0
我在我的域名之一,我相信是來自Pushdo病毒(或類似),見下面的日誌片段越來越無情的請求。顯然,它會選擇隨機域來發送流量以屏蔽對其命令節點的請求。我嘗試了Fail2Ban,但IP持續不斷地變化,並禁止使用50K +,並且禁止使用比請求更多的資源。我希望能夠通過阻止用戶代理來照顧HTTP請求(也有SMTP,但這是另一個問題!)。阻止用戶代理與iptables不起作用
我一直在使用
iptables -A INPUT -p tcp --dport 80 -m string --algo bm --string "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" -j DROP
試圖但這不起作用!我究竟做錯了什麼?此外,還有其他的建議可以解決這個問題 - 它已經持續了一個多月,我正在拉我的頭髮!
OS:CentOS的6.4
日誌摘錄:
121.54.54.47 - - [20/Oct/2013:03:32:37 +0100] "POST/HTTP/1.1" 200 14772 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
125.60.156.224 - - [20/Oct/2013:03:32:37 +0100] "POST/HTTP/1.1" 200 14772 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
84.108.50.80 - - [20/Oct/2013:03:32:37 +0100] "POST/HTTP/1.1" 200 14772 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
110.143.55.42 - - [20/Oct/2013:03:32:37 +0100] "POST/HTTP/1.1" 200 14772 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
122.208.75.75 - - [20/Oct/2013:03:32:37 +0100] "POST/HTTP/1.1" 200 14772 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
1.2.248.56 - - [20/Oct/2013:03:32:38 +0100] "POST/HTTP/1.1" 200 14772 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
180.194.171.167 - - [20/Oct/2013:03:32:38 +0100] "POST/HTTP/1.1" 200 14772 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
190.200.59.125 - - [20/Oct/2013:03:32:39 +0100] "POST/HTTP/1.1" 200 14772 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
223.197.238.249 - - [20/Oct/2013:03:32:40 +0100] "POST/HTTP/1.1" 200 14772 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
200.121.4.163 - - [20/Oct/2013:03:32:39 +0100] "POST/HTTP/1.1" 200 14772 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"