3/index.php?lang=en HTTP/1.1" 404 548 "http://182.92.102.230/phpMyAdmin-3/index.php?lang=en" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36" "-" "from: http://182.92.102.230/phpMyAdmin-3/index.php?lang=en"
222.14.223.214 -