早上发现了一次CC攻击,以下是分析本站IIS日志得出来的结论……

2012-06-08 10:02:36:

开始攻击……

攻击的地址为:GET /index.asp - 80 - 183.203.12.18 Mozilla/4.0 200 0 0

2012-06-08 10:14:19:

在攻击了 12 分钟、发起 44351 次 GET 请求之后,暂时停止了攻击。

至于为什么暂停攻击?

呵呵,我猜他是没有看到任何攻击效果,因为本站对这种低级攻击没有任何反应……

2012-06-08 10:39:53:

GET /index.asp a=rss 80 - 180.96.19.24 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+5.1) 200 0 0

在暂停攻击 25 分钟之后,攻击者又开始攻击了。

不过,这次攻击地址改成了:/index.asp?a=rss

User-Agent 改成了:Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+5.1)

不得不说,攻击者终于变聪明了一些,选择了一个“动态页面”进行攻击。

呵呵,很不幸的告诉你,其实,这是个静态页面……

更不幸的告诉你,本站全站都是静态页面……

2012-06-08 10:46:13

在攻击了 7 分钟、发起 2697 次 GET 请求之后,又停止了攻击……

呵呵,不出所料,攻击者应该又是没有看到任何效果,失望的停止了攻击……

2012-06-08 11:28:02

GET /index.asp i=2565 80 - 119.147.241.58 Mozilla/4.0 200 0 0

在过了 40 多分钟后,又开始攻击了……

坚持不懈啊,孩子……

这次聪明了,找了一篇文章的链接进行攻击。

呵呵,不幸的告诉你,从首次访问该文章开始,该文章就已经缓存了,它已经变成静态页面了……

而且,由于“Anti-CC.asp”的存在,你除了给本站文章增加一些点击数之外,恐怕无法造成任何影响……

2012-06-08 11:42:08

我偶然间发现网站异常,于是重启了 IIS,并进行了一些简单的处理,攻击到此结束。

攻击次数:49894 次 GET 请求,时长:14 分钟零 6 秒。

攻击者特征:

1、攻击者使用的应该是普通的、依靠代理进行 CC 攻击的软件。

2、User-Agent 值统一。

3、IP 来源均为各种免费 HTTP 代理,一搜一堆那种。

4、呵呵,很不幸的告诉你,由于你使用的普通 HTTP 代理,所以可以很容易的追踪到真实 IP 地址(真实 IP 地址即在 HTTP 头中)。

后记:

针对这种 CC 攻击,处理方式很简单,直接批量将攻击 IP 添加到本地 IP 安全策略黑名单即可,立即见效。

由于本站限制了 IIS 最大连接数仅为几百个,所以当连接数达到限制值之后,会短暂的出现:Service Unavailable,除此之外不会造成任何影响。

(已修改 IIS 连接数,并将攻击 IP 列入黑名单中……)

附上攻击IP列表: 

1.2.166.179
101.226.33.190
101.226.33.206
101.255.36.234
109.111.182.202
109.123.126.253
109.175.28.43
109.70.65.199
110.137.63.44
110.139.62.115
110.234.71.142
110.44.113.253
110.77.237.148
110.77.238.123
110.77.239.227
111.68.97.178
111.94.141.4
112.217.228.212
112.223.15.34
112.230.252.194
112.25.12.36
112.25.12.37
112.25.12.38
112.25.12.39
112.78.147.131
112.90.224.195
112.90.33.239
112.90.33.240
112.94.250.242
113.105.93.119
113.106.48.103
113.212.126.29
113.53.254.123
114.199.120.6
115.119.206.103
115.124.64.25
115.124.65.253
115.124.79.166
115.236.19.223
115.236.19.227
115.236.19.228
115.85.65.162
116.112.66.102
116.212.112.247
116.228.182.186
116.90.211.136
117.239.105.130
118.212.129.175
118.96.149.65
118.97.30.210
118.99.98.119
119.110.66.202
119.110.71.109
119.147.241.58
119.161.238.90
119.167.225.12
119.2.69.238
119.235.54.69
119.46.90.28
119.82.248.67
119.97.146.148
120.136.26.194
120.136.5.36
120.29.157.250
121.31.253.60
121.33.243.58
121.33.249.170
122.117.43.13
122.136.65.103
122.141.242.199
122.141.243.215
122.141.243.216
122.144.4.102
122.144.4.106
122.154.162.3
122.184.133.212
122.205.95.14
122.225.107.27
122.225.22.22
122.227.16.189
122.72.0.1
122.72.0.227
122.72.112.142
122.72.112.148
122.72.112.166
122.72.112.184
122.72.124.2
122.72.124.3
122.72.2.184
122.72.2.188
122.72.2.200
123.131.165.156
123.234.31.130
123.50.56.206
124.160.239.223
124.160.239.234
124.195.6.243
124.205.178.51
124.207.162.117
124.207.162.118
124.207.162.119
124.207.162.190
124.219.18.81
124.6.36.2
124.81.113.183
125.167.122.78
125.210.188.35
125.67.230.192
125.93.180.234
159.255.160.106
164.77.222.226
173.167.182.166
173.236.204.117
173.248.139.218
174.128.242.66
175.103.44.243
175.103.60.28
175.136.246.105
175.176.244.178
176.9.29.232
177.12.97.35
177.36.243.7
177.44.133.26
177.46.33.80
177.75.176.254
177.85.233.80
178.135.51.214
180.139.91.27
180.151.27.129
180.178.104.146
180.178.109.201
180.211.162.22
180.211.180.194
180.241.27.37
180.241.28.136
180.242.156.216
180.243.169.135
180.243.235.40
180.244.126.171
180.244.193.110
180.244.196.14
180.244.208.185
180.245.120.41
180.246.178.166
180.246.224.6
180.247.149.247
180.247.251.146
180.247.54.41
180.251.29.115
180.251.4.193
180.252.181.3
180.94.80.18
180.96.19.24
180.96.19.25
181.64.81.129
182.16.254.162
182.23.11.246
182.23.13.226
182.23.8.122
182.253.6.84
182.99.127.29
183.203.12.14
183.203.12.15
183.203.12.16
183.203.12.17
183.203.12.18
183.203.12.19
183.203.12.21
186.109.91.204
186.113.178.234
186.194.7.179
186.208.101.70
186.208.73.6
186.211.7.254
186.216.160.147
186.228.41.210
186.251.6.202
186.3.78.234
186.4.110.36
186.46.121.42
186.46.41.146
186.88.133.212
186.89.159.193
186.90.24.198
186.90.44.60
186.90.55.125
186.92.157.132
186.92.215.123
186.92.254.27
186.93.122.230
186.93.154.205
187.111.210.23
187.28.74.139
188.127.226.211
188.128.6.150
189.22.25.162
189.3.240.26
189.41.162.126
189.75.181.55
189.77.188.46
189.89.154.82
189.89.157.66
190.108.83.21
190.111.121.57
190.121.135.178
190.121.143.243
190.14.250.118
190.15.193.65
190.15.199.90
190.151.111.202
190.16.102.117
190.200.180.77
190.213.73.105
190.214.5.19
190.221.29.214
190.242.40.38
190.242.40.50
190.254.88.74
190.255.207.86
190.40.28.83
190.42.49.47
190.66.11.52
190.85.134.27
190.85.37.90
190.90.7.229
190.96.64.234
190.98.248.114
193.190.154.173
193.252.201.136
193.27.209.200
194.44.243.142
194.78.234.117
195.28.31.62
195.3.254.159
2.228.6.74
200.105.237.58
200.110.180.4
200.121.57.83
200.129.173.226
200.139.176.146
200.141.202.162
200.166.251.200
200.169.75.38
200.178.100.102
200.196.234.26
200.196.51.130
200.24.196.20
200.251.56.18
200.27.114.228
200.42.69.94
200.54.92.187
200.60.11.19
200.61.31.66
200.72.32.173
200.73.197.250
200.85.152.107
200.88.243.214
201.130.47.33
201.15.62.235
201.219.3.5
201.251.112.119
201.251.62.137
201.51.80.90
202.105.233.40
202.115.207.25
202.117.4.226
202.129.185.112
202.137.11.166
202.137.2.250
202.153.228.179
202.153.228.38
202.159.6.146
202.161.188.98
202.164.192.9
202.164.53.100
202.169.54.157
202.171.34.234
202.191.57.37
202.43.74.66
202.51.107.37
202.51.113.58
202.51.119.38
202.51.120.58
202.53.172.250
202.75.102.18
202.91.247.89
203.113.102.61
203.114.106.138
203.122.192.59
203.131.67.22
203.156.255.58
203.190.190.68
203.190.55.236
203.215.48.78
203.43.23.254
203.62.1.75
203.77.252.34
203.93.104.10
207.211.86.6
209.88.88.40
210.0.205.70
210.101.131.231
210.101.131.232
210.242.215.210
210.242.215.211
210.242.215.212
210.242.215.213
210.242.215.214
210.242.215.215
210.242.215.216
210.242.215.217
210.242.215.218
210.242.215.219
210.57.215.130
211.239.84.131
212.92.210.62
212.92.210.64
212.92.210.67
212.92.210.71
212.92.210.72
212.92.210.77
212.92.210.79
212.92.210.83
212.92.210.86
212.92.210.87
213.96.248.147
216.157.222.2
216.157.73.242
218.107.193.59
218.15.164.131
218.247.138.40
218.29.54.105
218.6.13.35
218.65.230.212
218.69.96.4
218.76.157.98
218.87.20.10
218.94.149.114
219.133.36.198
219.145.93.110
219.159.105.180
219.159.198.57
219.234.130.38
219.234.130.39
219.83.100.195
219.94.243.74
220.118.19.148
220.128.246.14
220.194.59.163
220.227.90.238
220.243.2.242
220.248.162.130
220.255.2.100
220.255.2.101
220.255.2.102
220.255.2.103
220.255.2.104
220.255.2.105
220.255.2.106
220.255.2.107
220.255.2.108
220.255.2.109
220.255.2.112
220.255.2.113
220.255.2.114
220.255.2.115
220.255.2.116
220.255.2.117
220.255.2.118
220.255.2.119
220.255.2.120
220.255.2.121
220.255.2.123
220.255.2.124
220.255.2.125
220.255.2.126
220.255.2.127
220.255.2.128
220.255.2.129
220.255.2.130
220.255.2.131
220.255.2.132
220.255.2.134
220.255.2.135
220.255.2.136
220.255.2.137
220.255.2.138
220.255.2.139
220.255.2.140
220.255.2.141
220.255.2.142
220.255.2.143
220.255.2.144
220.255.2.147
220.255.2.148
220.255.2.149
220.255.2.150
220.255.2.151
220.255.2.153
220.255.2.154
220.255.2.155
220.255.2.156
220.255.2.158
220.255.2.159
220.255.2.160
220.255.2.161
220.255.2.162
220.255.2.163
220.255.2.164
220.255.2.165
220.255.2.166
220.255.2.167
220.255.2.168
220.255.2.169
220.255.2.170
220.255.2.171
220.255.2.172
220.255.2.173
220.255.2.98
220.255.2.99
221.133.238.138
221.179.35.94
221.195.42.195
221.199.190.155
221.2.159.175
221.2.174.164
221.204.222.228
221.208.195.69
221.7.145.42
221.7.228.138
222.124.207.26
222.124.207.29
222.124.33.37
222.165.175.246
222.169.15.234
222.200.161.100
222.42.18.113
222.73.220.168
222.83.160.45
222.89.55.123
223.4.10.225
223.4.2.158
27.111.36.194
27.115.118.66
27.47.129.139
31.151.46.89
31.209.98.18
31.25.137.202
31.7.56.72
36.68.157.180
41.129.116.204
41.186.3.170
41.196.22.244
41.205.99.100
41.210.52.202
41.215.247.146
41.73.2.36
41.73.231.164
41.75.201.146
41.75.204.71
41.78.103.42
41.78.239.194
41.89.211.5
46.10.180.111
46.148.44.149
46.164.138.190
46.252.32.202
46.31.26.12
49.212.86.136
50.22.206.179
58.18.253.98
58.247.113.186
58.248.217.216
58.248.217.217
58.252.100.31
58.59.9.126
58.67.147.198
59.172.208.186
59.34.57.68
59.57.15.71
60.209.7.54
60.210.169.246
60.217.32.143
60.217.32.148
60.251.59.68
60.28.186.114
60.28.219.218
60.28.245.251
61.135.208.131
61.141.21.34
61.147.88.106
61.153.219.245
61.160.202.201
61.166.155.230
61.167.49.188
61.185.143.178
61.49.34.43
62.121.64.19
62.201.214.54
62.92.115.100
63.240.248.248
64.243.191.86
64.85.181.45
67.205.96.72
68.71.76.242
71.13.87.62
72.64.146.136
77.28.99.19
77.48.243.250
77.71.1.190
78.30.137.212
78.45.44.95
79.120.177.37
79.140.105.122
79.170.50.38
80.120.42.142
80.233.133.75
80.241.245.242
80.26.67.17
80.36.161.169
80.71.144.162
80.74.160.66
80.80.166.59
80.81.34.178
80.90.12.36
81.17.23.216
81.17.24.178
81.17.24.99
82.129.141.183
83.102.228.188
84.20.82.82
84.41.108.74
84.88.67.222
88.146.193.61
88.198.179.119
88.85.108.16
89.111.232.94
89.134.241.112
89.135.18.91
90.182.182.154
90.189.123.3
91.137.155.2
91.200.171.245
91.202.144.77
92.255.66.241
92.87.18.254
93.114.61.245
93.116.214.107
93.123.45.23
93.152.175.1
93.86.249.179
94.102.153.150
94.155.51.112
94.189.169.78
94.189.182.221
94.42.176.108
95.170.205.194
97.92.164.147
99.47.3.234
99.47.3.235

留言评论(旧系统):

Zypeh @ 2012-06-08 21:26:13

刷屏!!放出一大把的IP列表,我还以为什么回事呢

本站回复:

额,500多个而已……

落雪依然 @ 2012-06-09 09:58:45

这里的攻击 直接扫IP 代理 然后按照id顺序GET 嗯哼?

本站回复:

自己去查查CC攻击的相关资料,你就明白了,一种很古老的攻击……

小一 @ 2012-06-09 23:57:17

靠,中午要留言一直service unavailable,核总能把那个anti-cc改成php版的不,我想用到wordpress里。

本站回复:

是有小孩在CC攻击,经过处理,此类攻击对本站已经不具备任何威胁了…… 昨天没事写了个小工具,全自动封 CC 代理 IP,嘿嘿,陪这熊孩子玩玩…… php 版暂时没精力改,原理很简单,只是统计在线用户,然后存入全局数组,每次用户访问时对应的计数器加1,然后判断在指定时间内计数器是否超过指定值,如果超过则判定为攻击,然后再进行某些操作……

【匿名者】 @ 2012-06-12 20:05:29

普通的IE代理,真实IP就在包中?

本站回复:

是的,在HTTP协议中,有个Header为:X-Forwarded-For,如果使用了普通代理,代理服务器默认会把真实IP以及经过的服务器路径放入该头信息中。 例如:X-Forwarded-For: 111.111.111.111, 222.222.222.222。 具体你去搜一下,此类文章极多……

无上 @ 2012-12-30 13:42:12

直接屏蔽掉代理访问不就行了。 本站限制了 IIS 最大连接数仅为几百个 最大连接数攻击?

本站回复:

那是半年以前了,现在设置早改了……

老衲今晚有空 @ 2013-08-21 21:59:05

如何屏蔽掉代理访问,求解核总

本站回复:

加入IIS黑名单即可

核爆裂 @ 2014-10-29 10:14:39

CC攻击不是需要花钱的么?

本站回复:

额。。。