全球主机交流论坛

标题: 求助看下nginx日记.......... [打印本页]
作者: 每次醒来    时间: 2013-1-12 16:55
标题: 求助看下nginx日记..........
在error里面截取 了一小节  这是在干吗?  我的站现在20分钟左右就被刷了 1G多流量!

2013/01/11 11:18:34 [error] 846#0: *1 open() "/usr/local/nginx/html/gostore/entrance" failed (2: No such file or directory), client: 66.87.106.155, server: localhost, request: "POST /gostore/entrance HTTP/1.1", host: "gostore.3g.cn"
2013/01/11 11:18:34 [error] 846#0: *2 open() "/usr/local/nginx/html/gostore/entrance" failed (2: No such file or directory), client: 208.54.38.175, server: localhost, request: "POST /gostore/entrance HTTP/1.1", host: "gostore.3g.cn"
2013/01/11 11:18:34 [error] 846#0: *3 open() "/usr/local/nginx/html/gostore/entrance" failed (2: No such file or directory), client: 173.136.189.157, server: localhost, request: "POST /gostore/entrance HTTP/1.1", host: "gostore.3g.cn"
2013/01/11 11:18:34 [error] 846#0: *4 open() "/usr/local/nginx/html/gostore/entrance" failed (2: No such file or directory), client: 208.54.38.252, server: localhost, request: "POST /gostore/entrance HTTP/1.1", host: "gostore.3g.cn"
2013/01/11 11:18:34 [error] 846#0: *5 open() "/usr/local/nginx/html/gostore/entrance" failed (2: No such file or directory), client: 66.87.105.23, server: localhost, request: "POST /gostore/entrance HTTP/1.1", host: "gostore.3g.cn"
2013/01/11 11:18:34 [error] 846#0: *6 open() "/usr/local/nginx/html/gostore/entrance" failed (2: No such file or directory), client: 174.141.208.104, server: localhost, request: "POST /gostore/entrance HTTP/1.1", host: "gostore.3g.cn"
2013/01/11 11:18:34 [error] 846#0: *7 open() "/usr/local/nginx/html/gostore/entrance" failed (2: No such file or directory), client: 174.141.213.15, server: localhost, request: "POST /gostore/entrance HTTP/1.1", host: "gostore.3g.cn"
2013/01/11 11:18:34 [error] 846#0: *8 open() "/usr/local/nginx/html/gostore/entrance" failed (2: No such file or directory), client: 69.197.221.220, server: localhost, request: "POST /gostore/entrance HTTP/1.1", host: "gostore.3g.cn"
2013/01/11 11:18:34 [error] 846#0: *9 open() "/usr/local/nginx/html/gostore/entrance" failed (2: No such file or directory), client: 174.141.208.104, server: localhost, request: "POST /gostore/entrance HTTP/1.1", host: "gostore.3g.cn"
2013/01/11 11:18:34 [error] 846#0: *10 open() "/usr/local/nginx/html/gostore/entrance" failed (2: No such file or directory), client: 174.141.208.97, server: localhost, request: "POST /gostore/entrance HTTP/1.1", host: "gostore.3g.cn"
2013/01/11 11:18:34 [error] 846#0: *11 open() "/usr/local/nginx/html/gostore/entrance" failed (2: No such file or directory), client: 166.181.3.191, server: localhost, request: "GET /gostore/entrance?vps=1%23Android%23Motorola+Electrify%238139638851078794018%23166%23540_960%2301.01.01%2310%23311220%231&channel=200&lang=en_us&isfee=1&net=1&ow=1&pversion=16&ps=18&btype=0&funid=19&ty=1 HTTP/1.1", host: "gostore.3g.cn"
作者: 每次醒来    时间: 2013-1-12 16:56
下面是 access日志截取的小段

208.54.38.175 - - [11/Jan/2013:11:18:34 +0800] "POST /gostore/entrance HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
208.54.38.252 - - [11/Jan/2013:11:18:34 +0800] "POST /gostore/entrance HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
66.87.106.155 - - [11/Jan/2013:11:18:34 +0800] "POST /gostore/entrance HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
166.181.3.191 - - [11/Jan/2013:11:18:34 +0800] "GET /gostore/entrance?vps=1%23Android%23Motorola+Electrify%238139638851078794018%23166%23540_960%2301.01.01%2310%23311220%231&channel=200&lang=en_us&isfee=1&net=1&ow=1&pversion=16&ps=18&btype=0&funid=19&ty=1 HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
173.136.189.157 - - [11/Jan/2013:11:18:34 +0800] "POST /gostore/entrance HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
208.54.45.193 - - [11/Jan/2013:11:18:34 +0800] "POST /gostore/entrance HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
108.194.234.18 - - [11/Jan/2013:11:18:34 +0800] "POST /gostore/entrance HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
166.137.100.33 - - [11/Jan/2013:11:18:34 +0800] "POST /gostore/entrance HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
208.54.35.235 - - [11/Jan/2013:11:18:34 +0800] "POST /gostore/entrance HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
174.141.208.104 - - [11/Jan/2013:11:18:34 +0800] "POST /gostore/entrance HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
174.141.213.15 - - [11/Jan/2013:11:18:34 +0800] "POST /gostore/entrance HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
174.141.208.104 - - [11/Jan/2013:11:18:34 +0800] "POST /gostore/entrance HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
174.141.208.97 - - [11/Jan/2013:11:18:34 +0800] "POST /gostore/entrance HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
174.141.213.15 - - [11/Jan/2013:11:18:34 +0800] "POST /gostore/entrance HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
69.171.172.47 - - [11/Jan/2013:11:18:34 +0800] "POST /gostore/entrance HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
96.250.117.140 - - [11/Jan/2013:11:18:34 +0800] "POST /gostore/entrance HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
69.197.221.220 - - [11/Jan/2013:11:18:34 +0800] "POST /gostore/entrance HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
66.87.105.23 - - [11/Jan/2013:11:18:34 +0800] "POST /gostore/entrance HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
66.87.73.162 - - [11/Jan/2013:11:18:34 +0800] "GET /gostore/entrance?vps=1%23Android%23LG-LG855%235757362879735741040%23166%23480_800%2301.01.01&channel=200&lang=en_us&isfee=1&net=1&pversion=8&ps=20&btype=0&funid=19&ty=1 HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
108.198.120.114 - - [11/Jan/2013:11:18:34 +0800] "POST /gostore/entrance HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
166.216.162.183 - - [11/Jan/2013:11:18:34 +0800] "POST /gostore/entrance HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
166.147.89.157 - - [11/Jan/2013:11:18:34 +0800] "POST /gostore/entrance HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
64.13.9.176 - - [11/Jan/2013:11:18:34 +0800] "POST /gostore/entrance HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
208.54.38.252 - - [11/Jan/2013:11:18:34 +0800] "POST /gostore/entrance HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
174.254.82.76 - - [11/Jan/2013:11:18:34 +0800] "GET /gostore/entrance?vps=1%23Android%23ADR6350%234574115344763916865%23166%23480_800%2301.01.01&channel=200&lang=en_us&isfee=1&net=1&pversion=9&ps=20&btype=0&funid=19&ty=1 HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
66.87.72.32 - - [11/Jan/2013:11:18:34 +0800] "POST /gostore/entrance HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
59.20.96.208 - - [11/Jan/2013:11:18:34 +0800] "POST /gostore/entrance HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
208.54.38.135 - - [11/Jan/2013:11:18:34 +0800] "POST /gostore/entrance HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
108.108.234.93 - - [11/Jan/2013:11:18:34 +0800] "POST /gostore/entrance HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
69.251.81.242 - - [11/Jan/2013:11:18:34 +0800] "POST /gostore/entrance HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
166.216.162.59 - - [11/Jan/2013:11:18:34 +0800] "POST /gostore/entrance HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
64.13.9.176 - - [11/Jan/2013:11:18:34 +0800] "POST /gostore/entrance HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
173.6.201.170 - - [11/Jan/2013:11:18:34 +0800] "POST /gostore/entrance HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
96.250.117.140 - - [11/Jan/2013:11:18:34 +0800] "POST /gostore/entrance HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
66.87.73.162 - - [11/Jan/2013:11:18:34 +0800] "GET /gostore/entrance?vps=1%23Android%23LG-LG855%235757362879735741040%23166%23480_800%2301.01.01&channel=200&lang=en_us&isfee=1&net=1&pversion=8&ps=20&btype=0&funid=19&ty=1 HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
166.181.3.241 - - [11/Jan/2013:11:18:34 +0800] "GET /gostore/entrance?vps=1%23Android%23Motorola+Electrify%238139638851078794018%23166%23540_960%2301.01.01%2310%23311220%231&channel=200&lang=en_us&isfee=1&net=1&ow=1&pversion=16&ps=18&btype=0&funid=19&ty=1 HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
166.205.55.44 - - [11/Jan/2013:11:18:34 +0800] "POST /gostore/entrance HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
166.216.226.92 - - [11/Jan/2013:11:18:34 +0800] "GET /gostore/entrance?vps=1%23Android%23PantechP8000%2378676937807298153%23166%23320_480%2301.01.01&channel=200&lang=en_us&isfee=1&net=1&pversion=9&ps=20&btype=0&funid=19&ty=1 HTTP/1.1" 404 168 "-" "Apache-HttpClient/UNAVAILABLE (java 1.4)"
180.67.94.13 - - [11/Jan/2013:11:18:34 +0800] "POST /gostore/entrance HTTP/1.1" 404 168
作者: 糊里糊涂    时间: 2013-1-12 16:56
提示: 作者被禁止或删除 内容自动屏蔽
作者: 每次醒来    时间: 2013-1-12 16:59
糊里糊涂 发表于 2013-1-12 16:56
被CC了吧。

求 有治疗方案吗.............  一会就被刷走 几百M
作者: 糊里糊涂    时间: 2013-1-12 17:02
提示: 作者被禁止或删除 内容自动屏蔽
作者: 每次醒来    时间: 2013-1-12 17:03
本帖最后由 每次醒来 于 2013-1-12 17:05 编辑
糊里糊涂 发表于 2013-1-12 17:02
/gostore/entrance 这是个php文件吧,把这php文件内容改下:

loction:http://www.gov.cn


我这里根本没有这个gostore/entrance目录 啊

要新建 gostore和entrance 里面放一个php文件?
作者: wdlth    时间: 2013-1-12 17:05
gostore.3g.cn……
作者: 每次醒来    时间: 2013-1-12 17:05
wdlth 发表于 2013-1-12 17:05
gostore.3g.cn……

求治疗
作者: 采花大盗    时间: 2013-1-12 17:10
不是恶意攻击就是恶意检测。。。封IP段把
作者: 每次醒来    时间: 2013-1-12 17:12
采花大盗 发表于 2013-1-12 17:10
不是恶意攻击就是恶意检测。。。封IP段把

这怎么封一大堆不一样的 有美国 有韩国 - -
作者: 糊里糊涂    时间: 2013-1-12 17:12
提示: 作者被禁止或删除 内容自动屏蔽
作者: 冰剑    时间: 2013-1-12 17:12
扫描器攻击 教你一招 限制单IP线程 既解决所有CC扫描器攻击问题
作者: 每次醒来    时间: 2013-1-12 17:17
冰剑 发表于 2013-1-12 17:12
扫描器攻击 教你一招 限制单IP线程 既解决所有CC扫描器攻击问题

limit_conn 这个东西?  我的nginx  咋就没有这东西----------------------
作者: 冰剑    时间: 2013-1-12 17:23
每次醒来 发表于 2013-1-12 17:17
limit_conn 这个东西?  我的nginx  咋就没有这东西----------------------

都不加分 真不懂规矩 MJJ
作者: 单手摘月    时间: 2013-1-12 17:30
提示: 作者被禁止或删除 内容自动屏蔽
作者: 冰剑    时间: 2013-1-12 17:38
单手摘月 发表于 2013-1-12 17:30
这话吹得太大了

不能这样说 CC这玩意儿要挡并不难 DDOS就没办法了
作者: 冰剑    时间: 2013-1-12 17:40
冰剑 发表于 2013-1-12 17:23
都不加分 真不懂规矩 MJJ

         limit_conn one 2;  线程
         limit_rate 512k;  速度

作者: 每次醒来    时间: 2013-1-12 17:42
本帖最后由 每次醒来 于 2013-1-12 17:47 编辑
冰剑 发表于 2013-1-12 17:40
limit_conn one 2;  线程
         limit_rate 512k;  速度


我的加了 报错~~~~


nginx: [emerg] zero size shared memory zone "one"
作者: 冰剑    时间: 2013-1-12 18:04
每次醒来 发表于 2013-1-12 17:42
我的加了 报错~~~~

没这组件 重新编译吧
作者: 单手摘月    时间: 2013-1-12 18:07
提示: 作者被禁止或删除 内容自动屏蔽
作者: 每次醒来    时间: 2013-1-12 18:10
单手摘月 发表于 2013-1-12 18:07
你沒分配RAM給“one”

在nginx.conf的http層加入limit_zone one $binary_remote_addr 10m; ...

应该是 冰剑说的没组件 - -

上面的我加了一样报错........................
.
..
.

我安装的nginx编译用的是这个 求助怎么加这个所需的模块
  1. ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_stub_status_module --with-http_ssl_module --with-cc-opt='-O3'
复制代码
作者: 单手摘月    时间: 2013-1-12 18:12
提示: 作者被禁止或删除 内容自动屏蔽
作者: 每次醒来    时间: 2013-1-12 18:12
本帖最后由 每次醒来 于 2013-1-12 18:13 编辑
单手摘月 发表于 2013-1-12 18:12
nginx版本是?

这个模块默认就有的。。


..最新的稳定版 1.2.6  我现在这个nginx代码如下
  1. #user  nobody;
  2. worker_processes  1;

  4. #error_log  logs/error.log;
  5. #error_log  logs/error.log  notice;
  6. #error_log  logs/error.log  info;

  8. #pid        logs/nginx.pid;


  11. events {
  12.     worker_connections  1024;
  13. }


  16. http {
  17.     include       mime.types;
  18.     default_type  application/octet-stream;
  19.     #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
  20.     #                  '$status $body_bytes_sent "$http_referer" '
  21.     #                  '"$http_user_agent" "$http_x_forwarded_for"';

  23. access_log /dev/null;
  24. error_log /dev/null;

  26.     sendfile        on;
  27.     #tcp_nopush     on;

  29.     #keepalive_timeout  0;
  30.     keepalive_timeout  65;

  32.     gzip  on;

  34.     server {
  35.         listen       80;
  36.         server_name  localhost;
  37.         #charset koi8-r;

  39.         #access_log  logs/host.access.log  main;

  41.         location / {
  42.             root   html;
  43.             index  index.html index.htm;
  44.         }

  46.         #error_page  404              /404.html;

  48.         # redirect server error pages to the static page /50x.html
  49.         #
  50.         error_page   500 502 503 504  /50x.html;
  51.         location = /50x.html {
  52.             root   html;
  53.         }

  55.         # proxy the PHP scripts to Apache listening on 127.0.0.1:80
  56.         #
  57.         #location ~ \.php$ {
  58.         #    proxy_pass   http://127.0.0.1;
  59.         #}

  61.         # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
  62.         #
  63.         #location ~ \.php$ {
  64.         #    root           html;
  65.         #    fastcgi_pass   127.0.0.1:9000;
  66.         #    fastcgi_index  index.php;
  67.         #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
  68.         #    include        fastcgi_params;
  69.         #}

  71.         # deny access to .htaccess files, if Apache's document root
  72.         # concurs with nginx's one
  73.         #
  74.         #location ~ /\.ht {
  75.         #    deny  all;
  76.         #}
  77.     }


  80.     # another virtual host using mix of IP-, name-, and port-based configuration
  81.     #
  82.     #server {
  83.     #    listen       8000;
  84.     #    listen       somename:8080;
  85.     #    server_name  somename  alias  another.alias;

  87.     #    location / {
  88.     #        root   html;
  89.     #        index  index.html index.htm;
  90.     #    }
  91.     #}


  94.     # HTTPS server
  95.     #
  96.     #server {
  97.     #    listen       443;
  98.     #    server_name  localhost;

  100.     #    ssl                  on;
  101.     #    ssl_certificate      cert.pem;
  102.     #    ssl_certificate_key  cert.key;

  104.     #    ssl_session_timeout  5m;

  106.     #    ssl_protocols  SSLv2 SSLv3 TLSv1;
  107.     #    ssl_ciphers  HIGH:!aNULL:!MD5;
  108.     #    ssl_prefer_server_ciphers   on;

  110.     #    location / {
  111.     #        root   html;
  112.     #        index  index.html index.htm;
  113.     #    }
  114.     #}
  115. include wwww/*.conf;
  116. }
复制代码
作者: 采花大盗    时间: 2013-1-12 18:14
每次醒来 发表于 2013-1-12 17:12
这怎么封一大堆不一样的 有美国 有韩国 - -

既然不能拒绝,那就忍着吧.
注意一下你的主题或网站会不会有访问这个文件的地方.也可能是主题的问题照成的这么多...
作者: 单手摘月    时间: 2013-1-12 18:15
提示: 作者被禁止或删除 内容自动屏蔽
作者: 每次醒来    时间: 2013-1-12 18:16
采花大盗 发表于 2013-1-12 18:14
既然不能拒绝,那就忍着吧.
注意一下你的主题或网站会不会有访问这个文件的地方.也可能是主题的问题 ...

它访问路劲文件夹都不存在的
作者: 每次醒来    时间: 2013-1-12 18:19
单手摘月 发表于 2013-1-12 18:15
在nginx.conf的http层加入
limit_conn_zone $binary_remote_addr zone=one:10m;

这个姿势正确了  测试没有报错
作者: 单手摘月    时间: 2013-1-12 18:22
提示: 作者被禁止或删除 内容自动屏蔽
作者: 每次醒来    时间: 2013-1-12 18:27
本帖最后由 每次醒来 于 2013-1-12 22:47 编辑

  咋回事 转了攻击目录?


2013/01/12 18:24:20 [error] 24962#0: *10289875 open() "/var/wwww/网站目录/58DC4AC5B7B1662E5436BAB01E258851C51E3A54/[杩呴浄涓嬭浇t.nn]鍒€鍓戠鍩焄绗?0璇漖.mp4&name=[鏉╁懘娴勬稉瀣祰22]閸掆偓閸撴垹顨i崺鐒勭粭" failed (2: No such file or directory), client: 113.70.152.79, server: 我的网站域名, request: "GET /58DC4AC5B7B1662E5436BAB01E258851C51E3A54/%5B%E8%BF%85%E9%9B%B7%E4%B8%8B%E8%BD%BD6369.net%5D%E5%88%80%E5%89%91%E7%A5%9E%E5%9F%9F%5B%E7%AC%AC20%E8%AF%9D%5D.mp4&name=%5B%E6%9D%A9%E5%91%B4%E6%B5%84%E6%B6%93%E5%AC%AD%E6%B5%876369.net%5D%E9%8D%92%E2%82%AC%E9%8D%93%E6%88%A0%EE%9A%A3%E9%8D%A9%E7%84%84%E7%BB%97?0%E7%92%87%E6%BC%96.mp4 HTTP/1.1", host: "我的网站域名", referrer: "http://我的网站域名/xiangqing/dongman896.html"
2013/01/12 18:24:20 [error] 24962#0: *10289876 open()
作者: 采花大盗    时间: 2013-1-12 18:29
每次醒来 发表于 2013-1-12 18:16
它访问路劲文件夹都不存在的

mjj的,你得罪谁了?
作者: 每次醒来    时间: 2013-1-12 18:30
采花大盗 发表于 2013-1-12 18:29
mjj的,你得罪谁了?

哥这么纯真善良,又不是干IDC的 不明白了...................踩死一只蚂蚁都没干过啊 = =!
作者: 采花大盗    时间: 2013-1-12 19:06
每次醒来 发表于 2013-1-12 18:30
哥这么纯真善良,又不是干IDC的 不明白了...................踩死一只蚂蚁都没干过啊 = =!  ...

作者: jianggau    时间: 2013-1-12 19:11
提示: 作者被禁止或删除 内容自动屏蔽



欢迎光临 全球主机交流论坛 (https://sunk.eu.org/) Powered by Discuz! X3.4