求救:屏蔽爬虫试了 2 天,没成功

查看 54|回复 6
作者:cokyhe   
一台 10 年的老服务器,最近 bingbot 疯狂刷流量,用$http_user_agent 为啥屏蔽不了...
nginx 日志里 N 多类似这样的记录:
172.68.244.177 - - [04/Aug/2024:04:04:10 -0400] "GET /find-app/%E0%B8%AD%E0%B8%B2%E0%B8%8A%E0%B8%B5%E0%B8%9E%E0%B8%82%E0%B8%AD%E0%B8%87%E0%B8%8A%E0%B8%B2%E0%B8%A7%E0%B8%AB%E0%B8%A7%E0%B8%B9%E0%B9%88%E0%B8%AB%E0%B8%A5%E0%B8%B4%E0%B8%87%E0%B8%84%E0%B8%B7%E0%B8%AD%E0%B8%81%E0%B8%B2%E0%B8%A3%E0%B8%95%E0%B8%81%E0%B8%9B%E0%B8%A5%E0%B8%B2%E3%80%90ta777.me%E3%80%91%E0%B8%AD%E0%B8%B2%E0%B8%8A%E0%B8%B5%E0%B8%9E%E0%B8%82%E0%B8%AD%E0%B8%87%E0%B8%8A%E0%B8%B2%E0%B8%A7%E0%B8%AB%E0%B8%A7%E0%B8%B9%E0%B9%88%E0%B8%AB%E0%B8%A5%E0%B8%B4%E0%B8%87%E0%B8%84%E0%B8%B7%E0%B8%AD%E0%B8%81%E0%B8%B2%E0%B8%A3%E0%B8%95%E0%B8%81%E0%B8%9B%E0%B8%A5%E0%B8%B2%E3%80%90ta777.me%E3%80%91w7t?page=2 HTTP/1.1" 403 571 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) Chrome/116.0.1938.76 Safari/537.36" 52.167.144.211
172.71.222.36 - - [04/Aug/2024:04:04:10 -0400] "GET /find-app/%E6%B9%96%E5%8D%97%E6%B0%B4%E5%88%A9%E6%B0%B4%E7%94%B5%E8%81%8C%E4%B8%9A%E6%8A%80%E6%9C%AF%E5%AD%A6%E9%99%A2%E6%AF%95%E4%B8%9A%E8%AF%81%E6%A0%B7%E6%9C%AC%E5%9B%BE%E7%89%87%E2%8F%A9%E5%8A%9E%E7%90%86%E7%BD%91zhengjian.shop%E2%8F%AA-%E5%93%AA%E9%87%8C%E4%B9%B0%E6%B9%96%E5%8D%97%E6%B0%B4%E5%88%A9%E6%B0%B4%E7%94%B5%E8%81%8C%E4%B8%9A%E6%8A%80%E6%9C%AF%E5%AD%A6%E9%99%A2%E6%AF%95%E4%B8%9A%E8%AF%81%E6%A0%B7%E6%9C%AC%E5%9B%BE%E7%89%87%F0%9F%8C%9F%E5%8A%9E%E8%AF%81%E7%BD%91zhengjian.shop%F0%9F%8C%9F-%E5%BC%A0%E5%AE%B6%E6%B8%AF%E6%B9%96%E5%8D%97%E6%B0%B4%E5%88%A9%E6%B0%B4%E7%94%B5%E8%81%8C%E4%B8%9A%E6%8A%80%E6%9C%AF%E5%AD%A6%E9%99%A2%E6%AF%95%E4%B8%9A%E8%AF%81%E6%A0%B7%E6%9C%AC%E5%9B%BE%E7%89%87%E5%93%AA%E9%87%8C%E6%9C%89-%E5%93%AA%E9%87%8C%E5%8A%9E%E6%B9%96%E5%8D%97%E6%B0%B4%E5%88%A9%E6%B0%B4%E7%94%B5%E8%81%8C%E4%B8%9A%E6%8A%80%E6%9C%AF%E5%AD%A6%E9%99%A2%E6%AF%95%E4%B8%9A%E8%AF%81%E6%A0%B7%E6%9C%AC%E5%9B%BE%E7%89%87Q5?page=3 HTTP/1.1" 403 571 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) Chrome/116.0.1938.76 Safari/537.36" 52.167.144.211
以下是完整配置
server
    {
          listen       80;
          listen     443 ssl;
          #
    ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
    ##    ssl_session_timeout  5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers   on;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
    ## enable HSTS including subdomains
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
          server_name  domain.com www.domain.com;
          index index.html index.htm index.php;
          root  /opt/htdocs/www.domain.com/public;
          #301
          if ($host = 'domain.com') {
                  rewrite ^/(.*)$ https://www.domain.com/$1 permanent;
          }
#location ~ /find-app {
        if ($http_user_agent ~* "bingbot|AhrefsBot") {
return 403;
}
#}
          location / {
          try_files $uri $uri/ /index.php?$query_string;
      }
      #申请 let’s Encrypt SSL 用
      location ~ /.well-known {
              allow all;
      }
          if (!-e $request_filename) {
          }
          location ~ .*\.(php|php5)?$
          {
            #fastcgi_pass  unix:/tmp/php-cgi.sock;
            fastcgi_pass  127.0.0.1:9000;
            fastcgi_index index.php;
            include fcgi.conf;
          }
          location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
          {
            expires      30d;
          }
          location ~ .*\.(js|css)?$
          {
            expires      15d;
          }
          access_log  /data0/logs/domain.log  access;
    }
Xusually   
屏蔽成功了呀 你贴的两条日志 status code 都是 403 ,说明你规则生效了。
ZhilingQwQ   
为什么不用 robots.txt 呢
unidotnet   
为什么不用 robots.txt 呢 +1
cokyhe
OP
  
日志里是 403 了,但是对应的 php 代码确还在执行,cpu 狂飙,我再查查吧,谢谢楼上的兄弟
julyclyde   
@cokyhe 按说 return403 就是最终结果了吧,不至于再去 fastcgi_pass 一次吧?
AkaGhost   
bingbot 遵守 robots.txt ,直接用 robots.txt 告诉 bingbot 别来爬网了就行
您需要登录后才可以回帖 登录 | 立即注册

返回顶部