57AliYun阿里云最新优惠活动
阿里云优惠码丨阿里云代金券

快速判断Web站点是否被CC攻击(Linux主机篇)

立即购买

阿里云服务器 ¥102元/年 云数据库37.5元/年 限时

个人、企业均可购买 | 更多配置0.8折特惠

简介:

CC攻击非常简单,不需要什么技术即可发起;且成本低廉。从网上下载一个攻击器即可发起。现在的新手站长往往不具备分析日志的水平;在网站访问越来越慢的情况下,无法判断网站是否遭遇攻击。本教程给出3条判断命令;通过这3条命令可以很方便的知道网站是否遭受CC攻击。

命令安装:

一般情况下系统不会默认安装tcpdump命令,需要自行安装。

  • Centos安装方法:

    yum install -y tcpdump
  • debian/ubuntu安装方法:

    apt-get install -y tcpdump

判断方法:

  • 第一条命令:​

    tcpdump -s0 -A -n -i any | grep -o -E '(GET|POST|HEAD) .*'
  • 正常的输出如下:

  • POST /ajax/validator.php HTTP/1.1 
    POST /api_redirect.php HTTP/1.1 
    GET /team/57085.html HTTP/1.1 
    POST /order/pay.php HTTP/1.1 
    GET /static/goodsimg/20140324/1_47.jpg HTTP/1.1 
    GET /static/theme/qq/css/index.css HTTP/1.1 
    GET /static/js/index.js HTTP/1.1 
    GET /static/js/customize.js HTTP/1.1 
    GET /ajax/loginjs.php?type=topbar& HTTP/1.1 
    GET /static/js/jquery.js HTTP/1.1 
    GET /ajax/load_team_time.php?team_id=57085 HTTP/1.1 
    GET /static/theme/qq/css/index.css HTTP/1.1 
    GET /static/js/lazyload/jquery.lazyload.min.js HTTP/1.1 
    GET /static/js/MSIE.PNG.js HTTP/1.1 
    GET /static/js/index.js HTTP/1.1 
    GET /static/js/customize.js HTTP/1.1 
    GET /ajax/loginjs.php?type=topbar& HTTP/1.1 
    GET /static/theme/qq/css/i/logo.jpg HTTP/1.1 
    GET /static/theme/qq/css/i/logos.png HTTP/1.1 
    GET /static/theme/qq/css/i/hot.gif HTTP/1.1 
    GET /static/theme/qq/css/i/brand.gif HTTP/1.1 
    GET /static/theme/qq/css/i/new.gif HTTP/1.1 
    GET /static/js/jquery.js HTTP/1.1 
    GET /static/theme/qq/css/i/logo.jpg HTTP/1.1 
  • 如果网站正常,那么在日志里面看见的都是一些静态文件,如图片,CSS,JS等。如果被攻击,就会出现大量的固定链接,会出现大量含有一定特征的地址。例如Discuz类的站点被攻击,就会出现大量类似于/thread-随机数字-1-1.html的地址。

  • 第二条命令:​

    tcpdump -s0 -A -n -i any | grep  ^User-Agent;
  • 正常的输出如下:

  • User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) 
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) 
    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1 
    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1 
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) 
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) 
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) 
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) 
    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1 
    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1 
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; 360space) 
    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1 
    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1 
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; 360space) 
    User-Agent: Mozilla/5.0 (compatible; bingbot/2.0; +https://www.bing.com/bingbot.htm) 
    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1 
    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1 
    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1 
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) 
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) 
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) 
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) 
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) 
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) 
    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1 
    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) 
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) 
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) 
    User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; InfoPath.2) 
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) 
  • 这个命令可以查看客户端的useragent;目前大量的CC攻击采用CC攻击工具实现;他们的客户端的useragent往往都是一致的;在遭受到CC攻击的往往会看到同一个useragent在刷屏。

  • 第三条命令:​

    tcpdump -s0 -A -n -i any | grep ^Host ;
  • 正常的输出如下:

  • Host: www.57aliyun.com 
    Host: www.57aliyun.com 
    Host: www.57aliyun.com 
    Host: upload.57aliyun.com 
    Host: upload.57aliyun.com 
    Host: upload.57aliyun.com 
    Host: upload.57aliyun.com 
    Host: upload.57aliyun.com 
    Host: upload.57aliyun.com 
    Host: upload.57aliyun.com 
    Host: upload.57aliyun.com 
    Host: upload.57aliyun.com 
    Host: www.57aliyun.com 
    Host: upload.57aliyun.com 
    Host: upload.57aliyun.com 
    Host: upload.57aliyun.com 
    Host: www.57aliyun.com 
    Host: www.57aliyun.com 
    Host: upload.57aliyun.com 
    Host: upload.57aliyun.com 
    Host: upload.57aliyun.com 
    Host: www.57aliyun.com 
    Host: upload.57aliyun.com 
    Host: upload.57aliyun.com 
    Host: www.57aliyun.com 
     
  • 当同一服务器上存在大量站点时,使用该命令可以快速判断遭受CC攻击的域名。

赞(2)
声明:本网站发布的内容(图片、视频和文字)以原创、转载和分享网络内容为主,如果涉及侵权请尽快告知,我们将会在第一时间删除。文章观点不代表本网站立场,如需处理请联系客服。邮箱:[email protected],本站原创内容未经允许不得转载,如需转载,请注明:吾趣阿里云网 » 快速判断Web站点是否被CC攻击(Linux主机篇)
  • 阿里云
    基础型云服务器

    1核CPU

    2G内存

    40G硬盘

    1M带宽

    独立IP

    分布式存储

    适合企业官网、个人站长类网站

    ¥89/1年 原价¥903.40

  • 阿里云
    超值型云服务器

    2核CPU

    4G内存

    40G硬盘

    3M带宽

    独立IP

    分布式存储

    适合企业官网、行业门户类网站

    ¥899/3年 原价¥8281

  • 阿里云
    高性能云服务器

    2核CPU

    8G内存

    40G硬盘

    5M带宽

    独立IP

    分布式存储

    适合电商、数据库等企业级应用

    ¥1399/3年¥14765

评论 抢沙发

评论前必须登录!