万网虚机查看日志/屏蔽IP

查看日志

如果重启后依然跑高的话及时下载wwwlogs日志，使用weblog工具分析确认是否存在恶意IP访问，在.htaccess屏蔽恶意IP，同时检查您的网站程序，确认是否可以在代码层面做优化，降低对服务器资源的消耗。

linux主机IISweb服务屏蔽IP

htaccess屏蔽IP：
https://help.aliyun.com/knowledge_detail/36226.html

如果根目录没有.htaccess 需要手动创建；

RewriteEngine on
RewriteBase /
Order Deny,Allow
Deny from [$Deny_IP1] 
Deny from [$Deny_IP_Segment] 

说明：
[$Deny_IP1]为需要屏蔽的IP地址，可添加多个要屏蔽的IP地址，中间用空格隔开。
[$Deny_IP_Segment]为需要屏蔽的IP地址段。

如果根目录已有.htaccess 可以在其中添加；

Order deny,allow
Allow from all
Deny from xxx.xxx.xxx.xxx
Deny from xxx.xxx.xxx

示例

<IfModule mod_rewrite.c>


    Options +FollowSymlinks -Multiviews

    RewriteEngine On
RewriteBase /
Order Deny,Allow
Deny from 114.55.94.72
Deny from 116.179.37.0/24
Deny from 220.181.108.0/24
Deny from 112.80.254.0/24
Deny from 119.162.181.0/24
Deny from 223.96.215.0/24
Deny from 117.176.200.0/24
Deny from 183.14.132.0/24

    #http跳转到https

    #RewriteCond %{SERVER_PORT} !^443$

    #RewriteRule ^(.*)$ https://www.xxxxx.com/$1 [L,R=301]



    RewriteCond %{REQUEST_FILENAME} !-d

    RewriteCond %{REQUEST_FILENAME} !-f

    RewriteRule ^(.*)$ index.php?s=/$1 [QSA,PT,L]

    #RewriteRule ^(.*)$ index.php/$1 [QSA,PT,L]

    #RewriteRule ^(.*)$ index.php?/$1 [QSA,PT,L]



    #禁止指定脚本的运行

    RewriteCond % !^$

    RewriteRule data/(.*).(php|php3|php4|php5|php6|php7|pht|phtml|asp|aspx|jsp|exe|js|sql|perl|cgi|asa)$ – [F]

    RewriteRule template/(.*).(php|php3|php4|php5|php6|php7|pht|phtml|asp|aspx|jsp|exe|perl|cgi|asa)$ – [F]

    RewriteRule uploads/(.*).(php|php3|php4|php5|php6|php7|pht|phtml|asp|aspx|jsp|exe|js|perl|cgi|asa)$ – [F] 

</IfModule>

web日志如下

218.5.39.253 - - [21/Oct/2021:06:30:19 +0800] "GET /include/vdimgck.php HTTP/1.1" 403 221 "http://www.21mengxiang.com/include/vdimgck.php" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" "wh-aq8gahp03dclix2qrv7.my3w.com" "text/html" "/usr/home/wh-aq8gahp03dclix2qrv7/htdocs/include/vdimgck.php" 205
218.5.39.253 - - [21/Oct/2021:06:30:19 +0800] "GET /include/vdimgck.php HTTP/1.1" 403 221 "http://www.21mengxiang.com/include/vdimgck.php" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" "wh-aq8gahp03dclix2qrv7.my3w.com" "text/html" "/usr/home/wh-aq8gahp03dclix2qrv7/htdocs/include/vdimgck.php" 208
218.5.39.253 - - [21/Oct/2021:06:30:19 +0800] "GET /include/vdimgck.php HTTP/1.1" 403 221 "http://www.21mengxiang.com/include/vdimgck.php" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" "wh-aq8gahp03dclix2qrv7.my3w.com" "text/html" "/usr/home/wh-aq8gahp03dclix2qrv7/htdocs/include/vdimgck.php" 173
218.5.39.253 - - [21/Oct/2021:06:30:19 +0800] "GET /include/vdimgck.php HTTP/1.1" 403 221 "http://www.21mengxiang.com/include/vdimgck.php" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" "wh-aq8gahp03dclix2qrv7.my3w.com" "text/html" "/usr/home/wh-aq8gahp03dclix2qrv7/htdocs/include/vdimgck.php" 227
218.5.39.253 - - [21/Oct/2021:06:30:19 +0800] "POST /member/index_do.php HTTP/1.1" 403 221 "http://www.21mengxiang.com/member/index_do.php" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" "wh-aq8gahp03dclix2qrv7.my3w.com" "text/html" "/usr/home/wh-aq8gahp03dclix2qrv7/htdocs/member/index_do.php" 242
218.5.39.253 - - [21/Oct/2021:06:30:19 +0800] "GET /include/vdimgck.php HTTP/1.1" 403 221 "http://www.21mengxiang.com/include/vdimgck.php" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" "wh-aq8gahp03dclix2qrv7.my3w.com" "text/html" "/usr/home/wh-aq8gahp03dclix2qrv7/htdocs/include/vdimgck.php" 191

Windows IIS web.config 屏蔽UA和屏蔽IP访问

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Block spider">
<match url="(^robots.txt$)" ignoreCase="false" negate="true" />
<conditions>
<add input="{HTTP_USER_AGENT}" pattern="MegaIndex|MegaIndex.ru|BLEXBot|Qwantify|qwantify|semrush|Semrush|serpstatbot|hubspot|python|Bytespider|Go-http-client|Java|PhantomJS|SemrushBot|Scrapy|Webdup|AcoonBot|AhrefsBot|Ezooms|EdisterBot|EC2LinkFinder|jikespider|Purebot|MJ12bot|WangIDSpider|WBSearchBot|Wotbox|xbfMozilla|Yottaa|YandexBot|Jorgee|SWEBot|spbot|TurnitinBot-Agent|mail.RU|perl|Python|Wget|Xenu|ZmEu|^$"
ignoreCase="true" />
</conditions>
<action type="AbortRequest" />
</rule>

                <rule name="band ip" stopProcessing="true">

                    <match url="(.*)" />

                    <conditions logicalGrouping="MatchAny">

                        <add input="%{HTTP_X_FORWARDED_FOR}&amp;%{REMOTE_ADDR}&amp;%{HTTP_X_Real_IP}" pattern="(121.46.248.149|124.160.118.110|114.55.94.72)" />

                    </conditions>

                    <action type="AbortRequest" />

                </rule>
				
</rules>
</rewrite>
</system.webServer>
</configuration>

windows主机IISweb服务屏蔽IP

asp屏蔽ip，将以下代码添加到一个conn.asp的文件中，然后在每个页面中引用即可。

<%
 requestIP = request.ServerVariables("REMOTE\_ADDR")   '这是访问这个页面的IP
IP   = "127.0.0.1|qq.com|192.168.1.1"    '这是要禁止访问网站的IP，用“|”隔开
trueURL  = "[http://www.baidu.com]"        '可以访问的IP跳转到
falseURL = "[http://www.qq.com]"       '不可以访问的IP跳转到
ipArr  = split(IP,"|")
flag  = false
for i=0 to ubound(ipArr)
 if requestIP=ipArr(i) then
  flag=true
 exit for
 end if
next
if flag then
 response.Redirect(falseURL)
else
 response.Redirect(trueURL)
end if
%>

windows主机IIS web服务屏蔽IP方法二

将以下代码复制另存为web.config文件，其中的IP可以替换和增加为需要屏蔽的IP，支持IP段屏蔽，上传到网站根目录即可生效。（仅限windows IIS系统） 需要屏蔽的IP地址只需要在文件中增加一行 保存即可。

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<security>
<ipSecurity allowUnlisted="true">
<clear/>
<add ipAddress="127.0.0.1"/>
<add ipAddress="127.255.255.0" subnetMask="255.255.255.0"/>
</ipSecurity>
</security>
</system.webServer>
</configuration>

然后把上面其中的代码另存为IP.asp文件，然后用下面方法在asp程序页面加入下面代码即可`

<!-- #include file="IP.asp" -->

web.log 可使用 Notepad++ 和 weblog工具分析

一个子网掩码分开的IP地址到网络地址和主机地址.

子网掩码做什么？

subnetMask用于阻止/允许网络中的IP地址范围:

例如:<add ipAddress="83.116.119.0" subnetMask="255.255.255.0"/>

用于阻止网络83.116.119.0到83.116.119.255IP.

如果我们不指定子网掩码会发生什么？

如果您未指定子网掩码,例如:<add ipAddress="83.116.19.53"/>它将仅阻止一个IP.

如何添加IP地址范围？

您可以看到示例范围来回答您的问题:

<add ipAddress="1.2.3.0" subnetMask="255.255.255.0"/>     <!--blocks network 1.2.3.0 to 1.2.3.255-->                
<add ipAddress="1.2.0.0" subnetMask="255.255.0.0"/>     <!--blocks network 1.2.0.0 to 1.2.255.255-->                
<add ipAddress="1.0.0.0" subnetMask="255.0.0.0"/>     <!--blocks network 1.0.0.0 to 1.255.255.255-->     

阻止所有IP,除了列出的IP:

<ipSecurity allowUnlisted="true">