这段时间Nodeloc打开一直卡卡的,因为比较忙,一直没时间看。
这几天打算迁移一下服务器,迁移过程中发现,凌晨居然也异常的卡顿,于是查看了一下日志。
发现大量来自 cloudflare 的异常请求。
2024/04/16 01:57:38 [warn] 59#0: *806 a client request body is buffered to a temporary file /usr/local/nginx/client_body_temp/0000001083, client: 172.64.236.45, server: www.nodeloc.com, request: "POST / HTTP/1.1", host: "www.nodeloc.com", referrer: "https://www.nodeloc.com/"
2024/04/16 01:57:38 [warn] 59#0: *802 a client request body is buffered to a temporary file /usr/local/nginx/client_body_temp/0000001084, client: 172.64.236.45, server: www.nodeloc.com, request: "POST / HTTP/1.1", host: "www.nodeloc.com", referrer: "https://www.nodeloc.com/"
2024/04/16 01:57:39 [warn] 59#0: *1234 a client request body is buffered to a temporary file /usr/local/nginx/client_body_temp/0000001085, client: 172.64.236.44, server: www.nodeloc.com, request: "POST / HTTP/1.1", host: "www.nodeloc.com", referrer: "https://www.nodeloc.com/"
2024/04/16 01:57:39 [warn] 59#0: *1235 a client request body is buffered to a temporary file /usr/local/nginx/client_body_temp/0000001086, client: 172.64.236.90, server: www.nodeloc.com, request: "POST / HTTP/1.1", host: "www.nodeloc.com", referrer: "https://www.nodeloc.com/"
2024/04/16 01:57:40 [warn] 59#0: *599 a client request body is buffered to a temporary file /usr/local/nginx/client_body_temp/0000001087, client: 172.64.236.126, server: www.nodeloc.com, request: "POST / HTTP/1.1", host: "www.nodeloc.com", referrer: "https://www.nodeloc.com/"
2024/04/16 01:57:40 [warn] 59#0: *997 a client request body is buffered to a temporary file /usr/local/nginx/client_body_temp/0000001088, client: 172.64.236.126, server: www.nodeloc.com, request: "POST / HTTP/1.1", host: "www.nodeloc.com", referrer: "https://www.nodeloc.com/"
2024/04/16 01:57:41 [warn] 62#0: *447 a client request body is buffered to a temporary file /usr/local/nginx/client_body_temp/0000001089, client: 172.64.236.90, server: www.nodeloc.com, request: "POST / HTTP/1.1", host: "www.nodeloc.com", referrer: "https://www.nodeloc.com/"
2024/04/16 01:57:41 [warn] 59#0: *1242 a client request body is buffered to a temporary file /usr/local/nginx/client_body_temp/0000001090, client: 172.64.236.90, server: www.nodeloc.com, request: "POST / HTTP/1.1", host: "www.nodeloc.com", referrer: "https://www.nodeloc.com/"
2024/04/16 01:57:41 [warn] 59#0: *723 a client request body is buffered to a temporary file /usr/local/nginx/client_body_temp/0000001091, client: 172.64.236.158, server: www.nodeloc.com, request: "POST / HTTP/1.1", host: "www.nodeloc.com", referrer: "https://www.nodeloc.com/"
2024/04/16 01:57:41 [warn] 59#0: *480 a client request body is buffered to a temporary file /usr/local/nginx/client_body_temp/0000001092, client: 172.64.236.45, server: www.nodeloc.com, request: "POST / HTTP/1.1", host: "www.nodeloc.com", referrer: "https://www.nodeloc.com/"
Nodeloc本身就是套了 cf 了,请求里边收到 cf 的请求,显示是被小人使用了 warp 在不停的发包攻击。
解决这种攻击的方式很简单,把 CF 段整个拉黑就好了。
在 CF 的waf中,把 ASN = 13335
的全部拉黑。
问题解决了。