本帖最后由 523066680 于 2019-1-31 16:17 编辑
对网络还是太多的不了解,今天登陆后台发现CPU被刷爆了。但是我的网站又没什么人,哪个蛋疼的会去搞事?
通过后台了解到可以在wwwlogs目录获取日志,自己分析。
所以我写了一份Perl脚本分析 Log 日志(从zip中提取) | | | | | | | | | | | | | use Modern::Perl; | | use Archive::Zip qw( :ERROR_CODES :CONSTANTS ); | | use File::Slurp; | | use Encode; | | STDOUT->autoflush(1); | | | | my $zip = Archive::Zip->new(); | | $zip->read( 'log20190131.zip' ); | | | | my @fdata; | | for my $m ( $zip->members ) { | | say $m->fileName; | | push @fdata, [split /\r?\n/, $m->contents]; | | } | | | | my %hash; | | for my $s ( @{$fdata[0]}, @{$fdata[1]} ) | | { | | | | die unless $s=~/([\d\.]+)\.(\d+)[ -]+.*"(.*)" xyu3241/; | | if (exists $hash{$1}) { | | $hash{$1}{ip}{$2} = 1; | | $hash{$1}{times}++; | | } else { | | $hash{$1}{times} = 1; | | $hash{$1}{agent} = $3; | | $hash{$1}{ip} = {$2, 1}; | | } | | } | | | | my @sortkeys = sort { $hash{$a}{times} <=> $hash{$b}{times} } keys %hash; | | for my $e (@sortkeys) | | { | | printf "IP: %12s, times:%3d - %s\n", | | $e, | | | | $hash{$e}{times}, join(",", sort { $a <=> $b } keys %{$hash{$e}{ip}}); | | } | | __END__ | | ``` | | 220.181.108.119 - - [31/Jan/2019:03:28:49 +0800] \ | | "GET /ucp.php?mode=register HTTP/1.1" 200 4795 "-" \ | | "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" \ | | xyu3241540001.my3w.com text/html "/usr/home/xyu3241540001/htdocs/ucp.php" 502988 | | ```COPY |
得到发起请求最多的几个地址段(最右的数字是ip最后一节地址列表,说明改IP段有多个子IP在发请求): | IP: 220.181.108, times:440 - 75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,99,100,101,102,103,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,144,145,146,147,149,155,156,157,158,159,160,161,162,163,165,166,167,168,169,174,175,176,177,178,179,180,181,182,183,184,185,186,187 | | IP: 123.125.71, times:477 - 12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,36,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,60,74,75,76,77,78,79,85,86,87,88,89,90,91,92,94,95,96,97,98,99,100,105,106,107,108,109,110,111,112,113,114,115,116,117 | | IP: 216.244.66, times:506 - 250 | | IP: 42.236.10, times:1763 - 70,71,72,73,74,75,76,77,78,79,81,82,83,84,88,89,90,91,98,100,103,104,105,107,108,109,110,112,113,116,120,121,122,123COPY |
列出 agent 信息 | IP: 220.181.108, times:440 - Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html) | | IP: 123.125.71, times:477 - Mozilla/5.0 (iPhone; CPU iPhone OS 8_0 like Mac OS X) AppleWebKit/600.1.3 (KHTML, like Gecko) Version/8.0 Mobile/12A4345d Safari/600.1.4 | | IP: 216.244.66, times:506 - Mozilla/5.0 (compatible; DotBot/1.1; http://www.opensiteexplorer.org/dotbot, help@moz.com) | | IP: 42.236.10, times:1763 - Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36; 360SpiderCOPY |
看来应该就是蛋疼的 360Spider …… |
发表于 2019-1-31 16:06
|