怎么防止恶意扫描 New
查看服务器日志发现大量扫描/forum.php?mod=attachment开头的URL,光这个扫描记录好长好长下拉都拉不完,问题访问的ip很少有重复的,很多的ip虽然都被拦截了但也大量消耗资源引起网站卡顿延迟
怎么设置论坛未登录用户尝试访问附件下载路径 /forum.php?mod=attachment&aid=
开头自动封禁ip N小时
截取的片段:
mod=attachment&aid=MzQzfDA3NTUwNTg4fDE3NDE5MjAzMTd8MHw2Mg%3D%3D HTTP/2.0", upstream: "fastcgi://unix:/tmp/php-cgi-74.sock:", host: "www.nexora.net" 2025/03/14 12:55:41 993330#0: *44123 upstream prematurely closed FastCGI request while reading upstream, client: 113.103.140.245, server: www.nexora.net, request: "GET /forum.php?mod=attachment&aid=MzQzfDA3NTUwNTg4fDE3NDE5MjAzMTd8MHw2Mg%3D%3D HTTP/2.0", upstream: "fastcgi://unix:/tmp/php-cgi-74.sock:", host: "www.nexora.net" 2025/03/14 12:55:42 993330#0: *44105 upstream prematurely closed FastCGI request while reading upstream, client: 113.103.140.245, server: www.nexora.net, request: "GET /forum.php?mod=attachment&aid=MzQzfDA3NTUwNTg4fDE3NDE5MjAzMTd8MHw2Mg%3D%3D HTTP/2.0", upstream: "fastcgi://unix:/tmp/php-cgi-74.sock:", host: "www.nexora.net" 2025/03/14 13:13:34 993330#0: *44782 upstream prematurely closed FastCGI request while reading upstream, client: 183.166.136.44, server: www.nexora.net, request: "GET /forum.php?mod=attachment&aid=MzQzfDBlMTQwZmNkfDE3NDE5MjkxNTd8MHw2Mg%3D%3D HTTP/2.0", upstream: "fastcgi://unix:/tmp/php-cgi-74.sock:", host: "www.nexora.net" 2025/03/14 13:13:37 993330#0: *44792 upstream prematurely closed FastCGI request while reading upstream, client: 183.166.136.44, server: www.nexora.net, request: "GET /forum.php?mod=attachment&aid=MzQzfDBlMTQwZmNkfDE3NDE5MjkxNTd8MHw2Mg%3D%3D HTTP/2.0", upstream: "fastcgi://unix:/tmp/php-cgi-74.sock:", host: "www.nexora.net" 2025/03/14 13:35:07 993330#0: *45579 upstream prematurely closed FastCGI request while reading upstream, client: 180.119.26.92, server: www.nexora.net, request: "GET /forum.php?mod=attachment&aid=MzQzfDgxMTA5MzkzfDE3NDE5MjU4Mjd8MHw2Mg%3D%3D HTTP/2.0", upstream: "fastcgi://unix:/tmp/php-cgi-74.sock:", host: "www.nexora.net" 2025/03/14 14:45:29 993330#0: *48350 upstream prematurely closed FastCGI request while reading upstream, client: 112.194.91.181, server: www.nexora.net, request: "GET /forum.php?mod=attachment&aid=MzQzfDlmNDJlYjY5fDE3NDE5MzQ3Mjh8MHw2Mg%3D%3D HTTP/2.0", upstream: "fastcgi://unix:/tmp/php-cgi-74.sock:", host: "www.nexora.net" 2025/03/14 15:43:28 1259602#0: *50444 upstream prematurely closed FastCGI request while reading upstream, client: 183.166.136.99, server: www.nexora.net, request: "GET /forum.php?mod=attachment&aid=MzQzfGFmZGI0YWUzfDE3NDE5MzgyMDB8MHw2Mg%3D%3D HTTP/2.0", upstream: "fastcgi://unix:/tmp/php-cgi-74.sock:", host: "www.nexora.net" 2025/03/14 15:43:35 1259602#0: *50449 upstream prematurely closed FastCGI request while reading upstream, client: 183.166.136.99, server: www.nexora.net, request: "GET /forum.php?mod=attachment&aid=MzQzfGFmZGI0YWUzfDE3NDE5MzgyMDB8MHw2Mg%3D%3D HTTP/2.0", upstream: "fastcgi://unix:/tmp/php-cgi-74.sock:", host: "www.nexora.net"我知道答案 回答被采纳将会获得1 贡献 已有7人回答 宝塔有免费的防火墙 开启UA拦截 禁止海外【最好是从域名解析那边禁止海外】 bug八阿哥 发表于 2025-3-14 22:23
宝塔有免费的防火墙 开启UA拦截 禁止海外【最好是从域名解析那边禁止海外】 ...
早封禁国外一年多了,都是国内的
我在研究看是用nginx实现还是利用dz自带功能修改代码实现 这是被爬了吧 bug八阿哥 发表于 2025-3-14 22:54
这是被爬了吧
无所谓了
已经把日志中的所有IP利用ai全部提取出来,不管是扫描器或者是爬虫,只要带mod=attachment路径的,直接拎出来甩手全部扔进防火墙ip黑名单了,即便是爬虫也是不遵守robots.txt协议无视User-agent: *
另外现在的大环境已经不靠SEO了 你在这里问这个问题就是多余 skyer 发表于 2025-3-16 04:47
你在这里问这个问题就是多余
已经解决
source/module/forum/forum_attachment.php
增加判断逻辑代码
source/function/function_core.php
文件增加
添加全局函数,用于自动封禁 IP 并记录日志,配合nginx设置,完成
回应你说的多余问题
另外我问的不是discuz问题么,为什么叫多余?
如果是经常解答问题的开发者这么说我无话可说 欣然接受,但你也是平等身份这么说不合适吧(Brain-dead)😂 能否详说下,我之前也遇到了,靠防火墙撑着,但拦截还是不够彻底
页:
[1]