一台 10 年的老服务器,最近 bingbot 疯狂刷流量,用$http_user_agent 为啥屏蔽不了... nginx 日志里 N 多类似这样的记录:
172.68.244.177 - - [04/Aug/2024:04:04:10 -0400] "GET /find-app/%E0%B8%AD%E0%B8%B2%E0%B8%8A%E0%B8%B5%E0%B8%9E%E0%B8%82%E0%B8%AD%E0%B8%87%E0%B8%8A%E0%B8%B2%E0%B8%A7%E0%B8%AB%E0%B8%A7%E0%B8%B9%E0%B9%88%E0%B8%AB%E0%B8%A5%E0%B8%B4%E0%B8%87%E0%B8%84%E0%B8%B7%E0%B8%AD%E0%B8%81%E0%B8%B2%E0%B8%A3%E0%B8%95%E0%B8%81%E0%B8%9B%E0%B8%A5%E0%B8%B2%E3%80%90ta777.me%E3%80%91%E0%B8%AD%E0%B8%B2%E0%B8%8A%E0%B8%B5%E0%B8%9E%E0%B8%82%E0%B8%AD%E0%B8%87%E0%B8%8A%E0%B8%B2%E0%B8%A7%E0%B8%AB%E0%B8%A7%E0%B8%B9%E0%B9%88%E0%B8%AB%E0%B8%A5%E0%B8%B4%E0%B8%87%E0%B8%84%E0%B8%B7%E0%B8%AD%E0%B8%81%E0%B8%B2%E0%B8%A3%E0%B8%95%E0%B8%81%E0%B8%9B%E0%B8%A5%E0%B8%B2%E3%80%90ta777.me%E3%80%91w7t?page=2 HTTP/1.1" 403 571 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) Chrome/116.0.1938.76 Safari/537.36" 52.167.144.211
172.71.222.36 - - [04/Aug/2024:04:04:10 -0400] "GET /find-app/%E6%B9%96%E5%8D%97%E6%B0%B4%E5%88%A9%E6%B0%B4%E7%94%B5%E8%81%8C%E4%B8%9A%E6%8A%80%E6%9C%AF%E5%AD%A6%E9%99%A2%E6%AF%95%E4%B8%9A%E8%AF%81%E6%A0%B7%E6%9C%AC%E5%9B%BE%E7%89%87%E2%8F%A9%E5%8A%9E%E7%90%86%E7%BD%91zhengjian.shop%E2%8F%AA-%E5%93%AA%E9%87%8C%E4%B9%B0%E6%B9%96%E5%8D%97%E6%B0%B4%E5%88%A9%E6%B0%B4%E7%94%B5%E8%81%8C%E4%B8%9A%E6%8A%80%E6%9C%AF%E5%AD%A6%E9%99%A2%E6%AF%95%E4%B8%9A%E8%AF%81%E6%A0%B7%E6%9C%AC%E5%9B%BE%E7%89%87%F0%9F%8C%9F%E5%8A%9E%E8%AF%81%E7%BD%91zhengjian.shop%F0%9F%8C%9F-%E5%BC%A0%E5%AE%B6%E6%B8%AF%E6%B9%96%E5%8D%97%E6%B0%B4%E5%88%A9%E6%B0%B4%E7%94%B5%E8%81%8C%E4%B8%9A%E6%8A%80%E6%9C%AF%E5%AD%A6%E9%99%A2%E6%AF%95%E4%B8%9A%E8%AF%81%E6%A0%B7%E6%9C%AC%E5%9B%BE%E7%89%87%E5%93%AA%E9%87%8C%E6%9C%89-%E5%93%AA%E9%87%8C%E5%8A%9E%E6%B9%96%E5%8D%97%E6%B0%B4%E5%88%A9%E6%B0%B4%E7%94%B5%E8%81%8C%E4%B8%9A%E6%8A%80%E6%9C%AF%E5%AD%A6%E9%99%A2%E6%AF%95%E4%B8%9A%E8%AF%81%E6%A0%B7%E6%9C%AC%E5%9B%BE%E7%89%87Q5?page=3 HTTP/1.1" 403 571 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) Chrome/116.0.1938.76 Safari/537.36" 52.167.144.211
以下是完整配置
server
{
listen 80;
listen 443 ssl;
#
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
## ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
## enable HSTS including subdomains
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
server_name domain.com www.domain.com;
index index.html index.htm index.php;
root /opt/htdocs/www.domain.com/public;
#301
if ($host = 'domain.com') {
rewrite ^/(.*)$ https://www.domain.com/$1 permanent;
}
#location ~ /find-app {
if ($http_user_agent ~* "bingbot|AhrefsBot") {
return 403;
}
#}
location / {
try_files $uri $uri/ /index.php?$query_string;
}
#申请 let’s Encrypt SSL 用
location ~ /.well-known {
allow all;
}
if (!-e $request_filename) {
}
location ~ .*\.(php|php5)?$
{
#fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fcgi.conf;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 15d;
}
access_log /data0/logs/domain.log access;
}
1
Xusually 143 天前 via iPhone 1
屏蔽成功了呀 你贴的两条日志 status code 都是 403 ,说明你规则生效了。
|
2
ZhilingQwQ 143 天前
为什么不用 robots.txt 呢
|
3
unidotnet 143 天前
为什么不用 robots.txt 呢 +1
|
4
cokyhe OP 日志里是 403 了,但是对应的 php 代码确还在执行,cpu 狂飙,我再查查吧,谢谢楼上的兄弟
|
6
AkaGhost 143 天前
bingbot 遵守 robots.txt ,直接用 robots.txt 告诉 bingbot 别来爬网了就行
|
7
Xusually 143 天前
而且你贴的这 2 个 IP 根本不是 Bing 的 bot ip ,你可以在这里确认是否是真的 bing bot: https://www.bing.com/toolbox/verify-bingbot
那两个 IP 是 cloudflare 的 ip ,是伪造的爬虫 |
8
moyaya 143 天前
最近各种爬虫太多了,尤其是 AI 公司。
|
9
yb2313 143 天前
给他爬的的东西里下毒, 反正爬虫也不管这些
|
11
jaylee4869 143 天前
套 CDP ,WAF 上拦截 JA3 / JA4 。
国外的服务无脑 [Cloudflare]( https://lawrenceli.me/blog/cloudflare#client-hello---ja3) |
13
xiaoxiaov 142 天前 via Android
给服务器弄个雷池社区版,一劳永逸
|
14
lpe234 142 天前
这是爬虫吗?这是来打广告的吧。 [app/湖南水利水电职业技术学院毕业证样本图片⏩办理网]
|
15
RangerWolf 142 天前
@Xusually 有没有 facebook 的爬虫 IP 验证的?
我的站被 facebook 爬了 |