Skip to main content
  • Create new account
  • Reset your password
张文涛的个人博客
致力于提供Drupal开发,实践等方面的精品资讯

Main navigation

  • 首页
  • 关于
  • Glossary
  • 分享

Breadcrumb

  • Home

记录一次解决Drupal站点用户恶意注册的过程

By admin | 10:57 AM CST, Thu May 14, 2015

背景:

  在一个电子商务网站上发现有很多@sina.com的垃圾注册用户。虽然已经开启了honeypot模块,但是没有屏蔽住此类注册。

分析:

  攻击者可能比较熟悉honeypot的工作机制,可以自己编写相应的脚本实现恶意注册。

  在Drupal系统中,默认情况下,用户注册都会有日志记录,保存在watchdog表中。通过分析watchdog表中的关于用户的日志的情况,可以统计出相应的信息供参考。

  然后通过user block模块或其他相应模块屏蔽该恶意IP的注册。


解决步骤:

 在任意mysql客户端,或者phpmysql里面执行如下sql语句:

Drupal
ip blocking
Subscribe to ip blocking

Glossary

  • May 2023 (7)
  • March 2023 (1)
  • October 2022 (1)
  • October 2021 (2)
  • August 2021 (4)
  • June 2021 (2)
  • May 2021 (1)
  • April 2021 (2)
  • November 2020 (1)
  • June 2020 (2)
  • December 2019 (2)
  • November 2019 (1)
  • August 2019 (1)
  • February 2018 (1)
  • October 2017 (1)
  • September 2017 (1)
  • July 2017 (1)
  • June 2017 (2)
  • May 2017 (1)
  • March 2017 (3)
  • December 2016 (2)
  • November 2016 (4)
  • October 2016 (3)
  • June 2016 (1)
  • December 2015 (1)
  • November 2015 (6)
  • October 2015 (2)
  • September 2015 (1)
  • August 2015 (1)
  • July 2015 (1)
  • June 2015 (1)
  • May 2015 (1)
  • March 2015 (1)
  • January 2015 (1)
  • December 2014 (3)
  • October 2014 (5)
  • September 2014 (3)
  • August 2014 (1)
  • July 2014 (1)
  • June 2014 (1)
  • May 2014 (1)
  • April 2014 (2)
  • March 2014 (2)
  • February 2014 (2)
  • January 2014 (4)
  • December 2013 (1)
  • March 2013 (2)
  • February 2013 (2)
  • December 2012 (2)
  • November 2012 (4)
  • October 2012 (1)
  • September 2012 (6)
  • August 2012 (15)
  • July 2012 (5)
  • June 2012 (13)
  • May 2012 (9)
  • April 2012 (8)
  • March 2012 (9)
  • February 2012 (3)
  • January 2012 (1)
  • December 2011 (1)
  • November 2011 (6)
  • October 2011 (2)
  • September 2011 (17)
  • August 2011 (4)
  • July 2011 (4)
  • June 2011 (5)
  • May 2011 (4)

Copyright © 2025

苏ICP备14044171号-1