网络攻击与意外关机的检查报告
近日我站连续遭遇DDOS/扫段/爆破/流量攻击,UTC伦敦时间今日下午3时,服务器意外关机。
相关日志:
[syslog]
Jan 11 09:52:16 c171125 systemd[1]: Stopped target Timers.
Jan 11 09:52:16 c171125 systemd[1]: Stopped Daily apt upgrade and clean activities.
Jan 11 09:52:16 c171125 systemd[1]: Stopped Daily apt download activities.
Jan 11 09:52:16 c171125 systemd[1]: Stopped target Graphical Interface.
Jan 11 09:52:16 c171125 systemd[1]: Stopped target Multi-User System.
[daemon.log]
Jan 11 09:52:16 c171125 systemd[1]: Stopped target Timers.
Jan 11 09:52:16 c171125 systemd[1]: Stopped Daily apt upgrade and clean activities.
Jan 11 09:52:16 c171125 systemd[1]: Stopped Daily apt download activities.
Jan 11 09:52:16 c171125 systemd[1]: Stopped target Graphical Interface.
Jan 11 09:52:16 c171125 systemd[1]: Stopped target Multi-User System.
[php7.2-fpm.log]
[11-Jan-2018 09:52:16] NOTICE: Terminating ...
[11-Jan-2018 09:52:16] NOTICE: exiting, bye-bye!
[mysql/error.log]
2018-01-11 9:52:16 139665407809280 [Note] /usr/sbin/mysqld: Normal shutdown
2018-01-11 9:52:16 139665407809280 [Note] Event Scheduler: Purging the queue. 0 events
2018-01-11 9:52:17 139664816051968 [Note] InnoDB: FTS optimize thread exiting.
2018-01-11 9:52:17 139665407809280 [Note] InnoDB: Starting shutdown...
2018-01-11 9:52:18 139665407809280 [Note] InnoDB: Waiting for page_cleaner to finish flushing of buffer pool
2018-01-11 9:52:18 139665407809280 [Note] InnoDB: Shutdown completed; log sequence number 1616849
2018-01-11 9:52:18 139665407809280 [Note] /usr/sbin/mysqld: Shutdown complete
检查结果:
[1] 月内日均正常访客1000人左右,DDOS攻击来源:中国(18次),俄国(6次),美国(2次),法国(1次)。
[2] Kusanagi大佬反馈的SESSION意外退出问题已查明,为systemd守护进程的自动清理机制,并无安全问题,考虑调整配置频率。
[3] 关机为计划指令,询问IDC得知为CPU打布丁导致重启,并非异常情况。
[4] 流量来源已查清,为持续SYN洪水攻击,已被防火墙阻挡。
[5] 由于Cloudflare效果不佳,全站回源,改用dns.he.net。
C
500px Pixiv M.R.Z Gerley 脑浆物语 霖博客 Jet 设计笔记 Yefz 灰常记忆 乐亦人生 拔剑舞 云破天开 秋日 蠢妖 Yoooo X小窝 月宅酱 屌丝论坛 归·程