网站访问日志一直出现HTTP 408 错误的原因以及屏蔽一些恶意扫描网站漏洞的ip

bbs的一个网站日志里一直出现408，偶尔出现几个还算正常，奇怪的问题，一下子出现几百甚至几千个。

不知道这些408访问是怎么产生的，没有访问来路也没有请求浏览器信息，就是408，每天都有很多，至少几十个。

网站日志样本如下

49.7.20.81 - - [22/Sep/2021:20:04:55 +0800] "-" 408 - "-" "-"

49.7.20.155 - - [22/Sep/2021:20:17:15 +0800] "-" 408 - "-" "-"

192.241.221.8 - - [22/Sep/2021:20:26:31 +0800] "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1" 404 258 "-" "Mozilla/5.0 zgrab/0.x"

49.7.20.140 - - [22/Sep/2021:20:27:26 +0800] "-" 408 - "-" "-"

123.183.224.29 - - [22/Sep/2021:20:27:48 +0800] "-" 408 - "-" "-"

49.7.20.155 - - [22/Sep/2021:20:50:35 +0800] "-" 408 - "-" "-"

49.7.20.114 - - [22/Sep/2021:20:52:18 +0800] "-" 408 - "-" "-"

49.7.20.81 - - [22/Sep/2021:20:54:21 +0800] "-" 408 - "-" "-"

49.7.20.140 - - [22/Sep/2021:21:02:30 +0800] "-" 408 - "-" "-"

123.183.224.66 - - [22/Sep/2021:21:33:53 +0800] "-" 408 - "-" "-"

维基百科上都有说的。这个信息表明有人以较慢的速度在向你的服务器发送请求。可能原因是：

用户在手动输入数据

用户的网络慢死了

用户想通过这种方式进行 DoS 攻击

用户的程序出错了

后边的「from:-」不知道是什么字段。大概是 UserAgent？

其中192.241.221.8 - - [22/Sep/2021:20:26:31 +0800] "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1" 404 258 "-" "Mozilla/5.0 zgrab/0.x"是网站漏洞扫描，可以直接屏蔽掉ip即可。

样本2：

101.36.109.176 - - [22/Sep/2021:18:38:10 +0800] "GET /index/index/andiro HTTP/1.1" 301 315 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:09 +0800] "GET /api/content_bottom HTTP/1.1" 301 315 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:04 +0800] "GET /home/GetQrCodeInfo HTTP/1.1" 301 315 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:09 +0800] "GET /legal/currency/set HTTP/1.1" 301 315 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:01 +0800] "GET /Home/Get/getJnd28 HTTP/1.1" 301 314 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:10 +0800] "GET /room/script/face.js HTTP/1.1" 301 316 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:10 +0800] "GET /public/img/cz1.png HTTP/1.1" 301 315 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:01 +0800] "GET /views/home/home.js HTTP/1.1" 301 315 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:09 +0800] "GET /Home/GetInitSource HTTP/1.1" 301 315 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:01 +0800] "GET /statics/js/API.js HTTP/1.1" 301 314 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:10 +0800] "GET /api/v1/member/kefu HTTP/1.1" 301 315 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:18 +0800] "POST /api/app/config_new HTTP/1.1" 301 315 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:12 +0800] "POST /wap/banner/details HTTP/1.1" 301 315 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:18 +0800] "GET /Public/css/hall.css HTTP/1.1" 301 316 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:19 +0800] "GET /skin/main/onload.js HTTP/1.1" 301 316 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:20 +0800] "GET /api/site/getInfo.do HTTP/1.1" 301 316 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:36 +0800] "GET /static/guide/ab.css HTTP/1.1" 301 316 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:33 +0800] "GET /room/getRoomBangFans HTTP/1.1" 301 317 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:33 +0800] "GET /api/message/webInfo HTTP/1.1" 301 316 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:33 +0800] "GET /Content/favicon.ico HTTP/1.1" 301 316 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:39 +0800] "GET /Recruit/download_url HTTP/1.1" 301 317 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

101.36.109.176 - - [22/Sep/2021:18:38:46 +0800] "POST /api/user/mobilelogin HTTP/1.1" 301 317 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"

出现这个情况是有人通过工具或者软件扫描你的网站有没有漏洞，想黑你的网站。针对怀有恶意的ip,我们就毫不犹豫的拉黑它或者屏蔽ip。

整理的一些需要屏蔽的ip分类如下

网站漏洞扫描ip:

101.36.109.176

192.241.221.8

扫描网站文件类型zip,rar