Apache2.4 屏蔽恶意IP访问

最近一直在外地出差,手头的事情挺多,没有多少时间来更新博客。不过最近几次访问博客都出现了错误“Error establishing a database connection”。

看到这个第一反应是被黑了!这个提示连接不到数据库。马上登录到网站后台,首先查看mysql服务是否还健在, 果然,mysql已经down了。先把服务启动起来再说。 然后到/var/log/mysql下查看error.log,只是发现有异常启动关闭的提示却没有其他信息。

登录控制台,打开WP统计插件的统计页面。一看吓一跳,今天的访问量纠结超过了2W次,而在线人数才4个。mysql应该是被这几个ip给耗尽连接爆掉了。

首先先禁止这几个ip访问吧。

修改网站根目录下的.htaccess文件(Apache2.4),添加以下几行

<RequireAll>
require all granted
require not ip 185.103.252.170
require not ip 185.130.4
require not ip 159.122.224.173
</RequireAll>

重启后,经常可以临时先禁止这几个ip的访问。查看/var/log/apache2/error.log文件,发现有刷出以下信息:

[Thu Apr 28 07:38:55.840256 2016] [authz_core:error] [pid 13605] [client 185.103.252.170:58768] AH01630: client denied by server configuration: /var/www/wordpress/xmlrpc.php
[Thu Apr 28 07:38:57.252238 2016] [authz_core:error] [pid 13602] [client 185.130.4.120:37930] AH01630: client denied by server configuration: /var/www/wordpress/xmlrpc.php
[Thu Apr 28 07:38:57.278486 2016] [authz_core:error] [pid 13597] [client 185.103.252.170:50045] AH01630: client denied by server configuration: /var/www/wordpress/xmlrpc.php
[Thu Apr 28 07:38:58.640261 2016] [authz_core:error] [pid 13644] [client 159.122.224.173:57701] AH01630: client denied by server configuration: /var/www/wordpress/xmlrpc.php
[Thu Apr 28 07:38:58.765086 2016] [authz_core:error] [pid 13643] [client 185.130.4.197:35913] AH01630: client denied by server configuration: /var/www/wordpress/xmlrpc.php
[Thu Apr 28 07:38:58.831950 2016] [authz_core:error] [pid 13605] [client 159.122.224.173:57239] AH01630: client denied by server configuration: /var/www/wordpress/xmlrpc.php
[Thu Apr 28 07:38:59.038847 2016] [authz_core:error] [pid 13602] [client 185.130.4.197:39839] AH01630: client denied by server configuration: /var/www/wordpress/xmlrpc.php
[Thu Apr 28 07:39:00.046314 2016] [authz_core:error] [pid 13597] [client 185.130.4.197:54025] AH01630: client denied by server configuration: /var/www/wordpress/xmlrpc.php
[Thu Apr 28 07:39:00.186308 2016] [authz_core:error] [pid 13644] [client 185.130.4.197:55952] AH01630: client denied by server configuration: /var/www/wordpress/xmlrpc.php
[Thu Apr 28 07:39:00.874022 2016] [authz_core:error] [pid 13643] [client 185.130.4.120:34832] AH01630: client denied by server configuration: /var/www/wordpress/xmlrpc.php
[Thu Apr 28 07:39:01.448978 2016] [authz_core:error] [pid 13605] [client 185.130.4.120:43444] AH01630: client denied by server configuration: /var/www/wordpress/xmlrpc.php
[Thu Apr 28 07:39:02.429121 2016] [authz_core:error] [pid 13602] [client 185.130.4.197:60332] AH01630: client denied by server configuration: /var/www/wordpress/xmlrpc.php

看来真是锲而不舍呀。再结合之前统计里面的访问量最高的页面是xmlrpc.php(>2w6)。而这个页面一般用不着,但是却是针对Wp的一个很著名的攻击手段。看来不能光封ip了,这个页面也得禁用下了。继续修改.htaccess文件,增加以下内容:

<Files xmlrpc.php>
Require all denied
</Files>

禁止所有访问该页面的请求。重启Apache2后,直接访问该页面已经“Forbidden”了。

另外请一定注意,要将添加的内容放置在写在“# BEGIN WordPress”和”# END WordPress”之外,防止在修改固定链接时被覆盖。

 

此条目发表在技术, 未分类分类目录,贴了, , 标签。将固定链接加入收藏夹。

1 则回应给 Apache2.4 屏蔽恶意IP访问

  1. MaryMJ说:

    Hello! My name is MaryMarkova, our compane need to advertise on your website. What is your prices? Thank you. Best regards, Mary.

发表评论

电子邮件地址不会被公开。