首页 注册 登录
V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
duke807
V2EX  ›  站长

我的 blog 被 ddos 了,怀疑是在 V2EX 分享导致的

  •   
  •   duke807 · 2023-03-30 17:12:00 +08:00 · 2318 次点击
    这是一个创建于 605 天前的主题,其中的信息可能已经有所发展或是发生改变。

    网站打不开,ssh 连接不上去,vps 后台看 cpu 、内存全部爆满

    一开始怀疑某个程序出 bug 导致,重启之后还是一样

    只能 vnc 登录,敲命令要等很久,好不容易看到 top 输出,然后 kill apache2 才行

    查看 log ,一个最耗资源的 python cgi 被针对性攻击,挂了 cloudflare 也抗不住啊

    最近一次分享是说我这个 blog 免注册的注册才是最好的注册,且不用密码,估计触碰到卖登录系统的人的蛋糕了: https://www.v2ex.com/t/927411

    以下是 apache2 log:

    172.69.22.65 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.69.22.224 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.69.22.225 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.158.9 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
162.158.166.173 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.69.22.76 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.69.134.11 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
141.101.86.185 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.158.113 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.158.139 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.154.6 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.154.110 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.69.134.11 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.158.116 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.158.112 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
162.158.166.172 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.158.9 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.158.139 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.154.137 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
162.158.166.172 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.158.116 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.69.22.4 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
141.101.86.6 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.154.137 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.154.111 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
162.158.166.169 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.158.112 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.158.116 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
162.158.166.172 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.154.7 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.154.7 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
162.158.166.168 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.158.112 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
162.158.166.172 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.154.6 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
141.101.86.90 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
162.158.166.172 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.154.6 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.158.138 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.154.6 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.158.113 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.158.9 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.154.110 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.154.136 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.154.114 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
  • 23:17:01
  • Mar
  • API
  • post
    10 条回复    2023-03-30 23:58:20 +08:00
    HongJay
        1
    HongJay  
       2023-03-30 17:16:09 +08:00
    先生,这是常识
    Cu635
        2
    Cu635  
       2023-03-30 17:22:07 +08:00
    标题内容还好,不过内容有点戏太多了……

    分享的那人博客“关于”页面,里面说的需不需要注册问题、“联邦制”帐号系统,对于这个概念来讲实际上早就有产品了:disqus ,还有就是 github 帐号 oath 登录的博客评论系统。所以也谈不上“触碰到卖登录系统的人的蛋糕”。
    duke807
        3
    duke807  
    OP
       2023-03-30 17:34:28 +08:00
    最终打开 Cloudflare Under Attack mode 了事
    duke807
        4
    duke807  
    OP
       2023-03-30 17:40:49 +08:00
    @Cu635

    可能有人无聊吧,反正看 cf 后台,正是我回复之后开始受到攻击的

    https://i.imgur.com/KCDLS7b_d.webp?maxwidth=760
    Cu635
        5
    Cu635  
       2023-03-30 17:43:17 +08:00
    @duke807 #4
    可能是我没说清楚,我主要是说“触碰到卖登录系统的人的蛋糕”戏太多,分享之后被攻击倒是很合理的推测。
    gaobh
        6
    gaobh  
       2023-03-30 17:49:34 +08:00 via iPhone
    问题来了,怎么防 ddos ?
    duke807
        7
    duke807  
    OP
       2023-03-30 17:55:07 +08:00
    @gaobh 见本帖 3 楼,效果很好,不影响正常用户访问,又能阻止攻击者访问我的网站
    1KTN90lKW9gVJ9vX
        8
    1KTN90lKW9gVJ9vX  
       2023-03-30 18:03:53 +08:00 via Android
    @gaobh 充钱,
    duke807
        9
    duke807  
    OP
       2023-03-30 18:05:10 +08:00 via Android
    @hemingcn 不用,cf 是免费的
    7RTDKSAK
        10
    7RTDKSAK  
       2023-03-30 23:58:20 +08:00
    MJJ 宣布对此攻击负责(滑稽)
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   2738 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 23ms · UTC 11:29 · PVG 19:29 · LAX 03:29 · JFK 06:29
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.