光棍节,起床后,发现博客很慢,连上来一看,cpu满载,流量异常,一看日志,呵呵,搞个小博客么,被攻击也是常态了,只是没想到这一天居然有人这么无聊:

 

来吧,看看穷屌丝长啥样:

"180.118.151.65","10.170.0.3","2018-11-10 14:49:56","https","HTTP/1.0","GET","tingtao.org","200","text/html; charset=UTF-8","2344","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:49:56","https","HTTP/1.0","GET","tingtao.org","200","text/html; charset=UTF-8","2344","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:49:56","https","HTTP/1.0","GET","tingtao.org","200","text/html; charset=UTF-8","2344","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:49:56","https","HTTP/1.0","GET","tingtao.org","500","text/html; charset=UTF-8","0","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:49:57","https","HTTP/1.0","GET","tingtao.org","500","text/html; charset=UTF-8","0","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:49:57","https","HTTP/1.0","GET","tingtao.org","200","text/html; charset=UTF-8","2344","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:49:57","https","HTTP/1.0","GET","tingtao.org","200","text/html; charset=UTF-8","2344","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:50:01","https","HTTP/1.0","GET","tingtao.org","500","text/html; charset=UTF-8","0","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:50:01","https","HTTP/1.0","GET","tingtao.org","200","text/html; charset=UTF-8","2344","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:50:01","https","HTTP/1.0","GET","tingtao.org","500","text/html; charset=UTF-8","0","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:50:01","https","HTTP/1.0","GET","tingtao.org","502","text/html","166","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:50:01","https","HTTP/1.0","GET","tingtao.org","200","text/html; charset=UTF-8","2344","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:50:01","https","HTTP/1.0","GET","tingtao.org","200","text/html; charset=UTF-8","2344","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:50:02","https","HTTP/1.0","GET","tingtao.org","200","text/html; charset=UTF-8","2344","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:50:02","https","HTTP/1.0","GET","tingtao.org","200","text/html; charset=UTF-8","2344","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:50:02","https","HTTP/1.0","GET","tingtao.org","200","text/html; charset=UTF-8","2344","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:50:02","https","HTTP/1.0","GET","tingtao.org","200","text/html; charset=UTF-8","2344","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:50:02","https","HTTP/1.0","GET","tingtao.org","200","text/html; charset=UTF-8","2344","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:50:02","https","HTTP/1.0","GET","tingtao.org","502","text/html","166","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:50:02","https","HTTP/1.0","GET","tingtao.org","200","text/html; charset=UTF-8","2344","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:50:02","https","HTTP/1.0","GET","tingtao.org","200","text/html; charset=UTF-8","2344","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:50:02","https","HTTP/1.0","GET","tingtao.org","200","text/html; charset=UTF-8","2344","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:50:02","https","HTTP/1.0","GET","tingtao.org","200","text/html; charset=UTF-8","2344","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:50:02","https","HTTP/1.0","GET","tingtao.org","200","text/html; charset=UTF-8","2344","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:50:02","https","HTTP/1.0","GET","tingtao.org","502","text/html","166","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:50:02","https","HTTP/1.0","GET","tingtao.org","502","text/html","166","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:50:02","https","HTTP/1.0","GET","tingtao.org","502","text/html","166","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:50:02","https","HTTP/1.0","GET","tingtao.org","502","text/html","166","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:50:02","https","HTTP/1.0","GET","tingtao.org","502","text/html","166","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:50:02","https","HTTP/1.0","GET","tingtao.org","502","text/html","166","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:50:02","https","HTTP/1.0","GET","tingtao.org","502","text/html","166","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:50:02","https","HTTP/1.0","GET","tingtao.org","502","text/html","166","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:50:02","https","HTTP/1.0","GET","tingtao.org","502","text/html","166","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:50:02","https","HTTP/1.0","GET","tingtao.org","502","text/html","166","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:50:02","https","HTTP/1.0","GET","tingtao.org","200","text/html; charset=UTF-8","2344","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:50:02","https","HTTP/1.0","GET","tingtao.org","200","text/html; charset=UTF-8","2344","/wp-login.php","-","ApacheBench/2.3"
"180.118.151.65","10.170.0.3","2018-11-10 14:50:02","https","HTTP/1.0","GET","tingtao.org","200","text/html; charset=UTF-8","2344","/wp-login.php","-","ApacheBench/2.3"

 

说说为啥对方是穷屌丝吧

首先是这个时间,从凌晨2点49分开始,尼玛,这一天的凌晨我估计多数人都在抢购,这b孩子在这玩所谓的cc;

然后是这个方式,如果真能玩出花来,我还高看他一眼,可用的是1.0的协议,如果我开cdn,直接连cdn都过不去,而且居然用apachebench这玩意,呵呵;

还有就是单个ip,尼玛如果真是铺天盖地上万个IP,我依然会高看一眼,结果,呵呵。

 

 

最后说说怎么解决吧

 

第一种情况

对付少量IP,效率最高的是ipset:

ipset create badip hash:net
ipset add badip 180.118.151.65/32
iptables -I INPUT -m set --match-set badip src  -j DROP

 

第二种情况

如果IP很多的话,nginx自身如此设置:

http段:

limit_req_zone $binary_remote_addr zone=allips:10m rate=25r/s;

 

server段:

limit_req zone=allips burst=5 nodelay;

 

因为第二种方式其实依然会产生服务器计算和带宽的开销,如果服务器自身扛不住的话(比如我这用的就是最廉价的VPS),一键打开CDN,则cdn会处理一定程度的攻击。

 

第三种情况

如果b孩子死了心要跟你死磕,那么免费cdn实际上帮你扛的流量是比较少的,多一点就给你回源了。那么这时候就要考虑了,要么花钱买商业CDN支持,要么就找个专业耐操的机房过渡一下,价格也不高,我认识一个百十块就能硬抗1T带宽的,最多再来个几十块能抗几百G的欧洲节点。

如果b孩子用了1T带宽跟你死磕一个月以上,好吧,你赢了,你可以融资或者上市了,为啥呢?保守估计,1T攻击带宽的成本么,现在行情不太清楚,估算大约上十万rmb了,遇到这样的对手(到这个层次就可以视为对手了),说明你网站自身值钱,融个资应该不难。

作者 听涛

发表回复

您的电子邮箱地址不会被公开。 必填项已用*标注