如何自动将攻击者列入黑名单

时间:2019-07-16 22:56:52

标签: node.js express web-crawler blacklist

nodejs服务器的日志文件包含许多条目,例如:

Jul 16 21:43:30 ip-172-31-74-106 node[18223]: redirecting visitor of 184.72.177.213 for page /MyAdmin/index.php
Jul 16 21:43:31 ip-172-31-74-106 node[18223]: redirecting visitor of 184.72.177.213 for page /phpMyAdmin1/index.php
Jul 16 21:43:31 ip-172-31-74-106 node[18223]: redirecting visitor of 184.72.177.213 for page /phpMyAdmin123/index.php
Jul 16 21:43:31 ip-172-31-74-106 node[18223]: redirecting visitor of 184.72.177.213 for page /pwd/index.php
Jul 16 21:43:31 ip-172-31-74-106 node[18223]: redirecting visitor of 184.72.177.213 for page /phpMyAdmina/index.php
Jul 16 21:43:32 ip-172-31-74-106 node[18223]: redirecting visitor of 184.72.177.213 for page /phpMydmin/index.php
Jul 16 21:43:32 ip-172-31-74-106 node[18223]: redirecting visitor of 184.72.177.213 for page /phpMyAdmins/index.php
Jul 16 21:43:32 ip-172-31-74-106 node[18223]: redirecting visitor of 184.72.177.213 for page /phpMyAdmin._/index.php
Jul 16 21:43:33 ip-172-31-74-106 node[18223]: redirecting visitor of 184.72.177.213 for page /phpMyAdmin._2/index.php
Jul 16 21:43:33 ip-172-31-74-106 node[18223]: redirecting visitor of 184.72.177.213 for page /phpmyadmin2222/index.php
Jul 16 21:43:33 ip-172-31-74-106 node[18223]: redirecting visitor of 184.72.177.213 for page /phpmyadmin3333/index.php
Jul 16 21:43:33 ip-172-31-74-106 node[18223]: redirecting visitor of 184.72.177.213 for page /php2MyAdmin/index.php
Jul 16 21:43:34 ip-172-31-74-106 node[18223]: redirecting visitor of 184.72.177.213 for page /phpiMyAdmin/index.php
Jul 16 21:43:34 ip-172-31-74-106 node[18223]: redirecting visitor of 184.72.177.213 for page /phpNyAdmin/index.php
Jul 16 21:43:34 ip-172-31-74-106 node[18223]: redirecting visitor of 184.72.177.213 for page /1/index.php
Jul 16 21:43:34 ip-172-31-74-106 node[18223]: redirecting visitor of 184.72.177.213 for page /download/index.php
Jul 16 21:43:34 ip-172-31-74-106 node[18223]: redirecting visitor of 184.72.177.213 for page /phpMyAdmin_111/index.php
Jul 16 21:43:35 ip-172-31-74-106 node[18223]: redirecting visitor of 184.72.177.213 for page /phpmadmin/index.php
Jul 16 21:43:35 ip-172-31-74-106 node[18223]: redirecting visitor of 184.72.177.213 for page /321/index.php
Jul 16 21:43:35 ip-172-31-74-106 node[18223]: redirecting visitor of 184.72.177.213 for page /123131/index.php
Jul 16 21:43:35 ip-172-31-74-106 node[18223]: redirecting visitor of 184.72.177.213 for page /phpMyAdminn/index.php
Jul 16 21:43:36 ip-172-31-74-106 node[18223]: redirecting visitor of 184.72.177.213 for page /phpMyAdminhf/index.php
Jul 16 21:43:36 ip-172-31-74-106 node[18223]: redirecting visitor of 184.72.177.213 for page /sbb/index.php
Jul 16 21:43:37 ip-172-31-74-106 node[18223]: redirecting visitor of 184.72.177.213 for page /WWW/phpMyAdmin/index.php

显然,这是一种搜寻可破坏我们服务器的漏洞的机器人。

是否可以自动检测到此类滥用者并将其添加到黑名单?

也许是快速插件。

0 个答案:

没有答案