如何屏蔽垃圾邮件请求

问答中心分类: OneinStack如何屏蔽垃圾邮件请求
0
支持
反对
codeArt asked 8 年 ago
主机部署在腾讯云上,使用lamp 部署oneinstack之后 查看 Apache_log 记录时发现大量异常连接请求
类似于
1.160.42.190 - - [08/Mar/2017:08:27:43 +0800] "CONNECT mx-tw.mail.gm0.yahoodns.net:25 HTTP/1.0" 200 10546
1.160.42.190 - - [08/Mar/2017:08:28:14 +0800] "CONNECT mx-tw.mail.gm0.yahoodns.net:25 HTTP/1.0" 200 10546
1.160.42.190 - - [08/Mar/2017:08:28:49 +0800] "CONNECT mx-tw.mail.gm0.yahoodns.net:25 HTTP/1.0" 200 10546
1.160.42.190 - - [08/Mar/2017:08:38:56 +0800] "CONNECT mx-tw.mail.gm0.yahoodns.net:25 HTTP/1.0" 200 10546
1.160.42.190 - - [08/Mar/2017:08:39:35 +0800] "CONNECT mx-tw.mail.gm0.yahoodns.net:25 HTTP/1.0" 200 10546
1.160.42.190 - - [08/Mar/2017:08:39:59 +0800] "CONNECT mx-tw.mail.gm0.yahoodns.net:25 HTTP/1.0" 200 10546
1.160.42.190 - - [08/Mar/2017:08:40:50 +0800] "CONNECT mx-tw.mail.gm0.yahoodns.net:25 HTTP/1.0" 200 10546
189.253.192.123 - - [08/Mar/2017:08:42:26 +0800] "GET / HTTP/1.0" 200 10546
1.160.42.190 - - [08/Mar/2017:08:46:30 +0800] "CONNECT mx-tw.mail.gm0.yahoodns.net:25 HTTP/1.0" 200 10546

107.151.148.193 - - [08/Mar/2017:08:23:07 +0800] "GET http://www.sbjudge2.com/azenv.php HTTP/1.1" 404 2175
107.151.148.193 - - [08/Mar/2017:08:23:07 +0800] "CONNECT http://www.alipay.com:443 HTTP/1.1" 200 10546
107.151.148.193 - - [08/Mar/2017:08:23:07 +0800] "\x80\x9b\x01\x03\x01" 400 226
请问如何处理
 

3 Answers
0
支持
反对
codeArt answered 8 年 ago
这应该就是“网络嗅探”了,虽然屏蔽了ip,但是嗅探仍然继续,以域名的方式。
1-160-42-190.dynamic.hinet.net - - [08/Mar/2017:15:17:30 +0800] "CONNECT mx-tw.mail.gm0.yahoodns.net:25 HTTP/1.0" 200 10546
1-160-42-190.dynamic.hinet.net - - [08/Mar/2017:15:17:59 +0800] "CONNECT mx-tw.mail.gm0.yahoodns.net:25 HTTP/1.0" 200 10546
esp-148-193.adhesivetalk.com - - [08/Mar/2017:15:19:29 +0800] "GET http://proxyjudge.us/ HTTP/1.1" 200 10546
esp-148-193.adhesivetalk.com - - [08/Mar/2017:15:19:30 +0800] "CONNECT http://www.alipay.com:443 HTTP/1.1" 200 10546
esp-148-193.adhesivetalk.com - - [08/Mar/2017:15:19:31 +0800] "\x80\x9b\x01\x03\x01" 400 226
5.178.86.74 - - [08/Mar/2017:15:20:45 +0800] "CONNECT check.best-proxies.ru:80 HTTP/1.1" 400 226
1-160-42-190.dynamic.hinet.net - - [08/Mar/2017:15:25:02 +0800] "CONNECT mx-tw.mail.gm0.yahoodns.net:25 HTTP/1.0" 200 10546
23.251.63.45 - - [08/Mar/2017:15:34:39 +0800] "GET http://fr.cyberpods.net/ HTTP/1.1" 200 10546
23.251.63.45 - - [08/Mar/2017:15:34:42 +0800] "CONNECT http://www.alipay.com:443 HTTP/1.1" 200 10546
23.251.63.45 - - [08/Mar/2017:15:34:42 +0800] "\x80\x98\x01\x03\x01" 400 226
1-160-42-190.dynamic.hinet.net - - [08/Mar/2017:15:36:20 +0800] "CONNECT mx-tw.mail.gm0.yahoodns.net:25 HTTP/1.0" 200 10546
1-160-42-190.dynamic.hinet.net - - [08/Mar/2017:15:36:38 +0800] "CONNECT mx-tw.mail.gm0.yahoodns.net:25 HTTP/1.0" 200 10546

0
支持
反对
iplaywind answered 8 年 ago
你好,我也使用腾讯云主机,也出现了类似的问题,请问你最后是怎么解决的?

0
支持
反对
codeArt answered 8 年 ago
经过监测发现大量的异常代理及异常登陆行为。
1、启用Fail2ban脚本可以进行基础防御;总觉得腾讯云的防御好像没起什么作用[默认规则以及apache-proxy]
2、如果使用经典网络,则开始限制端口,将没用的端口屏蔽掉[公网保留基础端口80,22]之类的
3、不建议在控制台屏蔽IP,就算屏蔽IP,他仍然会继续攻击
这样就可以进行基础防御

提交问题
相关问题

COPYRIGHT © 2021 OneinStack. ALL RIGHTS RESERVED.

Theme Kratos Made By Seaton Jiang

晋ICP备2023023154号-1