soh Posted September 2, 2017 Share Posted September 2, 2017 Olá a todos, Tenho uma VPS na DO, e eu queria saber se existe a possibilidade de bloquear acesso direto pelo ip da máquina. Ex: Se digitassem 200.200.200.200 na url, ele nem aparecia nada, daria como inexistente, nem requisição na vps faria. Acessassem apenas pelo dominio mesmo, exemplo(dot)com. Pergunto isso porque recebo milhares de requisições direto no meu ip, e isso ta fazendo minha vps cair sempre, vejam: [Sat Sep 02 05:47:38 2017] [error] [client 66.240.205.34] client denied by server configuration: /usr/local/apps/apache/www/error/noindex.html [Sat Sep 02 05:47:38 2017] [error] [client 66.240.205.34] client denied by server configuration: /usr/local/apps/apache/www/ [Sat Sep 02 05:03:03 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/phpmanager [Sat Sep 02 05:03:03 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/phpmyadmin2018 [Sat Sep 02 05:03:03 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/phpmyadmin2017 [Sat Sep 02 05:03:03 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/phpmyadmin2016 [Sat Sep 02 05:03:02 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/phpmyadmin2015 [Sat Sep 02 05:03:02 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/phpmanager [Sat Sep 02 05:03:02 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/phpmyadmin2014 [Sat Sep 02 05:03:02 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/phpmyadmin2018 [Sat Sep 02 05:03:02 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/phpmyadmin2013 [Sat Sep 02 05:03:02 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/phpmyadmin2017 [Sat Sep 02 05:03:02 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/phpmyadmin2012 [Sat Sep 02 05:03:01 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/phpmyadmin2016 [Sat Sep 02 05:03:01 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/phpmyadmin2011 [Sat Sep 02 05:03:01 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/phpmyadmin2015 [Sat Sep 02 05:03:01 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/pma2018 [Sat Sep 02 05:03:01 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/phpmyadmin2014 [Sat Sep 02 05:03:01 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/pma2017 [Sat Sep 02 05:03:01 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/phpmyadmin2013 [Sat Sep 02 05:03:01 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/pma2016 [Sat Sep 02 05:03:00 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/phpmyadmin2012 [Sat Sep 02 05:03:00 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/pma2015 [Sat Sep 02 05:03:00 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/phpmyadmin2011 [Sat Sep 02 05:03:00 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/pma2014 [Sat Sep 02 05:03:00 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/pma2018 [Sat Sep 02 05:03:00 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/pma2013 [Sat Sep 02 05:03:00 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/pma2017 [Sat Sep 02 05:03:00 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/pma2012 [Sat Sep 02 05:02:59 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/pma2016 [Sat Sep 02 05:02:59 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/pma2011 [Sat Sep 02 05:02:59 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/pma2015 [Sat Sep 02 05:02:59 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/PMA2018 [Sat Sep 02 05:02:59 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/pma2014 [Sat Sep 02 05:02:59 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/PMA2017 [Sat Sep 02 05:02:59 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/pma2013 [Sat Sep 02 05:02:59 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/PMA2016 [Sat Sep 02 05:02:58 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/pma2012 [Sat Sep 02 05:02:58 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/PMA2015 [Sat Sep 02 05:02:58 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/pma2011 [Sat Sep 02 05:02:58 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/PMA2014 [Sat Sep 02 05:02:58 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/PMA2018 [Sat Sep 02 05:02:58 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/PMA2013 [Sat Sep 02 05:02:58 2017] [error] [client 176.192.188.192] client denied by server configuration: /usr/local/apps/apache/www/PMA2017 Acredito que seja algum tipo de ataque ddos, mas se o acesso fosse direto no dominio eu teria como barrar com htaccess. Realmente nao sei o que fazer, poderiam me dar uma luz? 0 Quote Link to comment Share on other sites More sharing options...
owsbr Posted September 2, 2017 Share Posted September 2, 2017 Isso não tem muita cara de DDoS não, tem cara de bruteforce/scan em busca de algo. O que pode fazer é bloquear a origem em seu firewall, na grande maioria das vezes já resolve. 0 Quote Link to comment Share on other sites More sharing options...
soh Posted September 2, 2017 Author Share Posted September 2, 2017 7 horas atrás, owsbr disse: Isso não tem muita cara de DDoS não, tem cara de bruteforce/scan em busca de algo. O que pode fazer é bloquear a origem em seu firewall, na grande maioria das vezes já resolve. Eu tento bloquear com o firewall, mas pra cada IP que eu bloqueio aparece mais 10 diferentes, isso o dia inteiro, 24/7... Isso que eu coloquei é só algumas linhas do log, eu tenho que excluir o log a cada 6 horas pq se não ele fica ilegível. Existe alguma outra forma de bloquear isso, sem ser bloqueando o IP que está scaneando? 0 Quote Link to comment Share on other sites More sharing options...
Marks Posted September 2, 2017 Share Posted September 2, 2017 1 hora atrás, soh disse: Eu tento bloquear com o firewall, mas pra cada IP que eu bloqueio aparece mais 10 diferentes, isso o dia inteiro, 24/7... Isso que eu coloquei é só algumas linhas do log, eu tenho que excluir o log a cada 6 horas pq se não ele fica ilegível. Existe alguma outra forma de bloquear isso, sem ser bloqueando o IP que está scaneando? Se seu site é para um país em específico você pode bloquear alguns países que não deseja receber acesso. 0 Quote Link to comment Share on other sites More sharing options...
soh Posted September 3, 2017 Author Share Posted September 3, 2017 5 horas atrás, MarksEliel disse: Se seu site é para um país em específico você pode bloquear alguns países que não deseja receber acesso. Não é para um país específico. Mas esses "bruteforce" vem de vários IP's destintos. 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.