怎么防止恶意扫描

ysx24

查看服务器日志发现大量扫描/forum.php?mod=attachment开头的URL，光这个扫描记录好长好长下拉都拉不完，问题访问的ip很少有重复的，很多的ip

虽然都被拦截了但也大量消耗资源引起网站卡顿延迟

怎么设置论坛未登录用户尝试访问附件下载路径 /forum.php?mod=attachment&aid=
开头自动封禁ip N小时
截取的片段：

1. 
   
2. mod=attachment&aid=MzQzfDA3NTUwNTg4fDE3NDE5MjAzMTd8MHw2Mg%3D%3D HTTP/2.0", upstream: "fastcgi://unix:/tmp/php-cgi-74.sock:", host: "www.nexora.net" 2025/03/14 12:55:41 [error] 993330#0: *44123 upstream prematurely closed FastCGI request while reading upstream, client: 113.103.140.245, server: www.nexora.net, request: "GET /forum.php?mod=attachment&aid=MzQzfDA3NTUwNTg4fDE3NDE5MjAzMTd8MHw2Mg%3D%3D HTTP/2.0", upstream: "fastcgi://unix:/tmp/php-cgi-74.sock:", host: "www.nexora.net" 2025/03/14 12:55:42 [error] 993330#0: *44105 upstream prematurely closed FastCGI request while reading upstream, client: 113.103.140.245, server: www.nexora.net, request: "GET /forum.php?mod=attachment&aid=MzQzfDA3NTUwNTg4fDE3NDE5MjAzMTd8MHw2Mg%3D%3D HTTP/2.0", upstream: "fastcgi://unix:/tmp/php-cgi-74.sock:", host: "www.nexora.net" 2025/03/14 13:13:34 [error] 993330#0: *44782 upstream prematurely closed FastCGI request while reading upstream, client: 183.166.136.44, server: www.nexora.net, request: "GET /forum.php?mod=attachment&aid=MzQzfDBlMTQwZmNkfDE3NDE5MjkxNTd8MHw2Mg%3D%3D HTTP/2.0", upstream: "fastcgi://unix:/tmp/php-cgi-74.sock:", host: "www.nexora.net" 2025/03/14 13:13:37 [error] 993330#0: *44792 upstream prematurely closed FastCGI request while reading upstream, client: 183.166.136.44, server: www.nexora.net, request: "GET /forum.php?mod=attachment&aid=MzQzfDBlMTQwZmNkfDE3NDE5MjkxNTd8MHw2Mg%3D%3D HTTP/2.0", upstream: "fastcgi://unix:/tmp/php-cgi-74.sock:", host: "www.nexora.net" 2025/03/14 13:35:07 [error] 993330#0: *45579 upstream prematurely closed FastCGI request while reading upstream, client: 180.119.26.92, server: www.nexora.net, request: "GET /forum.php?mod=attachment&aid=MzQzfDgxMTA5MzkzfDE3NDE5MjU4Mjd8MHw2Mg%3D%3D HTTP/2.0", upstream: "fastcgi://unix:/tmp/php-cgi-74.sock:", host: "www.nexora.net" 2025/03/14 14:45:29 [error] 993330#0: *48350 upstream prematurely closed FastCGI request while reading upstream, client: 112.194.91.181, server: www.nexora.net, request: "GET /forum.php?mod=attachment&aid=MzQzfDlmNDJlYjY5fDE3NDE5MzQ3Mjh8MHw2Mg%3D%3D HTTP/2.0", upstream: "fastcgi://unix:/tmp/php-cgi-74.sock:", host: "www.nexora.net" 2025/03/14 15:43:28 [error] 1259602#0: *50444 upstream prematurely closed FastCGI request while reading upstream, client: 183.166.136.99, server: www.nexora.net, request: "GET /forum.php?mod=attachment&aid=MzQzfGFmZGI0YWUzfDE3NDE5MzgyMDB8MHw2Mg%3D%3D HTTP/2.0", upstream: "fastcgi://unix:/tmp/php-cgi-74.sock:", host: "www.nexora.net" 2025/03/14 15:43:35 [error] 1259602#0: *50449 upstream prematurely closed FastCGI request while reading upstream, client: 183.166.136.99, server: www.nexora.net, request: "GET /forum.php?mod=attachment&aid=MzQzfGFmZGI0YWUzfDE3NDE5MzgyMDB8MHw2Mg%3D%3D HTTP/2.0", upstream: "fastcgi://unix:/tmp/php-cgi-74.sock:", host: "www.nexora.net"

复制代码

我知道答案 回答被采纳将会获得1 贡献 已有7人回答

bug八阿哥

宝塔有免费的防火墙 开启UA拦截 禁止海外【最好是从域名解析那边禁止海外】

ysx24

bug八阿哥 发表于 2025-3-14 22:23
宝塔有免费的防火墙 开启UA拦截 禁止海外【最好是从域名解析那边禁止海外】 ...

早封禁国外一年多了，都是国内的
我在研究看是用nginx实现还是利用dz自带功能修改代码实现

bug八阿哥

这是被爬了吧

ysx24

bug八阿哥 发表于 2025-3-14 22:54
这是被爬了吧

无所谓了
已经把日志中的所有IP利用ai全部提取出来，不管是扫描器或者是爬虫，只要带mod=attachment路径的，直接拎出来甩手全部扔进防火墙ip黑名单了，即便是爬虫也是不遵守robots.txt协议无视User-agent: *

另外现在的大环境已经不靠SEO了

skyer

你在这里问这个问题就是多余

ysx24

skyer 发表于 2025-3-16 04:47
你在这里问这个问题就是多余

已经解决
source/module/forum/forum_attachment.php
增加判断逻辑代码
source/function/function_core.php
文件增加
添加全局函数，用于自动封禁 IP 并记录日志，配合nginx设置，完成

回应你说的多余问题
另外我问的不是discuz问题么，为什么叫多余？
如果是经常解答问题的开发者这么说我无话可说 欣然接受，但你也是平等身份这么说不合适吧(Brain-dead)😂

无言以对2012

ysx24 发表于 2025-3-16 13:22
已经解决
source/module/forum/forum_attachment.php
增加判断逻辑代码

能否详说下，我之前也遇到了，靠防火墙撑着，但拦截还是不够彻底