我的 blog 被 ddos 了,怀疑是在 V2EX 分享导致的

2023-03-30 17:12:00 +08:00
 duke807

网站打不开,ssh 连接不上去,vps 后台看 cpu 、内存全部爆满

一开始怀疑某个程序出 bug 导致,重启之后还是一样

只能 vnc 登录,敲命令要等很久,好不容易看到 top 输出,然后 kill apache2 才行

查看 log ,一个最耗资源的 python cgi 被针对性攻击,挂了 cloudflare 也抗不住啊

最近一次分享是说我这个 blog 免注册的注册才是最好的注册,且不用密码,估计触碰到卖登录系统的人的蛋糕了: https://www.v2ex.com/t/927411

以下是 apache2 log:

172.69.22.65 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.69.22.224 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.69.22.225 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.158.9 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
162.158.166.173 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.69.22.76 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.69.134.11 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
141.101.86.185 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.158.113 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.158.139 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.154.6 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.154.110 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.69.134.11 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.158.116 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.158.112 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
162.158.166.172 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.158.9 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.158.139 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.154.137 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
162.158.166.172 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.158.116 - - [30/Mar/2023:17:01:14 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.69.22.4 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
141.101.86.6 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.154.137 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.154.111 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
162.158.166.169 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.158.112 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.158.116 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
162.158.166.172 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.154.7 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.154.7 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
162.158.166.168 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.158.112 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
162.158.166.172 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.154.6 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
141.101.86.90 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
162.158.166.172 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.154.6 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.158.138 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.154.6 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.158.113 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.158.9 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.154.110 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.154.136 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
172.71.154.114 - - [30/Mar/2023:17:01:15 +0800] "POST /api/get-captcha HTTP/1.1" 500 593
2138 次点击
所在节点    站长
10 条回复
HongJay
2023-03-30 17:16:09 +08:00
先生,这是常识
Cu635
2023-03-30 17:22:07 +08:00
标题内容还好,不过内容有点戏太多了……

分享的那人博客“关于”页面,里面说的需不需要注册问题、“联邦制”帐号系统,对于这个概念来讲实际上早就有产品了:disqus ,还有就是 github 帐号 oath 登录的博客评论系统。所以也谈不上“触碰到卖登录系统的人的蛋糕”。
duke807
2023-03-30 17:34:28 +08:00
最终打开 Cloudflare Under Attack mode 了事
duke807
2023-03-30 17:40:49 +08:00
@Cu635

可能有人无聊吧,反正看 cf 后台,正是我回复之后开始受到攻击的

https://i.imgur.com/KCDLS7b_d.webp?maxwidth=760
Cu635
2023-03-30 17:43:17 +08:00
@duke807 #4
可能是我没说清楚,我主要是说“触碰到卖登录系统的人的蛋糕”戏太多,分享之后被攻击倒是很合理的推测。
gaobh
2023-03-30 17:49:34 +08:00
问题来了,怎么防 ddos ?
duke807
2023-03-30 17:55:07 +08:00
@gaobh 见本帖 3 楼,效果很好,不影响正常用户访问,又能阻止攻击者访问我的网站
hemingcn
2023-03-30 18:03:53 +08:00
@gaobh 充钱,
duke807
2023-03-30 18:05:10 +08:00
@hemingcn 不用,cf 是免费的
7RTDKSAK
2023-03-30 23:58:20 +08:00
MJJ 宣布对此攻击负责(滑稽)

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/928545

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX