标题: 阿里云虚拟主机CPU占用100%,后台log提取与分析 [打印本页]
作者: 523066680 时间: 2019-1-31 16:06 标题: 阿里云虚拟主机CPU占用100%,后台log提取与分析
本帖最后由 523066680 于 2019-1-31 16:17 编辑
对网络还是太多的不了解,今天登陆后台发现CPU被刷爆了。但是我的网站又没什么人,哪个蛋疼的会去搞事?
通过后台了解到可以在wwwlogs目录获取日志,自己分析。
所以我写了一份Perl脚本分析 Log 日志(从zip中提取)- =info
- 提取阿里云虚拟机日志信息,数据排序
- 按主地址(前三段)的请求次数排序,并列出最后一节地址列表/Agent信息
- 523066680/vicyang
- 2019-01
- =cut
- use Modern::Perl;
- use Archive::Zip qw( :ERROR_CODES :CONSTANTS );
- use File::Slurp;
- use Encode;
- STDOUT->autoflush(1);
-
- my $zip = Archive::Zip->new();
- $zip->read( 'log20190131.zip' );
-
- my @fdata;
- for my $m ( $zip->members ) {
- say $m->fileName;
- push @fdata, [split /\r?\n/, $m->contents];
- }
-
- my %hash;
- for my $s ( @{$fdata[0]}, @{$fdata[1]} )
- {
- #next unless $s=~/31\/Jan\/2019/;
- die unless $s=~/([\d\.]+)\.(\d+)[ -]+.*"(.*)" xyu3241/;
- if (exists $hash{$1}) {
- $hash{$1}{ip}{$2} = 1;
- $hash{$1}{times}++;
- } else {
- $hash{$1}{times} = 1;
- $hash{$1}{agent} = $3;
- $hash{$1}{ip} = {$2, 1};
- }
- }
-
- my @sortkeys = sort { $hash{$a}{times} <=> $hash{$b}{times} } keys %hash;
- for my $e (@sortkeys)
- {
- printf "IP: %12s, times:%3d - %s\n",
- $e,
- #$hash{$e}{times}, $hash{$e}{agent};
- $hash{$e}{times}, join(",", sort { $a <=> $b } keys %{$hash{$e}{ip}});
- }
- __END__
- ```
- 220.181.108.119 - - [31/Jan/2019:03:28:49 +0800] \
- "GET /ucp.php?mode=register HTTP/1.1" 200 4795 "-" \
- "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" \
- xyu3241540001.my3w.com text/html "/usr/home/xyu3241540001/htdocs/ucp.php" 502988
- ```
复制代码
得到发起请求最多的几个地址段(最右的数字是ip最后一节地址列表,说明改IP段有多个子IP在发请求):- IP: 220.181.108, times:440 - 75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,99,100,101,102,103,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,144,145,146,147,149,155,156,157,158,159,160,161,162,163,165,166,167,168,169,174,175,176,177,178,179,180,181,182,183,184,185,186,187
- IP: 123.125.71, times:477 - 12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,36,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,60,74,75,76,77,78,79,85,86,87,88,89,90,91,92,94,95,96,97,98,99,100,105,106,107,108,109,110,111,112,113,114,115,116,117
- IP: 216.244.66, times:506 - 250
- IP: 42.236.10, times:1763 - 70,71,72,73,74,75,76,77,78,79,81,82,83,84,88,89,90,91,98,100,103,104,105,107,108,109,110,112,113,116,120,121,122,123
复制代码
列出 agent 信息- IP: 220.181.108, times:440 - Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)
- IP: 123.125.71, times:477 - Mozilla/5.0 (iPhone; CPU iPhone OS 8_0 like Mac OS X) AppleWebKit/600.1.3 (KHTML, like Gecko) Version/8.0 Mobile/12A4345d Safari/600.1.4
- IP: 216.244.66, times:506 - Mozilla/5.0 (compatible; DotBot/1.1; http://www.opensiteexplorer.org/dotbot, help@moz.com)
- IP: 42.236.10, times:1763 - Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36; 360Spider
复制代码
看来应该就是蛋疼的 360Spider ……
欢迎光临 批处理之家 (http://bbs.bathome.net/) |
Powered by Discuz! 7.2 |