Linux主機簡單判斷被CC攻擊的網(wǎng)站命令-比較直接有效
CC攻擊很容易發(fā)起���,并且?guī)缀醪恍枰杀荆瑢е卢F(xiàn)在的CC攻擊越來越多��。
大部分搞CC攻擊的人,都是用在網(wǎng)上下載的工具���,這些工具很少去偽造特征�����,所以會留下一些痕跡��。
使用下面的命令���,可以分析下是否在被CC攻擊。
10年積累的成都網(wǎng)站設計��、成都做網(wǎng)站經(jīng)驗�����,可以快速應對客戶對網(wǎng)站的新想法和需求��。提供各種問題對應的解決方案�����。讓選擇我們的客戶得到更好�、更有力的網(wǎng)絡服務��。我雖然不認識你����,你也不認識我��。但先建設網(wǎng)站后付款的網(wǎng)站建設流程��,更有可克達拉免費網(wǎng)站建設讓你可以放心的選擇與我們合作����。
第一條命令:
- tcpdump -s0 -A -n -i any | grep -o -E '(GET|POST|HEAD) .*'
正常的輸出結果類似于這樣
POST /ajax/validator.php HTTP/1.1
POST /api_redirect.php HTTP/1.1
GET /team/57085.html HTTP/1.1
POST /order/pay.php HTTP/1.1
GET /static/goodsimg/20140324/1_47.jpg HTTP/1.1
GET /static/theme/qq/css/index.css HTTP/1.1
GET /static/js/index.js HTTP/1.1
GET /static/js/customize.js HTTP/1.1
GET /ajax/loginjs.php?type=topbar& HTTP/1.1
GET /static/js/jquery.js HTTP/1.1
GET /ajax/load_team_time.php?team_id=57085 HTTP/1.1
GET /static/theme/qq/css/index.css HTTP/1.1
GET /static/js/lazyload/jquery.lazyload.min.js HTTP/1.1
GET /static/js/MSIE.PNG.js HTTP/1.1
GET /static/js/index.js HTTP/1.1
GET /static/js/customize.js HTTP/1.1
GET /ajax/loginjs.php?type=topbar& HTTP/1.1
GET /static/theme/qq/css/i/logo.jpg HTTP/1.1
GET /static/theme/qq/css/i/logos.png HTTP/1.1
GET /static/theme/qq/css/i/hot.gif HTTP/1.1
GET /static/theme/qq/css/i/brand.gif HTTP/1.1
GET /static/theme/qq/css/i/new.gif HTTP/1.1
GET /static/js/jquery.js HTTP/1.1
GET /static/theme/qq/css/i/logo.jpg HTTP/1.1
正常命令結果以靜態(tài)文件為主,比如css,js,各種圖片�。
如果是被攻擊,會出現(xiàn)大量固定的地址����,比如攻擊的是首頁,會有大量的“GET / HTTP/1.1”����,或者有一定特征的地址�����,比如攻擊的如果是Discuz論壇,那么可能會出現(xiàn)大量的“/thread-隨機數(shù)字-1-1.html”這樣的地址���。
第二條命令:
- tcpdump -s0 -A -n -i any | grep??^User-Agent
輸出結果類似于下面:
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; 360space)
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; 360space)
User-Agent: Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; InfoPath.2)
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
這個是查看客戶端的useragent���,正常的結果中,是各種各樣的useragent�����。
大多數(shù)攻擊使用的是固定的useragent�,也就是會看到同一個useragent在刷屏。隨機的useragent只見過一次���,但是給搞成了類似于這樣“axd5m8usy”��,還是可以分辨出來�。
第三條命令:
- tcpdump -s0 -A -n -i any | grep ^Host
如果機器上的網(wǎng)站太多����,可以用上面的命令找出是哪個網(wǎng)站在被大量請求
輸出結果類似于下面這樣
Host:?www.server110.com
Host:?www.server110.com
Host:?www.server110.com
Host: upload.server110.com
Host: upload.server110.com
Host: upload.server110.com
Host: upload.server110.com
Host: upload.server110.com
Host: upload.server110.com
Host: upload.server110.com
Host: upload.server110.com
Host: upload.server110.com
Host:?www.server110.com
Host: upload.server110.com
Host: upload.server110.com
Host: upload.server110.com
Host:?www.server110.com
Host:?www.server110.com
Host: upload.server110.com
Host: upload.server110.com
Host: upload.server110.com
Host:?www.server110.com
Host: upload.server110.com
Host: upload.server110.com
Host:?www.server110.com
一般系統(tǒng)不會默認安裝tcpdump命令
centos安裝方法:yum install -y tcpdump
debian/ubuntu安裝方法:apt-get install -y tcpdump
很多小白用戶不懂得如何設置日志,查看日志��,使用上面的命令則簡單的多,復制到命令行上運行即可����。
本文名稱:Linux主機簡單判斷被CC攻擊的網(wǎng)站命令-比較直接有效
URL地址:
http://uogjgqi.cn/article/dpdcjde.html
掃二維碼與項目經(jīng)理溝通
我們在微信上24小時期待你的聲音
解答本文疑問/技術咨詢/運營咨詢/技術建議/互聯(lián)網(wǎng)交流
