如何阻止含有广告的恶意垃圾访问?
栏目:
nginx
发布时间:2023-01-29
nginx 访问日志中发现大量广告,类似于 “GET /external-link?url=xxx”,如何阻止含有广告的恶意垃圾访问?
看下面的日志片段:
193.150.70.51 - - [29/Jan/2023:05:44:29 +0000] "GET /external-link?url=http://boost-engine.ru/mir/home.php?mod=space&uid=3376758&do=profile HTTP/1.1" 200 317 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36"
193.150.70.51 - - [29/Jan/2023:05:44:31 +0000] "GET /external-link?url=http://double-glazed-windows-rep12083.canariblogs.com/double-glazing-window-repair-like-a-guru-with-this-secret-formula-25971151 HTTP/1.1" 200 701 "https://www.tides.cn/external-link?url=http://boost-engine.ru/mir/home.php?mod=space&uid=3376758&do=profile" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36"
193.218.190.226 - - [29/Jan/2023:05:44:38 +0000] "GET /external-link?url=https://skyhighsmokeshop.com/collections/quartz-bangers-and-nails HTTP/1.1" 200 317 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Edg/103.0.1264.71"
193.218.190.36 - - [29/Jan/2023:05:45:40 +0000] "GET /external-link?url=https://www.repairmywindowsanddoors.co.uk/hyde-windowrepair/ HTTP/1.1" 200 317 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Edg/103.0.1264.71"
193.150.70.200 - - [29/Jan/2023:05:48:10 +0000] "GET /external-link?url=https://montanaflynn.me HTTP/1.1" 200 317 "-" "Mozilla/5.0 (X11; Linux i686; rv:102.0) Gecko/20100101 Firefox/102.0"
那么,我们如何防止这种恶意访客呢?
- 方法一:加黑名单
你可以选择将对方的 ip 加入黑名单,但是很快你可能会放弃这种做法,面对不断增多的恶意访问,这项持续的维护工作显然过于繁琐。
- 方法二
将恶意访问的 http 响应状态码设置为 500,逼对方放弃恶意访问。
代码实现:
// 以 egg 为例
if (这里的条件请根据实际情况自行编写) {
ctx.body = '';
ctx.status = 500;
}
nginx 日志效果如下:
193.218.190.198 - - [29/Jan/2023:06:33:08 +0000] "GET /external-link?url=http://double-glazed-windows-rep12083.canariblogs.com/double-glazing-window-repair-like-a-guru-with-this-secret-formula-25971151 HTTP/1.1" 500 0 "https://www.tides.cn/external-link?url=https://evworld.kr:443/bbs/board.php?bo_table=mobil01&wr_id=118735" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Vivaldi/5.3.2679.68"
193.218.190.27 - - [29/Jan/2023:06:33:51 +0000] "GET /external-link%3Furl=https://www.accidentinjurylawyers.claims/ HTTP/1.1" 404 22 "https://flyd.ru/away.php?to=https://www.tides.cn/external-link%3Furl=https://www.accidentinjurylawyers.claims/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Vivaldi/5.3.2679.68"
193.218.190.28 - - [29/Jan/2023:06:38:52 +0000] "GET /external-link?url=http://greenlight.thesome.com/bbs/board.php?bo_table=qna&wr_id=71150 HTTP/1.1" 500 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36"
193.218.190.28 - - [29/Jan/2023:06:38:53 +0000] "GET /external-link?url=http://double-glazed-windows-rep12083.canariblogs.com/double-glazing-window-repair-like-a-guru-with-this-secret-formula-25971151 HTTP/1.1" 500 0 "https://www.tides.cn/external-link?url=http://greenlight.thesome.com/bbs/board.php?bo_table=qna&wr_id=71150" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36"
慢慢地,攻击者会将你的域名从他们的数据库中删除。
没错,这就是一个斗智的过程,时刻关注着恶意攻击者的动向,给对方有力的反击,将攻击者赶走!
本文地址:https://www.tides.cn/p_nginx-logs-of-evil-visit