IT教程 | 加入收藏 | 简体 | 繁体
SEO实战技巧:SEO搜索优化SEO实战技巧
当前位置: 首页 > SEO教程 > SEO实战技巧

站长要怎样分析Windows IIS日志文件

2011-08-31来源:[www.121ask.com]热度:0℃ 【字体:

  Windows server具有事件日志记录的功能,其IIS日志文件里记录了包括下列信息:谁访问了您的站点,访问者查看了哪些内容等等。通过定期检查这些日志文件,网站管理员可以检测到服务器或站点的哪些方面易受攻击或存在其他安全隐患。

  不过,目前的日志分析工具并不是很完善,有些功能并不具备,特别是针对某个URL地址进行攻击的分析并不多,下面是一个VB Script程序,保存为VBS程序后可以在服务器上运行,用于分析和检测IIS日志里针对某个URL地址进行攻击的IP地址。

  '代码开始

  targeturl = "/archives/2761.html" '受攻击网站的URL地址。

  logfilepath = "C:\LogFiles\W3SVC\ex110813.log" '受攻击网站的日志路径。

  On Error Resume Next

  Set fileobj = CreateObject("scripting.filesystemobject")

  Set fileobj2 = CreateObject("scripting.filesystemobject")

  Set myfile = fileobj2.opentextfile(logfilepath, 1, False)

  Do While myfile.atendofstream <> True

  myline = myfile.readline()

  myline2 = Split(myline, " ")

  newip = myline2(9)

  myurl = myline2(5)

  If targeturl = myurl Then

  writelog newip

  End If

  Loop

  myfile.Close

  Set fileobj2 = Nothing

  Msgbox "结束."

  Sub writelog(errmes)

  ipfilename = "blockip.txt"

  Set logfile = fileobj.opentextfile(ipfilename, 8, True)

  logfile.writeline errmes

  logfile.Close

  Set logfile = Nothing

  End Sub

  '代码结束

  分析出来的IP如果出现异常,可以通过程序,将其批量添加到IIS的屏蔽IP列表里,下面是网上找到的一段VBScript代码,将其改名为vbs后,把上面那段程序的IP导入,即可批量屏蔽攻击者的IP地址。[NextPage]

  '代码开始

  '/*=========================================================================

  ' * Intro VBScript使用ADSI为IIS批量添加屏蔽或允许访问的IP

  ' * FileName VBScript-ADSI-IIS-Add-Deny-Grant-IP-Change-MetaBase.xml.vbs

  ' *==========================================================================*/

  'AddDenyIP2All "192.168.1.106,255.255.255.0"

  'AddDenyIP "123456","127.0.0.1"

  'AddDenyIP2All "14.113.226.116"

  '添加要屏蔽的IP或一组计算机,到一个指定站点上

  Sub AddDenyIP(strWebNo, strDenyIp)

  On Error Resume Next

  Set SecObj = GetObject("IIS://LocalHost/W3SVC/" & strWebNo & "/Root")

  Set MyIPSec = SecObj.IPSecurity

  MyIPSec.GrantByDefault = True

  IPList = MyIPSec.IPDeny

  i = UBound(IPList) + 1

  ReDim Preserve IPList(i)

  IPList(i) = strDenyIp

  MyIPSec.IPDeny = IPList

  SecObj.IPSecurity = MyIPSec

  SecObj.Setinfo

  End Sub

  '添加要屏蔽的IP或一组计算机,到IIS公共配置,以应用到所有站点

  '如果之前对有些站点单独做过屏蔽IP设置,在些设置不会生效,得在总的网站上设置一下,然后覆盖所有子结点

  Sub AddDenyIP2All(strDenyIp)

  On Error Resume Next

  Set SecObj = GetObject("IIS://LocalHost/W3SVC")

  Set MyIPSec = SecObj.IPSecurity

  MyIPSec.GrantByDefault = True

  IPList = MyIPSec.IPDeny

  i = UBound(IPList) + 1

  ReDim Preserve IPList(i)

  IPList(i) = strDenyIp

  MyIPSec.IPDeny = IPList

  SecObj.IPSecurity = MyIPSec

  SecObj.Setinfo

  End Sub

  '添加允许的IP或一组计算机,到一个指定站点上

  Sub AddGrantIP(strWebNo, strGrantIp)

  On Error Resume Next

  Set SecObj = GetObject("IIS://LocalHost/W3SVC/" & strWebNo & "/Root")

  Set MyIPSec = SecObj.IPSecurity

  MyIPSec.GrantByDefault = False

  IPList = MyIPSec.IPGrant

  i = UBound(IPList) + 1

  ReDim Preserve IPList(i)

  IPList(i) = strGrantIp

  MyIPSec.IPGrant = IPList

  SecObj.IPSecurity = MyIPSec

  SecObj.Setinfo

  End Sub

  '添加允许的IP或一组计算机,到IIS公共配置,以应用到所有站点

  '如果之前对有些站点单独做过屏蔽IP设置,在些设置不会生效,得在总的网站上设置一下,然后覆盖所有子结点

  Sub AddGrantIP2All(strGrantIp)

  On Error Resume Next

  Set SecObj = GetObject("IIS://LocalHost/W3SVC")

  Set MyIPSec = SecObj.IPSecurity

  MyIPSec.GrantByDefault = False

  IPList = MyIPSec.IPGrant

  i = UBound(IPList) + 1

  ReDim Preserve IPList(i)

  IPList(i) = strGrantIp

  MyIPSec.IPGrant = IPList

  SecObj.IPSecurity = MyIPSec

  SecObj.Setinfo

  End Sub

  '显示IIS公共配置里禁止访问的IP

  Sub ListDenyIP()

  Set SecObj = GetObject("IIS://LocalHost/W3SVC")

  Set MyIPSec = SecObj.IPSecurity

  IPList = MyIPSec.IPDeny 'IPGrant/IPDeny

  WScript.Echo Join(IPList, vbCrLf)

  ' For i = 0 To UBound(IPList)

  ' WScript.Echo i + 1 & "-->" & IPList(i)

  ' Next

  End Sub

以上IT文章《站长要怎样分析Windows IIS日志文件》由名客技术网[www.121ask.com]提供阅读!
推广信息
推广信息
名客技术网是一个免费为广大IT技术人员提供IT教程,绿色软件,asp/php/jsp/java/net等实例视频教程,CMS教程,破解软件下载以及学习相关源码、知识的IT网站。
名客技术网如果无意之中侵犯了您的版权,请来电告知,本站将在3个工作日内删除 QQ:175352796
Copyright 2011-2017 Powered by 121ASK.COM, All Rights Reserved.
备案号:鄂ICP备11013833号-3