Laravel会话和错误日志文件非常庞大 [英] Laravel sessions and error log files are enormous

问题描述

最近我注意到一些令我有些担忧并且不知所措的事情.上周，我启动了一个运行Ubuntu 14.04的EC2实例，开始使用新的Laravel应用.

I noticed something recently that has me a little concerned and at a loss for an explanation. Last week I spun up an EC2 instance running Ubuntu 14.04 to start working on a new Laravel app.

今天，我注意到同步花费了非常长的时间.我注意到我的会话文件夹接近于1 gig，我的日志文件超过了300 Mb.日志文件中充满了令牌不匹配异常.是否有人对为什么会这样有任何想法?

Today, I noticed it was taking an unusually long time to sync. I noticed that my sessions folder was close to 1 gig and my log file was over 300 Mb. The log file was full of Token Mismatch Exceptions. Does anybody have any ideas on why this is happening?

我应该补充说，一切正常.我刚刚检查了我的apache访问日志文件，并提出了可能的解释.

I should add that everything is working normally. I just checked my apache access log file and came up with a possible explanation.

80.82.65.206 - - [27/Sep/2015:10:33:25 +0000] "POST /xmlrpc.php HTTP/1.0" 500 14213 "-" "Mozilla/5.0 (compatible; Googlebot/2.1;  http://www.google.com/bot.html)"
80.82.65.206 - - [27/Sep/2015:10:33:26 +0000] "POST /xmlrpc.php HTTP/1.0" 500 14213 "-" "Mozilla/5.0 (compatible; Googlebot/2.1;  http://www.google.com/bot.html)"
80.82.65.206 - - [27/Sep/2015:10:33:27 +0000] "POST /xmlrpc.php HTTP/1.0" 500 14213 "-" "Mozilla/5.0 (compatible; Googlebot/2.1;  http://www.google.com/bot.html)"

我的访问日志中大约有1万行.到底是怎么回事?

I have about 10k lines of this in my access log. What the hell is going on?

推荐答案

这是针对WordPress网站的常见扫描.请参阅以下内容:

This is a common scan that is used against WordPress sites. See the following:

https://blog.sucuri.net/2014/07/new-brute-force-attacks-exploiting-xmlrpc-in-wordpress.html

如果您在Apache日志文件中注意到，则没有引荐来源网址.因此，使用简单的重写规则，可以将这些请求放入您的.htaccess文件中来阻止这些请求:

If you notice in your Apache log file, there is no referrer. So using a simple rewrite rule, you can block these requests by putting this in your .htaccess file:

RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} ^xmlrcp\.php$
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule .* - [L,R=405]

或者，您可以使用以下方法阻止对没有推荐人的任何任何文件的所有POST请求:

Alternatively, you can block all POST requests to any file that don't have a referrer by using this:

RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule .* - [L,R=405]

由于Laravel不会接受POST请求，除非您设置资源控制器或指定路由应处理POST请求，您可以忽略这些请求，但至少要使用第一个示例.

Since Laravel won't take POST requests unless you setup a resource controller or specify that a route should handle POST requests, you can ignore these, but I would at least use the first example.

这篇关于Laravel会话和错误日志文件非常庞大的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！