Você pode apenas negar a solicitação desses ip's do host virtual com uma reescrita.
RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^185\.62\.189\.92 [OR]
RewriteCond %{REMOTE_ADDR} ^186\.62\.189\.92 [OR]
RewriteRule ^(.*)$ - [F,L]
Estou com ataque de DDOS no meu servidor. Eu descobri que alguém estava se esforçando em um dos sites do Wordpress. Eu desativei esse host virtual temporariamente. Agora estou tentando bloquear seus endereços IP usando o iptables. Mas ainda vejo os logs das solicitações provenientes desses endereços IP no Apache.
os comandos que usei:
iptables -A INPUT -s 185.62.189.92 -j DROP
iptables -A OUTPUT -d 185.62.189.92 -j DROP
aqui está o meu iptables:
# iptables -nvL --line-numbers
Chain INPUT (policy ACCEPT 5146 packets, 553K bytes)
num pkts bytes target prot opt in out source destination
1 0 0 DROP all -- * * 185.62.189.98 0.0.0.0/0
2 0 0 DROP all -- * * 185.62.189.91 0.0.0.0/0
3 0 0 DROP all -- * * 185.62.189.92 0.0.0.0/0
4 0 0 DROP all -- * * 5.196.18.195 0.0.0.0/0
5 0 0 DROP all -- * * 185.62.188.98 0.0.0.0/0
6 0 0 DROP all -- * * 185.11.144.82 0.0.0.0/0
7 0 0 DROP all -- * * 185.11.144.82 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 6497 packets, 7556K bytes)
num pkts bytes target prot opt in out source destination
1 0 0 DROP all -- * * 0.0.0.0/0 185.62.189.98
2 0 0 DROP all -- * * 0.0.0.0/0 185.62.189.91
3 0 0 DROP all -- * * 0.0.0.0/0 185.62.189.92
4 0 0 DROP all -- * * 0.0.0.0/0 5.196.18.195
5 0 0 DROP all -- * * 0.0.0.0/0 185.62.188.98
6 0 0 DROP all -- * * 0.0.0.0/0 185.11.144.82
7 0 0 DROP all -- * * 0.0.0.0/0 185.11.144.82
Ainda recebo toneladas de solicitações dos endereços bloqueados:
tail -f error.log
[Thu May 14 03:35:40.483899 2015] [authz_core:error] [pid 11474] [client 5.196.18.195:48105] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:40.920629 2015] [authz_core:error] [pid 11526] [client 185.62.189.92:17158] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:41.343127 2015] [authz_core:error] [pid 11526] [client 185.62.189.92:17158] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:41.830613 2015] [authz_core:error] [pid 11511] [client 185.62.189.92:46302] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:42.387676 2015] [authz_core:error] [pid 11501] [client 185.62.189.92:40100] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:43.362905 2015] [authz_core:error] [pid 11508] [client 185.62.189.92:16423] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:44.487948 2015] [authz_core:error] [pid 11501] [client 185.62.189.92:40100] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:46.066769 2015] [authz_core:error] [pid 11508] [client 185.62.189.92:16423] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:47.908027 2015] [authz_core:error] [pid 11527] [client 5.196.18.195:54456] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:47.938903 2015] [authz_core:error] [pid 11501] [client 5.196.18.195:9522] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:48.014147 2015] [authz_core:error] [pid 11487] [client 5.196.18.195:25948] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:48.118337 2015] [authz_core:error] [pid 11445] [client 185.62.189.92:23557] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:49.381834 2015] [authz_core:error] [pid 11510] [client 185.62.189.92:14750] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:51.074766 2015] [authz_core:error] [pid 11445] [client 185.62.189.92:23557] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:51.338875 2015] [authz_core:error] [pid 11487] [client 5.196.18.195:25948] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:51.602580 2015] [authz_core:error] [pid 11445] [client 185.62.189.92:23557] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
Você pode apenas negar a solicitação desses ip's do host virtual com uma reescrita.
RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^185\.62\.189\.92 [OR]
RewriteCond %{REMOTE_ADDR} ^186\.62\.189\.92 [OR]
RewriteRule ^(.*)$ - [F,L]
Tente adicionar o nome da interface nas suas regras:
-i eth0 para a regra INPUT
e -o eth0 para a regra OUTPUT.
Para encontrar o seu próprio nome de interface Você pode com o comando:
ifconfig
Tags iptables apache-2.2 ddos