这种情况是被DDOS了么

V2EX = way to explore

V2EX 是一个关于分享和探索的地方

现在注册

已注册用户请登录

推荐书目

› 高性能网站建设进阶指南

› High Performance Web Sites

› Google Hacks: Tips & Tools for Finding and Using the World's Information

关于 Google SEO 最好的一本书

这是一个创建于 3958 天前的主题，其中的信息可能已经有所发展或是发生改变。

用iftop 现在能看到这么个信息,如图， http://urlc.cn/g/yd6io6tu ,

难道被DDOS了？

求分析，求解决

ddos

iftop

如图

11 条回复 • 1970-01-01 08:00:00 +08:00

kmvan

2014-01-26 11:12:06 +08:00

有何异常？

582033

2014-01-26 11:16:06 +08:00

检测到连接IP有725个，带宽打到峰值。

Livid

MOD

2014-01-26 11:22:09 +08:00

这种情况你应该看 web server 的 log

582033

2014-01-26 11:40:22 +08:00

@Livid 请指教.. 怎么看是否有异常呢

error.log 可以看到如下类似信息
2014/01/26 11:36:12 [error] 14532#0: unexpected response for www.espam.co.kr
2014/01/26 11:36:25 [error] 14533#0: unexpected response for giahdarou.ir
2014/01/26 11:36:25 [error] 14533#0: unexpected response for giahdarou.ir
2014/01/26 11:37:38 [error] 14533#0: DNS error (16: Unknown error), query id:14222
2014/01/26 11:38:22 [error] 14533#0: unexpected response for www.portlandcvb.com
2014/01/26 11:38:22 [error] 14533#0: unexpected response for www.portlandcvb.com
2014/01/26 11:38:32 [error] 14533#0: unexpected response for www.portlandcvb.com
2014/01/26 11:38:41 [error] 14532#0: unexpected response for www.zb1213.com
2014/01/26 11:38:50 [error] 14533#0: unexpected response for steady-laughing.com
2014/01/26 11:38:50 [error] 14533#0: unexpected response for steady-laughing.com
2014/01/26 11:38:55 [error] 14533#0: unexpected response for steady-laughing.com

Livid

MOD

2014-01-26 11:43:22 +08:00

@582033 看看 access.log

582033

2014-01-26 11:52:21 +08:00

@Livid 日志没有大量增加

114.80.109.30 - - [26/Jan/2014:11:41:26 +0800] "POST /api/manyou/my.php HTTP/1.0" 200 154 "http://www.bgjsy.com/api/manyou/my.php" "Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9"
113.13.131.36 - - [26/Jan/2014:11:41:27 +0800] "POST /member.php?mod=register&inajax=1 HTTP/1.1" 200 1042 "http://www.bgjsy.com/member.php?mod=register&inajax=1" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)"
46.161.41.24 - - [26/Jan/2014:11:42:22 +0800] "GET /search.php?mod=forum&srchtxt=%E5%8C%97%E4%BA%AC%E4%BA%8C%E6%89%8B%E6%88%BF%E8%A3%85%E4%BF%AE&formhash=5f7a996e&searchsubmit=true&source=hotsearch HTTP/1.1" 302 5 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows 95) Opera 7.03 [de]"
46.161.41.24 - - [26/Jan/2014:11:42:23 +0800] "GET /search.php?mod=forum&searchid=4&orderby=lastpost&ascdesc=desc&searchsubmit=yes&kw=%E5%8C%97%E4%BA%AC%E4%BA%8C%E6%89%8B%E6%88%BF%E8%A3%85%E4%BF%AE HTTP/1.1" 200 7330 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows 95) Opera 7.03 [de]"
117.80.175.69 - - [26/Jan/2014:11:42:38 +0800] "GET / HTTP/1.1" 301 5 "http://www.bgjsy.com/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)"

42.96.185.104 - - [26/Jan/2014:11:47:58 +0800] "GET /tongji/5.html HTTP/1.0" 404 570 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
42.96.185.104 - - [26/Jan/2014:11:48:20 +0800] "GET /?topic=%E6%88%91%E6%83%B3%E5%95%8F%E6%8D%B7%E6%98%9F%E8%88%AA%E7%A9%BA%E9%9A%A8%E8%BA%AB%E8%A1%8C%E6%9D%8E%E7%9A%84%E9%99%90%E5%88%B6 HTTP/1.1" 200 4701 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2b1) Gecko/20091014 Firefox/3.6b1 GTB5"
221.215.66.58 - - [26/Jan/2014:11:48:38 +0800] "GET /tongji/5.html HTTP/1.0" 404 570 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
42.96.185.104 - - [26/Jan/2014:11:48:52 +0800] "GET /tongji/5.html HTTP/1.0" 404 570 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
212.2.229.35 - - [26/Jan/2014:11:48:55 +0800] "CONNECT oauth.vk.com:443 HTTP/1.0" 400 172 "-" "-"
42.96.185.104 - - [26/Jan/2014:11:49:46 +0800] "GET /tongji/5.html HTTP/1.0" 404 570 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
221.215.66.58 - - [26/Jan/2014:11:50:25 +0800] "GET /tongji/5.html HTTP/1.0" 404 0 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
42.96.185.104 - - [26/Jan/2014:11:50:57 +0800] "GET /tongji/5.html HTTP/1.1" 404 198 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
42.96.185.104 - - [26/Jan/2014:11:51:00 +0800] "GET /apple/iphone4renzituoguijiaotao/ HTTP/1.1" 404 142 "http://www.guokey.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.50"