查看日志

如果重启后依然跑高的话及时下载wwwlogs日志,使用weblog工具分析确认是否存在恶意IP访问,在.htaccess屏蔽恶意IP,同时检查您的网站程序,确认是否可以在代码层面做优化,降低对服务器资源的消耗。

linux主机IISweb服务屏蔽IP

htaccess屏蔽IP:
https://help.aliyun.com/knowledge_detail/36226.html

如果根目录没有.htaccess 需要手动创建;

RewriteEngine on
RewriteBase /
Order Deny,Allow
Deny from [$Deny_IP1] 
Deny from [$Deny_IP_Segment] 

说明:
[$Deny_IP1]为需要屏蔽的IP地址,可添加多个要屏蔽的IP地址,中间用空格隔开。
[$Deny_IP_Segment]为需要屏蔽的IP地址段。

如果根目录已有.htaccess 可以在其中添加;

Order deny,allow
Allow from all
Deny from xxx.xxx.xxx.xxx
Deny from xxx.xxx.xxx

web日志如下

218.5.39.253 - - [21/Oct/2021:06:30:19 +0800] "GET /include/vdimgck.php HTTP/1.1" 403 221 "http://www.21mengxiang.com/include/vdimgck.php" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" "wh-aq8gahp03dclix2qrv7.my3w.com" "text/html" "/usr/home/wh-aq8gahp03dclix2qrv7/htdocs/include/vdimgck.php" 205
218.5.39.253 - - [21/Oct/2021:06:30:19 +0800] "GET /include/vdimgck.php HTTP/1.1" 403 221 "http://www.21mengxiang.com/include/vdimgck.php" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" "wh-aq8gahp03dclix2qrv7.my3w.com" "text/html" "/usr/home/wh-aq8gahp03dclix2qrv7/htdocs/include/vdimgck.php" 208
218.5.39.253 - - [21/Oct/2021:06:30:19 +0800] "GET /include/vdimgck.php HTTP/1.1" 403 221 "http://www.21mengxiang.com/include/vdimgck.php" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" "wh-aq8gahp03dclix2qrv7.my3w.com" "text/html" "/usr/home/wh-aq8gahp03dclix2qrv7/htdocs/include/vdimgck.php" 173
218.5.39.253 - - [21/Oct/2021:06:30:19 +0800] "GET /include/vdimgck.php HTTP/1.1" 403 221 "http://www.21mengxiang.com/include/vdimgck.php" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" "wh-aq8gahp03dclix2qrv7.my3w.com" "text/html" "/usr/home/wh-aq8gahp03dclix2qrv7/htdocs/include/vdimgck.php" 227
218.5.39.253 - - [21/Oct/2021:06:30:19 +0800] "POST /member/index_do.php HTTP/1.1" 403 221 "http://www.21mengxiang.com/member/index_do.php" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" "wh-aq8gahp03dclix2qrv7.my3w.com" "text/html" "/usr/home/wh-aq8gahp03dclix2qrv7/htdocs/member/index_do.php" 242
218.5.39.253 - - [21/Oct/2021:06:30:19 +0800] "GET /include/vdimgck.php HTTP/1.1" 403 221 "http://www.21mengxiang.com/include/vdimgck.php" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" "wh-aq8gahp03dclix2qrv7.my3w.com" "text/html" "/usr/home/wh-aq8gahp03dclix2qrv7/htdocs/include/vdimgck.php" 191

windows主机IISweb服务屏蔽IP

asp屏蔽ip,将以下代码添加到一个conn.asp的文件中,然后在每个页面中引用即可。

<%
 requestIP = request.ServerVariables("REMOTE\_ADDR")   '这是访问这个页面的IP
IP   = "127.0.0.1|qq.com|192.168.1.1"    '这是要禁止访问网站的IP,用“|”隔开
trueURL  = "[http://www.baidu.com]"        '可以访问的IP跳转到
falseURL = "[http://www.qq.com]"       '不可以访问的IP跳转到
ipArr  = split(IP,"|")
flag  = false
for i=0 to ubound(ipArr)
 if requestIP=ipArr(i) then
  flag=true
 exit for
 end if
next
if flag then
 response.Redirect(falseURL)
else
 response.Redirect(trueURL)
end if
%>

windows主机IIS web服务屏蔽IP方法二

将以下代码复制另存为web.config文件,其中的IP可以替换和增加为需要屏蔽的IP,支持IP段屏蔽,上传到网站根目录即可生效。(仅限windows IIS系统) 需要屏蔽的IP地址只需要在文件中增加一行 保存即可。

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<security>
<ipSecurity allowUnlisted="true">
<clear/>
<add ipAddress="127.0.0.1"/>
<add ipAddress="127.255.255.0" subnetMask="255.255.255.0"/>
</ipSecurity>
</security>
</system.webServer>
</configuration>

然后把上面其中的代码另存为IP.asp文件,然后用下面方法在asp程序页面加入下面代码即可`

<!-- #include file="IP.asp" -->

web.log 可使用 Notepad++ 和 weblog工具分析