自动机器人使用站点带宽

时间:2016-11-12 11:59:29

标签: joomla ddos

我的主持人上有joomla 3。我还安装了RSfirewall并在我的所有表格上都有验证码。似乎有人使用我的所有资源和每月带宽限制来破坏一个破坏性的机器人。 是否有一种方法或joomla插件,restirct在一段时间内为每个ip指定服务?例如20分5分钟的请求?这是我的原始访问日志的一部分:

185.165.40.80 - - [12/Nov/2016:13:46:30 +0330] "GET / HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:46:30 +0330] "GET /favicon.ico HTTP/1.0" 500 7309 "http://alumsharif.org/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:46:56 +0330] "GET /index.php/information/bulletin-board/item/376-aghaze-tabtename-doreye-ghayeghrani HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
185.165.40.80 - - [12/Nov/2016:13:49:50 +0330] "GET /?format=feed&type=rss HTTP/1.0" 500 7309 "-" "Feedly/1.0 (+http://www.feedly.com/fetcher.html; like FeedFetcher-Google)"
185.165.40.80 - - [12/Nov/2016:13:50:16 +0330] "GET / HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 10_0_2 like Mac OS X) AppleWebKit/602.1.50 (KHTML, like Gecko) Version/10.0 Mobile/14A456 Safari/602.1"
185.165.40.80 - - [12/Nov/2016:13:50:32 +0330] "GET /administrator/index.php?option=com_login HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:50:32 +0330] "GET /administrator/index.php?option=com_login HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:50:32 +0330] "GET /administrator/index.php?option=com_login HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:50:32 +0330] "GET /administrator/index.php?option=com_login HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:50:40 +0330] "GET /information/bulletin-board?switch_modes=2 HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.1; +http://ahrefs.com/robot/)"
185.165.40.80 - - [12/Nov/2016:13:51:35 +0330] "GET /information/bulletin-board/item/359-happy-new-year-from-dr-fotuhi HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.1; +http://ahrefs.com/robot/)"
185.165.40.80 - - [12/Nov/2016:13:51:53 +0330] "GET /events/sport-events/item/385-docharkhe-savari-chitgar-12-ordibehesht94 HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.1; +http://ahrefs.com/robot/)"
185.165.40.80 - - [12/Nov/2016:13:52:47 +0330] "GET /information/news/item/288-dore4 HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.1; +http://ahrefs.com/robot/)"
185.165.40.80 - - [12/Nov/2016:13:52:51 +0330] "GET /index.php/information/item/504-2015-08-16-07-06-53?tmpl=component&print=1 HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.1; +http://ahrefs.com/robot/)"
185.165.40.80 - - [12/Nov/2016:13:55:45 +0330] "GET /information/bulletin-board/item/542-tour-3-rooze-kavir-markazi-20-ta-22-aban-94/542-tour-3-rooze-kavir-markazi-20-ta-22-aban-94 HTTP/1.0" 500 7309 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:55:45 +0330] "GET /favicon.ico HTTP/1.0" 500 7309 "http://www.alumsharif.org/information/bulletin-board/item/542-tour-3-rooze-kavir-markazi-20-ta-22-aban-94/542-tour-3-rooze-kavir-markazi-20-ta-22-aban-94" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:56:40 +0330] "GET / HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:56:40 +0330] "GET /favicon.ico HTTP/1.0" 500 7309 "http://alumsharif.org/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:57:00 +0330] "GET /information/news/item/747-shahram-nazero-concert?tmpl=component&print=1 HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.1; +http://ahrefs.com/robot/)"
185.165.40.80 - - [12/Nov/2016:13:57:07 +0330] "GET / HTTP/1.0" 500 7309 "https://www.google.com/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:57:08 +0330] "GET / HTTP/1.0" 500 7309 "https://www.google.com/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:57:08 +0330] "GET /favicon.ico HTTP/1.0" 500 7309 "http://alumsharif.org/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:57:09 +0330] "GET /favicon.ico HTTP/1.0" 500 7309 "http://alumsharif.org/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36"
185.165.40.80 - - [12/Nov/2016:13:57:18 +0330] "GET / HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0"
185.165.40.80 - - [12/Nov/2016:13:57:18 +0330] "GET /favicon.ico HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0"
185.165.40.80 - - [12/Nov/2016:13:57:18 +0330] "GET /favicon.ico HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0"
185.165.40.80 - - [12/Nov/2016:13:58:10 +0330] "GET / HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0"
185.165.40.80 - - [12/Nov/2016:13:58:11 +0330] "GET /favicon.ico HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0"
185.165.40.80 - - [12/Nov/2016:13:58:11 +0330] "GET /favicon.ico HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0"
185.165.40.80 - - [12/Nov/2016:13:59:49 +0330] "GET /information/advertisement/itemlist/category/24-documents-and-resources?format=feed&type=rss HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.1; +http://ahrefs.com/robot/)"
185.165.40.80 - - [12/Nov/2016:13:59:49 +0330] "GET /information/job-opportunities/item/688-takhfifan-co-job-ads?tmpl=component&print=1 HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.1; +http://ahrefs.com/robot/)"
185.165.40.80 - - [12/Nov/2016:14:01:09 +0330] "GET /administrator/index.php?option=com_rsfirewall&view=logs HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_5 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13G36 Safari/601.1"
185.165.40.80 - - [12/Nov/2016:14:01:10 +0330] "GET /apple-touch-icon-120x120-precomposed.png HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_5 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13G36 Safari/601.1"
185.165.40.80 - - [12/Nov/2016:14:01:10 +0330] "GET /apple-touch-icon-120x120.png HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_5 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13G36 Safari/601.1"
185.165.40.80 - - [12/Nov/2016:14:01:10 +0330] "GET /apple-touch-icon.png HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_5 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13G36 Safari/601.1"
185.165.40.80 - - [12/Nov/2016:14:01:10 +0330] "GET /apple-touch-icon.png HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_5 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13G36 Safari/601.1"
185.165.40.80 - - [12/Nov/2016:14:01:10 +0330] "GET /apple-touch-icon-precomposed.png HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_5 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13G36 Safari/601.1"
185.165.40.80 - - [12/Nov/2016:14:01:11 +0330] "GET /favicon.ico HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_5 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13G36 Safari/601.1"
185.165.40.80 - - [12/Nov/2016:14:01:12 +0330] "GET / HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_5 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13G36 Safari/601.1"
185.165.40.80 - - [12/Nov/2016:14:01:44 +0330] "GET /component/jcomments/feed/com_k2/363 HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.1; +http://ahrefs.com/robot/)"
185.165.40.80 - - [12/Nov/2016:14:02:22 +0330] "GET /information/bulletin-board/item/376-aghaze-tabtename-doreye-ghayeghrani/376-aghaze-tabtename-doreye-ghayeghrani HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
185.165.40.80 - - [12/Nov/2016:14:03:44 +0330] "GET /information/job-opportunities/item/694-tejarat-electronic-iranian-co-job-ad HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
185.165.40.80 - - [12/Nov/2016:14:04:13 +0330] "GET /information/graduates-and-media/item/100-farzad-vahid-speech-about-rousseau/100-farzad-vahid-speech-about-rousseau HTTP/1.0" 500 7309 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"

3 个答案:

答案 0 :(得分:2)

我个人认为阻止访问joomla不应该通过joomla模块进行。通过这种方式,访问已经发生。所以我个人直接在服务器上阻止访问,而不是在应用程序中。回到过去,我有一个客户遇到了HTTP蜘蛛的问题,他们只是从他的网站下载了一些内容,以便重新使用自己的内容。我们最终使用.htaccess文件写成herehere。如果这不是您的选择,您可能希望实现某种QoS(例如MOD QoS for Apache)。您还可以尝试优化您的joomla实例(例如压缩HTML代码和图片),以便传输更少的文件。对于Joomla,有多个插件可以进行HTML(包括CSS)压缩。对于图像,您可以对Google Pagespeed进行检查,然后压缩在那里宣布的图像。网站上的许多图像都可以进行压缩而不会让用户真正看到差异(请参阅示例here)。

答案 1 :(得分:2)

我不确定这是你可以使用的答案,但是我们遇到了同样的问题,所以对于RSFirewall,我们使用了GeoIP阻止功能,并且阻止了我们不知道的所有国家&#39做生意。

发生了两件事:

  1. RSFirewall阻止了绝大多数糟糕的流量,
  2. 打开这些块的日志记录后,我们可以使用日志记录数据库查找重复违规者,并使用THAT信息在.htaccess中阻止他们。

    3. 这是一个渐进的过程,看日志,并逐渐放松自动阻止的东西,但不幸的是这些家伙没有银弹。

    另一种可能,我已经加入书签,但还没有尝试过,是一个正在积极开发的PHP类Web App Firewall。我无法推荐它,因为我还没有尝试过,但它可能会为您提供一些关于如何通过将其实现到Joomla系统插件中来识别和阻止某些流量的想法。

答案 2 :(得分:0)

所有以上建议都是正确的,并帮助我我还编写了一个自定义的PHP代码,只要请求index.php就运行,然后我通过hotlink阻止访问(直接访问)它帮助了我很多,但仍然没有完全解决问题

最近我发现了最好的解决方案......我开始使用一个名为CloudFlare的网站..它在我的网站和用户之间运行代理...它完全控制请求和活动,还提高了网站速度并显着减少了使用的带宽通过缓存。它还提供免费的SSH和大量的功能。在我开始使用它之后,一切都很安全,网站工作得更快,没有任何问题...我想建议你们使用这个很棒的服务 www.cloudflare.com

相关问题
最新问题