Андрей Д.
33 года, Украина
34 сообщения
#5 месяцев назад
На сервере находится несколько сайтов, но постоянно ддосится (если, конечно, это ддос) только один. Выделенный сервер, сайт на Nginx + PHP-FPM, кеширование nginx включено. Сайт работает в нормальное время отлично, быстро. Но как начинается атака у сервера забивается весь канал, потому как запросы идут только на картинки, причем запросы без реферера, что и наводит на мысль о ддосе. Сайт не имеет посещаемости (100-200 чел/сутки). Понятия не имею, кому понадобилось ддосить такой сайт, а атаки продолжаются вот уже недели две, бывают дневные перерывы - день нормально, день атакуют. Приходится отключать сайт, чтобы сервер работал нормально. Подскажите, как можно спастись от такого вида ддос (ниже кусок из логов)

217.118.90.152 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/strany-gde-zhizn-deshevle-chem-u-vas-doma-28.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Redmi Note 3 Build/MMB29M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/67.0.3396.87 Mobile Safari/537.36"185.135.150.120 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/zhizn-srednego-klassa-v-raznyh-stranah-18.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Lenovo K33a42 Build/MMB29M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.158 Mobile Safari/537.36"
46.211.71.11 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/strany-gde-zhizn-deshevle-chem-u-vas-doma-41.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 4.4.4; SM-T116 Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36"
95.153.129.233 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/strany-gde-zhizn-deshevle-chem-u-vas-doma-32.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 5.0.1; GT-I9500 Build/LRX22C; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/45.0.2454.95 Mobile Safari/537.36"
89.169.20.253 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/strany-gde-zhizn-deshevle-chem-u-vas-doma-10.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 8.0.0; FLA-LX1 Build/HUAWEIFLA-LX1; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.158 Mobile Safari/537.36"
46.216.152.165 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/strany-gde-zhizn-deshevle-chem-u-vas-doma-7.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 8.0.0; FIG-LX1 Build/HUAWEIFIG-LX1; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/67.0.3396.87 Mobile Safari/537.36"
46.216.152.165 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/strany-gde-zhizn-deshevle-chem-u-vas-doma-6.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 8.0.0; FIG-LX1 Build/HUAWEIFIG-LX1; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/67.0.3396.87 Mobile Safari/537.36"
46.216.152.165 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/strany-gde-zhizn-deshevle-chem-u-vas-doma-5.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 8.0.0; FIG-LX1 Build/HUAWEIFIG-LX1; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/67.0.3396.87 Mobile Safari/537.36"
85.140.22.247 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/uvlekatelnye-fakty-kotorymi-mozhno-razvlech-lyubuyu-kompaniyu-4.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 5.1.1; SM-T280 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/62.0.3202.84 Safari/537.36"
176.59.193.184 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/strany-gde-zhizn-deshevle-chem-u-vas-doma-11.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 5.0.1; GT-I9500 Build/LRX22C; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/45.0.2454.95 Mobile Safari/537.36"
31.173.101.26 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/zhizn-srednego-klassa-v-raznyh-stranah-5.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 9; Mi A2 Lite Build/PKQ1.180917.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36"
178.124.174.14 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/strany-gde-zhizn-deshevle-chem-u-vas-doma-11.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 7.1.2; Redmi 4A Build/N2G47H; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.91 Mobile Safari/537.36"
185.135.150.120 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/zhizn-srednego-klassa-v-raznyh-stranah-19.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Lenovo K33a42 Build/MMB29M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.158 Mobile Safari/537.36"
176.59.193.184 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/strany-gde-zhizn-deshevle-chem-u-vas-doma-10.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 5.0.1; GT-I9500 Build/LRX22C; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/45.0.2454.95 Mobile Safari/537.36"
85.140.22.247 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/uvlekatelnye-fakty-kotorymi-mozhno-razvlech-lyubuyu-kompaniyu-5.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 5.1.1; SM-T280 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/62.0.3202.84 Safari/537.36"
185.135.150.120 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/zhizn-srednego-klassa-v-raznyh-stranah-20.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Lenovo K33a42 Build/MMB29M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.158 Mobile Safari/537.36"
109.200.108.231 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/strany-gde-zhizn-deshevle-chem-u-vas-doma-36.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 4.4.2; Ixion X140 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Mobile Safari/537.36"
46.216.152.165 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/strany-gde-zhizn-deshevle-chem-u-vas-doma-9.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 8.0.0; FIG-LX1 Build/HUAWEIFIG-LX1; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/67.0.3396.87 Mobile Safari/537.36"
176.59.193.184 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/strany-gde-zhizn-deshevle-chem-u-vas-doma-13.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 5.0.1; GT-I9500 Build/LRX22C; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/45.0.2454.95 Mobile Safari/537.36"
217.118.90.152 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/strany-gde-zhizn-deshevle-chem-u-vas-doma-30.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Redmi Note 3 Build/MMB29M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/67.0.3396.87 Mobile Safari/537.36"
85.140.23.226 - - [21/Feb/2019:14:46:25 +0200] "GET /wp-content/uploads/2019/02/strany-gde-zhizn-deshevle-chem-u-vas-doma-9.jpg HTTP/1.1" 403 1305 "-" "Mozilla/5.0 (Linux; Android 8.0.0; H4113 Build/50.1.A.10.51; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/68.0.3440.91 Mobile Safari/537.36"
Олег Медведь
33 года, Украина
131 сообщение
#5 месяцев назад
Похоже на парсинг картинок. Попробуйте поменять папку для загрузки файлов 
Андрей В.
27 лет, Украина
844 сообщения
#5 месяцев назад
Поломали форум 
https://dl.dropboxusercontent.com/s/dag9izokohqyhoj/shot_190221_203147.png