假墙攻击的鉴别和解决办法

指点云用户44 发表于 2022-7-26 11:52:34

<p style="box-sizing: border-box; padding: 0px; margin-top: 0px; margin-bottom: 0px; color: rgb(102, 102, 102); white-space: normal; background-color: rgb(255, 255, 255); font-family: Microsoft YaHei; font-size: 13.3333px;">假墙攻击是2021年3月左右出现的一种攻击技术，主要是利用、触发GFW的临时封禁策略，致使境外IP被临时封禁。<p style="box-sizing: border-box; padding: 0px; margin-top: 0px; margin-bottom: 0px; color: rgb(102, 102, 102); white-space: normal; background-color: rgb(255, 255, 255); font-family: Microsoft YaHei; font-size: 13.3333px;">假墙攻击目前较多的为部分广告联盟为强迫使其站点接入他们的广告，或专门做敲诈勒索的团伙。<p style="box-sizing: border-box; padding: 0px; margin-top: 0px; margin-bottom: 0px; color: rgb(102, 102, 102); white-space: normal; background-color: rgb(255, 255, 255); font-family: Microsoft YaHei; font-size: 13.3333px;">如果不持续攻击，单次GFW封禁周期大约2～4小时，之后会自动解除封禁；<p style="box-sizing: border-box; padding: 0px; margin-top: 0px; margin-bottom: 0px; color: rgb(102, 102, 102); white-space: normal; background-color: rgb(255, 255, 255); font-family: Microsoft YaHei; font-size: 13.3333px;"> <p style="box-sizing: border-box; padding: 0px; margin-top: 0px; margin-bottom: 0px; color: rgb(102, 102, 102); white-space: normal; background-color: rgb(255, 255, 255); font-family: Microsoft YaHei; font-size: 13.3333px;">怎么判断是否被针墙或假墙攻击？ 如果你的网站频繁出现甚至长时间的无法访问，自查发现域名解析正常、WEB服务正常、国外访问正常(<a href="https://check-host.net/check-http?host=lanmicloud.com" target="_blank" rel="noopener" style="box-sizing: border-box; padding: 0px; margin: 0px; transition: all 0.2s ease 0s; outline: none; text-decoration-line: none; color: rgb(255, 0, 0); cursor: pointer;">国外HTTP测速</a>)、<a href="https://www.boce.com/wall/lanmicloud.com" target="_blank" rel="noopener" style="box-sizing: border-box; padding: 0px; margin: 0px; transition: all 0.2s ease 0s; outline: none; text-decoration-line: none; color: rgb(255, 0, 0); cursor: pointer;">域名没有被墙</a>、<a href="https://www.boce.com/pollute/lanmicloud.com" target="_blank" rel="noopener" style="box-sizing: border-box; padding: 0px; margin: 0px; transition: all 0.2s ease 0s; outline: none; text-decoration-line: none; color: rgb(255, 0, 0); cursor: pointer;">也没有被</a><p style="box-sizing: border-box; padding: 0px; margin-top: 0px; margin-bottom: 0px; color: rgb(102, 102, 102); white-space: normal; background-color: rgb(255, 255, 255); font-family: Microsoft YaHei; font-size: 13.3333px;"><a href="https://www.boce.com/pollute/lanmicloud.com" target="_blank" rel="noopener" style="box-sizing: border-box; padding: 0px; margin: 0px; transition: all 0.2s ease 0s; outline: none; text-decoration-line: none; color: rgb(255, 0, 0); cursor: pointer;">污染</a>，但是服务器的<a href="https://www.dnspod.cn/tech/lanmicloud.com" target="_blank" rel="noopener" style="box-sizing: border-box; padding: 0px; margin: 0px; transition: all 0.2s ease 0s; outline: none; text-decoration-line: none; color: rgb(255, 0, 0); cursor: pointer;">80端口无法访问</a>，那么基本上是受到了GFW真墙屏蔽或假墙攻击。<p style="box-sizing: border-box; padding: 0px; margin-top: 0px; margin-bottom: 0px; color: rgb(102, 102, 102); white-space: normal; background-color: rgb(255, 255, 255); font-family: Microsoft YaHei; font-size: 13.3333px;"> <p style="box-sizing: border-box; padding: 0px; margin-top: 0px; margin-bottom: 0px; color: rgb(102, 102, 102); white-space: normal; background-color: rgb(255, 255, 255); font-family: Microsoft YaHei; font-size: 13.3333px;">检测网址：检查国内访问情况以及域名是否被墙、被劫持，DNS是否被污染。<p style="box-sizing: border-box; padding: 0px; margin-top: 0px; margin-bottom: 0px; color: rgb(102, 102, 102); white-space: normal; background-color: rgb(255, 255, 255); font-family: Microsoft YaHei; font-size: 13.3333px;"><a href="https://www.boce.com/" style="box-sizing: border-box; padding: 0px; margin: 0px; transition: all 0.2s ease 0s; outline: none; text-decoration-line: none; color: rgb(42, 48, 59); cursor: pointer;">https://www.boce.com</a> 网站测速(HTTP测速)<p style="box-sizing: border-box; padding: 0px; margin-top: 0px; margin-bottom: 0px; color: rgb(102, 102, 102); white-space: normal; background-color: rgb(255, 255, 255); font-family: Microsoft YaHei; font-size: 13.3333px;">状态一列非000状态均为正常；如果使用CloudFlare、CDN等多IP业务，出现个别IP全国都不通(不是所有IP被墙)，则可能是共用该IP的其他域名受到<p style="box-sizing: border-box; padding: 0px; margin-top: 0px; margin-bottom: 0px; color: rgb(102, 102, 102); white-space: normal; background-color: rgb(255, 255, 255); font-family: Microsoft YaHei; font-size: 13.3333px;">了假墙攻击导致共用IP被墙，并非本站受到攻击。<p style="box-sizing: border-box; padding: 0px; margin-top: 0px; margin-bottom: 0px; color: rgb(102, 102, 102); white-space: normal; background-color: rgb(255, 255, 255); font-family: Microsoft YaHei; font-size: 13.3333px;">*表示域名未解析或服务器IP无响应；<p style="box-sizing: border-box; padding: 0px; margin-top: 0px; margin-bottom: 0px; color: rgb(102, 102, 102); white-space: normal; background-color: rgb(255, 255, 255); font-family: Microsoft YaHei; font-size: 13.3333px;">127.0.0.1 或其他非自己服务器IP的境内IP 表示该地区该运营商劫持了该域名，需要找运营商申诉，或放弃该域名不再续费使用；<p style="box-sizing: border-box; padding: 0px; margin-top: 0px; margin-bottom: 0px; color: rgb(102, 102, 102); white-space: normal; background-color: rgb(255, 255, 255); font-family: Microsoft YaHei; font-size: 13.3333px;">如果大多地区无法解析或解析到 FaceBook Google Twitter等国外IP，则为污染，基本无解，需要走监管部门会议流程申请、审批；<p style="box-sizing: border-box; padding: 0px; margin-top: 0px; margin-bottom: 0px; color: rgb(102, 102, 102); white-space: normal; background-color: rgb(255, 255, 255); font-family: Microsoft YaHei; font-size: 13.3333px;"><a href="https://www.dnspod.cn/tech/" target="_blank" rel="noopener" style="box-sizing: border-box; padding: 0px; margin: 0px; transition: all 0.2s ease 0s; outline: none; text-decoration-line: none; color: rgb(42, 48, 59); cursor: pointer;">https://www.dnspod.cn/tech/</a> 80 443 端口检查<p style="box-sizing: border-box; padding: 0px; margin-top: 0px; margin-bottom: 0px; color: rgb(102, 102, 102); white-space: normal; background-color: rgb(255, 255, 255); font-family: Microsoft YaHei; font-size: 13.3333px;"><a href="https://www.17ce.com/" target="_blank" rel="noopener" style="box-sizing: border-box; padding: 0px; margin: 0px; transition: all 0.2s ease 0s; outline: none; text-decoration-line: none; color: rgb(42, 48, 59); cursor: pointer;">https://www.17ce.com/</a> 有下载异常和 * 即无法正常访问网站；<p style="box-sizing: border-box; padding: 0px; margin-top: 0px; margin-bottom: 0px; color: rgb(102, 102, 102); white-space: normal; background-color: rgb(255, 255, 255); font-family: Microsoft YaHei; font-size: 13.3333px;"> <p style="box-sizing: border-box; padding: 0px; margin-top: 0px; margin-bottom: 0px; color: rgb(102, 102, 102); white-space: normal; background-color: rgb(255, 255, 255); font-family: Microsoft YaHei; font-size: 13.3333px;">GFW真墙屏蔽与假墙攻击的区别<p style="box-sizing: border-box; padding: 0px; margin-top: 0px; margin-bottom: 0px; color: rgb(102, 102, 102); white-space: normal; background-color: rgb(255, 255, 255); font-family: Microsoft YaHei; font-size: 13.3333px;">网站解析到任意境外IP后，马上使用 boce 或 17ce get 全国节点，进行多次测速，始终是无法访问，返回 000 状态，基本就是GFW真墙屏蔽；<p style="box-sizing: border-box; padding: 0px; margin-top: 0px; margin-bottom: 0px; color: rgb(102, 102, 102); white-space: normal; background-color: rgb(255, 255, 255); font-family: Microsoft YaHei; font-size: 13.3333px;">网站解析到任意境外IP后，马上使用 boce 或 17ce get 全国节点，进行多次测速，新的境外IP返回 200 状态，之后持续检测会在 200状态、000状态<p style="box-sizing: border-box; padding: 0px; margin-top: 0px; margin-bottom: 0px; color: rgb(102, 102, 102); white-space: normal; background-color: rgb(255, 255, 255); font-family: Microsoft YaHei; font-size: 13.3333px;">之间变化，或者持续为200状态码，则可能是被假墙攻击触发了GFW临时封禁了该境外IP。<p style="box-sizing: border-box; padding: 0px; margin-top: 0px; margin-bottom: 0px; color: rgb(102, 102, 102); white-space: normal; background-color: rgb(255, 255, 255); font-family: Microsoft YaHei; font-size: 13.3333px;"> <p style="box-sizing: border-box; padding: 0px; margin-top: 0px; margin-bottom: 0px; color: rgb(102, 102, 102); white-space: normal; background-color: rgb(255, 255, 255); font-family: Microsoft YaHei; font-size: 13.3333px;">防御假墙攻击的方法<p style="box-sizing: border-box; padding: 0px; margin-top: 0px; margin-bottom: 0px; color: rgb(102, 102, 102); white-space: normal; background-color: rgb(255, 255, 255); font-family: Microsoft YaHei; font-size: 13.3333px;">1、使用国内服务器IP：<p style="box-sizing: border-box; padding: 0px; margin-top: 0px; margin-bottom: 0px; color: rgb(102, 102, 102); white-space: normal; background-color: rgb(255, 255, 255); font-family: Microsoft YaHei; font-size: 13.3333px;">GFW设计的初衷是为了拦截境外IP 的网站及内容，国内到国内的线路访问不走GFW；<p style="box-sizing: border-box; padding: 0px; margin-top: 0px; margin-bottom: 0px; color: rgb(102, 102, 102); white-space: normal; background-color: rgb(255, 255, 255); font-family: Microsoft YaHei; font-size: 13.3333px;">使用国内服务器需要域名备案，如果需要国内高防服务器，可以联系客服开通。<p style="box-sizing: border-box; padding: 0px; margin-top: 0px; margin-bottom: 0px; color: rgb(102, 102, 102); white-space: normal; background-color: rgb(255, 255, 255); font-family: Microsoft YaHei; font-size: 13.3333px;"> <p style="box-sizing: border-box; padding: 0px; margin-top: 0px; margin-bottom: 0px; color: rgb(102, 102, 102); white-space: normal; background-color: rgb(255, 255, 255); font-family: Microsoft YaHei; font-size: 13.3333px;">2、被假墙攻击的域名套上CDN。<p style="box-sizing: border-box; padding: 0px; margin-top: 0px; margin-bottom: 0px; color: rgb(102, 102, 102); white-space: normal; background-color: rgb(255, 255, 255); font-family: Microsoft YaHei; font-size: 13.3333px;">业内不存在抗假墙CDN，只有上更多的IP硬抗的CDN，可以临时解决被假墙问题。 <link rel="stylesheet" href="//www.zhidianyun.cn/source/plugin/wcn_editor/public/wcn_editor_fit.css?v134_J5w" id="wcn_editor_css"/>

页: [1]

指点云社区's Archiver

假墙攻击的鉴别和解决办法