帮忙看看我服务器是不是给攻击了？

zgy

UID: 25324
帖子: 1
积分: 2
在线时间: 10 分钟

1^# zgy 发表于 2008-06-07 04:42

帮忙看看我服务器是不是给攻击了？

access_log里面的内容：
218.89.179.156 - - [07/Jun/2008:12:42:57 +0800] "Q" 501 294 "-" "-"
124.130.29.35 - - [07/Jun/2008:12:42:57 +0800] "Q" 501 294 "-" "-"
116.224.169.92 - - [07/Jun/2008:12:42:58 +0800] "Q" 501 294 "-" "-"
124.236.235.91 - - [07/Jun/2008:12:42:59 +0800] "Q" 501 294 "-" "-"
218.247.199.97 - - [07/Jun/2008:12:43:00 +0800] "Q" 501 294 "-" "-"
222.161.17.134 - - [07/Jun/2008:12:43:00 +0800] "Q" 501 294 "-" "-"
121.43.69.233 - - [07/Jun/2008:12:43:00 +0800] "Q" 501 294 "-" "-"
58.245.117.198 - - [07/Jun/2008:12:43:02 +0800] "Q" 501 294 "-" "-"
220.175.198.43 - - [07/Jun/2008:12:43:03 +0800] "Q" 501 294 "-" "-"
60.6.236.69 - - [07/Jun/2008:12:43:03 +0800] "Q" 501 294 "-" "-"
124.236.161.24 - - [07/Jun/2008:12:43:05 +0800] "Q" 501 294 "-" "-"
117.8.122.76 - - [07/Jun/2008:12:43:05 +0800] "Q" 501 294 "-" "-"
24.84.178.193 - - [07/Jun/2008:12:43:05 +0800] "Q" 501 294 "-" "-"
218.3.215.74 - - [07/Jun/2008:12:43:06 +0800] "Q" 501 294 "-" "-"
61.133.118.250 - - [07/Jun/2008:12:43:06 +0800] "Q" 501 294 "-" "-"
58.244.85.119 - - [07/Jun/2008:12:43:06 +0800] "Q" 501 294 "-" "-"
221.131.9.197 - - [07/Jun/2008:12:43:07 +0800] "Q" 501 294 "-" "-"
60.160.10.235 - - [07/Jun/2008:12:43:07 +0800] "Q" 501 294 "-" "-"
很多很多

error_log 里面的内容
[Sat Jun 07 12:42:44 2008] [error] [client 124.131.236.50] Invalid method in request Q
[Sat Jun 07 12:42:44 2008] [error] [client 222.242.153.193] Invalid method in request Q
[Sat Jun 07 12:42:45 2008] [error] [client 221.10.221.130] Invalid method in request Q
[Sat Jun 07 12:42:45 2008] [error] [client 117.61.45.248] Invalid method in request Q
[Sat Jun 07 12:42:45 2008] [error] [client 218.89.187.69] Invalid method in request Q
[Sat Jun 07 12:42:46 2008] [error] [client 221.218.53.141] Invalid method in request Q
[Sat Jun 07 12:42:46 2008] [error] [client 58.51.89.206] Invalid method in request Q
[Sat Jun 07 12:42:49 2008] [error] [client 124.162.180.51] Invalid method in request Q
[Sat Jun 07 12:42:49 2008] [error] [client 124.172.10.109] Invalid method in request Q
[Sat Jun 07 12:42:53 2008] [error] [client 61.161.65.171] Invalid method in request Q
[Sat Jun 07 12:42:54 2008] [error] [client 218.9.44.222] Invalid method in request Q
[Sat Jun 07 12:42:56 2008] [error] [client 221.5.131.130] Invalid method in request Q
[Sat Jun 07 12:42:57 2008] [error] [client 218.89.179.156] Invalid method in request Q
[Sat Jun 07 12:42:57 2008] [error] [client 124.130.29.35] Invalid method in request Q
[Sat Jun 07 12:42:58 2008] [error] [client 116.224.169.92] Invalid method in request Q
也是n多，是不是品德不好收攻击了？如果是，是什么攻击？

todayhero

UID: 36973
帖子: 120
积分: 276
在线时间: 20 小时

2^# todayhero 发表于 2008-06-11 10:17

QUOTE:

原帖由 zgy 于 2008-6-7 04:42 发表
access_log里面的内容：
218.89.179.156 - - [07/Jun/2008:12:42:57 +0800] "Q" 501 294 "-" "-"
124.130.29.35 - - [07/Jun/2008:12:42:57 +0800] "Q" 501 294 "-" "-"
116.224.169.92 - - [07/Jun/2008:12 ...

1.从error_log中错误提示关键是:"Invalid method in request ",翻译过来就是"请求中包括无效的方案".

2.我认为是配置方面出现的问题或是提交的给APACHE的内容非法所致.如
[Fri Apr 11 13:01:20 2008] [error] [client x.x.x.x] Invalid method in request \x80L\x01\x03
千辛万苦排查，怎么都排查不出原因。结果是URL输入错误，输入了本地回环地址！配置SSL后，是无法使用本地回环地址来访问HTTPS服务的。

3.通常不会是攻击.攻击通常是DDOS攻击.这个你可以查看"netstat -na | grep SYN | grep :80 | wc -l"多少决定.需要一定经验.