日韩无码专区无码一级三级片|91人人爱网站中日韩无码电影|厨房大战丰满熟妇|AV高清无码在线免费观看|另类AV日韩少妇熟女|中文日本大黄一级黄色片|色情在线视频免费|亚洲成人特黄a片|黄片wwwav色图欧美|欧亚乱色一区二区三区

RELATEED CONSULTING
相關(guān)咨詢
選擇下列產(chǎn)品馬上在線溝通
服務(wù)時(shí)間:8:30-17:00
你可能遇到了下面的問(wèn)題
關(guān)閉右側(cè)工具欄

新聞中心

這里有您想知道的互聯(lián)網(wǎng)營(yíng)銷解決方案
Linux主機(jī)簡(jiǎn)單判斷被CC攻擊的網(wǎng)站命令-比較直接有效

CC攻擊很容易發(fā)起,并且?guī)缀醪恍枰杀?,?dǎo)致現(xiàn)在的CC攻擊越來(lái)越多。
大部分搞CC攻擊的人,都是用在網(wǎng)上下載的工具,這些工具很少去偽造特征,所以會(huì)留下一些痕跡。
使用下面的命令,可以分析下是否在被CC攻擊。

10年積累的成都網(wǎng)站設(shè)計(jì)、成都做網(wǎng)站經(jīng)驗(yàn),可以快速應(yīng)對(duì)客戶對(duì)網(wǎng)站的新想法和需求。提供各種問(wèn)題對(duì)應(yīng)的解決方案。讓選擇我們的客戶得到更好、更有力的網(wǎng)絡(luò)服務(wù)。我雖然不認(rèn)識(shí)你,你也不認(rèn)識(shí)我。但先建設(shè)網(wǎng)站后付款的網(wǎng)站建設(shè)流程,更有可克達(dá)拉免費(fèi)網(wǎng)站建設(shè)讓你可以放心的選擇與我們合作。

第一條命令:

  1. tcpdump -s0 -A -n -i any | grep -o -E '(GET|POST|HEAD) .*'

正常的輸出結(jié)果類似于這樣
POST /ajax/validator.php HTTP/1.1
POST /api_redirect.php HTTP/1.1
GET /team/57085.html HTTP/1.1
POST /order/pay.php HTTP/1.1
GET /static/goodsimg/20140324/1_47.jpg HTTP/1.1
GET /static/theme/qq/css/index.css HTTP/1.1
GET /static/js/index.js HTTP/1.1
GET /static/js/customize.js HTTP/1.1
GET /ajax/loginjs.php?type=topbar& HTTP/1.1
GET /static/js/jquery.js HTTP/1.1
GET /ajax/load_team_time.php?team_id=57085 HTTP/1.1
GET /static/theme/qq/css/index.css HTTP/1.1
GET /static/js/lazyload/jquery.lazyload.min.js HTTP/1.1
GET /static/js/MSIE.PNG.js HTTP/1.1
GET /static/js/index.js HTTP/1.1
GET /static/js/customize.js HTTP/1.1
GET /ajax/loginjs.php?type=topbar& HTTP/1.1
GET /static/theme/qq/css/i/logo.jpg HTTP/1.1
GET /static/theme/qq/css/i/logos.png HTTP/1.1
GET /static/theme/qq/css/i/hot.gif HTTP/1.1
GET /static/theme/qq/css/i/brand.gif HTTP/1.1
GET /static/theme/qq/css/i/new.gif HTTP/1.1
GET /static/js/jquery.js HTTP/1.1
GET /static/theme/qq/css/i/logo.jpg HTTP/1.1
正常命令結(jié)果以靜態(tài)文件為主,比如css,js,各種圖片。
如果是被攻擊,會(huì)出現(xiàn)大量固定的地址,比如攻擊的是首頁(yè),會(huì)有大量的“GET / HTTP/1.1”,或者有一定特征的地址,比如攻擊的如果是Discuz論壇,那么可能會(huì)出現(xiàn)大量的“/thread-隨機(jī)數(shù)字-1-1.html”這樣的地址。

第二條命令:

  1. tcpdump -s0 -A -n -i any | grep??^User-Agent

輸出結(jié)果類似于下面:
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; 360space)
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; 360space)
User-Agent: Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; InfoPath.2)
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

這個(gè)是查看客戶端的useragent,正常的結(jié)果中,是各種各樣的useragent。
大多數(shù)攻擊使用的是固定的useragent,也就是會(huì)看到同一個(gè)useragent在刷屏。隨機(jī)的useragent只見過(guò)一次,但是給搞成了類似于這樣“axd5m8usy”,還是可以分辨出來(lái)。

第三條命令:

  1. tcpdump -s0 -A -n -i any | grep ^Host

如果機(jī)器上的網(wǎng)站太多,可以用上面的命令找出是哪個(gè)網(wǎng)站在被大量請(qǐng)求
輸出結(jié)果類似于下面這樣
Host:?www.server110.com
Host:?www.server110.com
Host:?www.server110.com
Host: upload.server110.com
Host: upload.server110.com
Host: upload.server110.com
Host: upload.server110.com
Host: upload.server110.com
Host: upload.server110.com
Host: upload.server110.com
Host: upload.server110.com
Host: upload.server110.com
Host:?www.server110.com
Host: upload.server110.com
Host: upload.server110.com
Host: upload.server110.com
Host:?www.server110.com
Host:?www.server110.com
Host: upload.server110.com
Host: upload.server110.com
Host: upload.server110.com
Host:?www.server110.com
Host: upload.server110.com
Host: upload.server110.com
Host:?www.server110.com

一般系統(tǒng)不會(huì)默認(rèn)安裝tcpdump命令
centos安裝方法:yum install -y tcpdump
debian/ubuntu安裝方法:apt-get install -y tcpdump

很多小白用戶不懂得如何設(shè)置日志,查看日志,使用上面的命令則簡(jiǎn)單的多,復(fù)制到命令行上運(yùn)行即可。


網(wǎng)頁(yè)標(biāo)題:Linux主機(jī)簡(jiǎn)單判斷被CC攻擊的網(wǎng)站命令-比較直接有效
文章鏈接:http://m.5511xx.com/article/dpdcjde.html