?Windows server具有事件日志記錄的功能,其IIS日志文件里記錄了包括下列信息
誰訪問了您的站點,訪問者查看了哪些內容等等
通過定期檢查這些日志文件,網站管理員可以檢測到服務器或站點的哪些方面易受攻擊或存在其他安全隱患
不過,目前的日志分析工具并不是很完善,有些功能并不具備,特別是針對某個Url地址進行攻擊的分析并不多,下面是一個VB Script程序,保存為VBS程序后可以在服務器上運行,用于分析和檢測IIS日志里針對某個URL地址進行攻擊的IP地址
'代碼開始targeturl = "/archives/2761.html" '受攻擊網站的URL地址
logfilepath = "C
\LogFiles\W3SVC\ex110813.log" '受攻擊網站的日志路徑
On Error Resume NextSet fileobj = CreateObject("scripting.filesystemobject")Set fileobj2 = CreateObject("scripting.filesystemobject")Set myfile = fileobj2.opentextfile(logfilepath, 1, False)Do While myfile.atendofstream <> Truemyline = myfile.readline()myline2 = Split(myline, " ")newip = myline2(9)myurl = myline2(5)If targeturl = myurl Thenwritelog newipEnd IfLoopmyfile.CloseSet fileobj2 = NothingMsgbox "結束."Sub writelog(errmes)ipfilename = "blockip.txt"Set logfile = fileobj.opentextfile(ipfilename, 8, True)logfile.writeline errmeslogfile.CloseSet logfile = NothingEnd Sub'代碼結束IIS日志分析出來的IP如果出現異常,可以通過程序,將其批量添加到IIS的屏蔽IP列表里,下面是網上找到的一段VBScript代碼,將其改名為vbs后,把上面那段程序的IP導入,即可批量屏蔽攻擊者的IP地址
'代碼開始'/*=========================================================================' * Intro VBScript使用ADSI為IIS批量添加屏蔽或允許訪問的IP' * FileName VBScript-ADSI-IIS-Add-Deny-Grant-IP-Change-MetaBase.xml.vbs' *==========================================================================*/'AddDenyIP2All "192.168.1.106,255.255.255.0"'AddDenyIP "123456","127.0.0.1"'AddDenyIP2All "14.113.226.116"'添加要屏蔽的IP或一組計算機,到一個指定站點上Sub AddDenyIP(strWebNo, strDenyIp)On Error Resume NextSet SecObj = GetObject("IIS
//LocalHost/W3SVC/" & strWebNo & "/Root")Set MyIPSec = SecObj.IPSecurityMyIPSec.GrantByDefault = TrueIPList = MyIPSec.IPDenyi = UBound(IPList) + 1ReDim Preserve IPList(i)IPList(i) = strDenyIpMyIPSec.IPDeny = IPListSecObj.IPSecurity = MyIPSecSecObj.SetinfoEnd Sub'添加要屏蔽的IP或一組計算機,到IIS公共配置,以應用到所有站點'如果之前對有些站點單獨做過屏蔽IP設置,在些設置不會生效,得在總的網站上設置一下,然后覆蓋所有子結點Sub AddDenyIP2All(strDenyIp)On Error Resume NextSet SecObj = GetObject("IIS://LocalHost/W3SVC")Set MyIPSec = SecObj.IPSecurityMyIPSec.GrantByDefault = TrueIPList = MyIPSec.IPDenyi = UBound(IPList) + 1ReDim Preserve IPList(i)IPList(i) = strDenyIpMyIPSec.IPDeny = IPListSecObj.IPSecurity = MyIPSecSecObj.SetinfoEnd Sub'添加允許的IP或一組計算機,到一個指定站點上Sub AddGrantIP(strWebNo, strGrantIp)On Error Resume NextSet SecObj = GetObject("IIS://LocalHost/W3SVC/" & strWebNo & "/Root")Set MyIPSec = SecObj.IPSecurityMyIPSec.GrantByDefault = FalseIPList = MyIPSec.IPGranti = UBound(IPList) + 1ReDim Preserve IPList(i)IPList(i) = strGrantIpMyIPSec.IPGrant = IPListSecObj.IPSecurity = MyIPSecSecObj.SetinfoEnd Sub'添加允許的IP或一組計算機,到IIS公共配置,以應用到所有站點'如果之前對有些站點單獨做過屏蔽IP設置,在些設置不會生效,得在總的網站上設置一下,然后覆蓋所有子結點Sub AddGrantIP2All(strGrantIp)On Error Resume NextSet SecObj = GetObject("IIS://LocalHost/W3SVC")Set MyIPSec = SecObj.IPSecurityMyIPSec.GrantByDefault = FalseIPList = MyIPSec.IPGranti = UBound(IPList) + 1ReDim Preserve IPList(i)IPList(i) = strGrantIpMyIPSec.IPGrant = IPListSecObj.IPSecurity = MyIPSecSecObj.SetinfoEnd Sub'顯示IIS公共配置里禁止訪問的IPSub ListDenyIP()Set SecObj = GetObject("IIS://LocalHost/W3SVC")Set MyIPSec = SecObj.IPSecurityIPList = MyIPSec.IPDeny 'IPGrant/IPDenyWScript.Echo Join(IPList, vbCrLf)' For i = 0 To UBound(IPList)' WScript.Echo i + 1 & "-->" & IPList(i)' NextEnd Sub來源:月光博客
請立即點擊咨詢我們或撥打咨詢熱線: 18942620423,我們會詳細為你一一解答你心中的疑難。項目經理在線
客服