110,536
社区成员
发帖
与我相关
我的任务
分享filezilla server+C# 正常使用一段时间后,上传卡住(有未知连接)
客户端是用C#写的,每次使用时都会重新创建ftp连接,使用完后断开。
部分代码如下,使用了被动模式和SSL:
代码在内网使用很正常,但放到外网就三天两头出问题,最终表现是这样:
可以看到ftp连接没有登录和后续操作。
正常的情况如下:
我又查看了日志,发现中间有未知用户连接,日志如下:
后面每隔一段时间还有尝试登录和连接的操作,可以看到,这个ftp请求来自linux下的firefox,和同事确认,没有人做过这个操作,我们也没有这个版本的linux+firefox。
应该是被攻击了。
同时,我的客户端在几次尝试后,ftp上传就卡住了,即便设置了timeout,也没有作用,必须要客户端和服务端都重启才能恢复正常。
请问我该如何避免以下问题:
1、ftp传输卡住;
2、你们在使用ftp server 时,是否开启了autoban;
3、发生以上问题,你们是如何避免和处理的。
非常感谢!
想了半天,实在不知道该放在哪个版块。
部分代码如下,使用了被动模式和SSL:
Uri uri = new Uri(string.Format("ftp://{0}:{1}{2}{3}", mFtpConfig.ServerIp, mFtpConfig.Port, url, outfile));
FtpWebRequest request = (FtpWebRequest)FtpWebRequest.Create(uri);
if (mSupportSsl)
{
request.EnableSsl = true;
ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(ValidateServerCertificate);
}
request.Credentials = new NetworkCredential(user, password);
request.UseBinary = true;
request.KeepAlive = false;
request.Method = WebRequestMethods.Ftp.UploadFile;
request.ReadWriteTimeout = Timeout * 1000;
request.UsePassive = true;
Stream writer = null;
//读取文件的信息并上传
byte[] buffer = new byte[1024];
FileStream freader = File.OpenRead(infile);
try
{
writer = request.GetRequestStream();
int readedbyte = freader.Read(buffer, 0, buffer.Length);
while (readedbyte > 0)
{
writer.Write(buffer, 0, readedbyte);
readedbyte = freader.Read(buffer, 0, buffer.Length);
}
writer.Close();
freader.Close();
FtpWebResponse response = (FtpWebResponse)request.GetResponse();
Log.Debug("FTP Respone:" + response.StatusCode + "-" + response.StatusDescription);
response.GetResponseStream().Close();
request.GetResponse().Close();
ret = (response.StatusCode == FtpStatusCode.ClosingData);
}
catch (Exception ex)
{
Log.Error("FTP-Eroor:" + ex.Message);
}
代码在内网使用很正常,但放到外网就三天两头出问题,最终表现是这样:
(001006)2019/9/9 5:04:11 - (not logged in) (138.68.208.163)> Connected on port 990, sending welcome message...
(001006)2019/9/9 5:04:11 - (not logged in) (138.68.208.163)> 220-FileZilla Server 0.9.60 beta
(001006)2019/9/9 5:04:21 - (not logged in) (138.68.208.163)> disconnected.
可以看到ftp连接没有登录和后续操作。
正常的情况如下:
(000937)2019/8/30 15:54:10 - (not logged in) (171.211.244.173)> Connected on port 21, sending welcome message...
(000937)2019/8/30 15:54:10 - (not logged in) (171.211.244.173)> 220-FileZilla Server 0.9.60 beta
(000937)2019/8/30 15:54:10 - (not logged in) (171.211.244.173)> 220-written by Tim Kosse (tim.kosse@filezilla-project.org)
(000937)2019/8/30 15:54:10 - (not logged in) (171.211.244.173)> 220 Please visit https://filezilla-project.org/
(000937)2019/8/30 15:54:10 - (not logged in) (171.211.244.173)> USER myuser
(000937)2019/8/30 15:54:10 - (not logged in) (171.211.244.173)> 331 Password required for myuser
(000937)2019/8/30 15:54:10 - (not logged in) (171.211.244.173)> PASS ********
(000937)2019/8/30 15:54:10 - myuser (171.211.244.173)> 230 Logged on
(000937)2019/8/30 15:54:10 - myuser (171.211.244.173)> OPTS utf8 on
(000937)2019/8/30 15:54:10 - myuser (171.211.244.173)> 202 UTF8 mode is always enabled. No need to send this command.
(000937)2019/8/30 15:54:10 - myuser (171.211.244.173)> PWD
(000937)2019/8/30 15:54:10 - myuser (171.211.244.173)> 257 "/" is current directory.
(000937)2019/8/30 15:54:10 - myuser (171.211.244.173)> TYPE I
(000937)2019/8/30 15:54:10 - myuser (171.211.244.173)> 200 Type set to I
(000937)2019/8/30 15:54:10 - myuser (171.211.244.173)> PASV
(000937)2019/8/30 15:54:10 - myuser (171.211.244.173)> 227 Entering Passive Mode (120,25,229,127,74,150)
(000937)2019/8/30 15:54:13 - myuser (171.211.244.173)> NLST okhP2v55FsB7WfCbUQsqnGH6ENDg
(000937)2019/8/30 15:54:13 - myuser (171.211.244.173)> 150 Opening data channel for directory listing of "/okhP2v55FsB7WfCbUQsqnGH6ENDg"
(000937)2019/8/30 15:54:13 - myuser (171.211.244.173)> 226 Successfully transferred "/okhP2v55FsB7WfCbUQsqnGH6ENDg"
(000937)2019/8/30 15:54:13 - myuser (171.211.244.173)> AUTH TLS
(000937)2019/8/30 15:54:13 - myuser (171.211.244.173)> 234 Using authentication type TLS
(000937)2019/8/30 15:54:13 - myuser (171.211.244.173)> TLS connection established
(000937)2019/8/30 15:54:13 - myuser (171.211.244.173)> USER myuser
(000937)2019/8/30 15:54:13 - (not logged in) (171.211.244.173)> 331 Password required for myuser
(000937)2019/8/30 15:54:13 - (not logged in) (171.211.244.173)> PASS ********
(000937)2019/8/30 15:54:13 - myuser (171.211.244.173)> 230 Logged on
(000937)2019/8/30 15:54:13 - myuser (171.211.244.173)> PBSZ 0
(000937)2019/8/30 15:54:13 - myuser (171.211.244.173)> 200 PBSZ=0
(000937)2019/8/30 15:54:13 - myuser (171.211.244.173)> PROT P
(000937)2019/8/30 15:54:13 - myuser (171.211.244.173)> 200 Protection level set to P
(000937)2019/8/30 15:54:13 - myuser (171.211.244.173)> OPTS utf8 on
(000937)2019/8/30 15:54:13 - myuser (171.211.244.173)> 202 UTF8 mode is always enabled. No need to send this command.
(000937)2019/8/30 15:54:13 - myuser (171.211.244.173)> PWD
(000937)2019/8/30 15:54:13 - myuser (171.211.244.173)> 257 "/" is current directory.
(000937)2019/8/30 15:54:13 - myuser (171.211.244.173)> TYPE I
(000937)2019/8/30 15:54:13 - myuser (171.211.244.173)> 200 Type set to I
(000937)2019/8/30 15:54:13 - myuser (171.211.244.173)> PASV
(000937)2019/8/30 15:54:13 - myuser (171.211.244.173)> 227 Entering Passive Mode (120,25,229,127,74,245)
(000937)2019/8/30 15:54:13 - myuser (171.211.244.173)> STOR okhP2v55FsB7WfCbUQsqnGH6ENDg/at132116250034392543rpt1PacsReport20190830154837.pdf
(000937)2019/8/30 15:54:13 - myuser (171.211.244.173)> 425 Rejected data connection for transfer of "/XXXXXXX", IP addresses of control and data connection do not match
(000937)2019/8/30 15:54:13 - myuser (171.211.244.173)> disconnected.
我又查看了日志,发现中间有未知用户连接,日志如下:
(000954)2019/8/30 17:27:32 - (not logged in) (47.100.33.151)> Connected on port 990, sending welcome message...
(000954)2019/8/30 17:27:32 - (not logged in) (47.100.33.151)> 220-FileZilla Server 0.9.60 beta
(000954)2019/8/30 17:27:32 - (not logged in) (47.100.33.151)> 220-written by Tim Kosse (tim.kosse@filezilla-project.org)
(000954)2019/8/30 17:27:32 - (not logged in) (47.100.33.151)> 220 Please visit https://filezilla-project.org/
(000954)2019/8/30 17:27:32 - (not logged in) (47.100.33.151)> TLS connection established
(000954)2019/8/30 17:27:32 - (not logged in) (47.100.33.151)> GET / HTTP/1.1
(000954)2019/8/30 17:27:32 - (not logged in) (47.100.33.151)> 500 Syntax error, command unrecognized.
(000954)2019/8/30 17:27:32 - (not logged in) (47.100.33.151)> User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0
(000954)2019/8/30 17:27:32 - (not logged in) (47.100.33.151)> 500 Syntax error, command unrecognized.
(000954)2019/8/30 17:27:32 - (not logged in) (47.100.33.151)> Host: 120.25.229.127:990
(000954)2019/8/30 17:27:32 - (not logged in) (47.100.33.151)> 500 Syntax error, command unrecognized.
(000954)2019/8/30 17:27:32 - (not logged in) (47.100.33.151)> Connection: Keep-Alive
(000954)2019/8/30 17:27:32 - (not logged in) (47.100.33.151)> 500 Syntax error, command unrecognized.
(000954)2019/8/30 17:27:32 - (not logged in) (47.100.33.151)> Accept-Encoding: gzip
(000954)2019/8/30 17:27:32 - (not logged in) (47.100.33.151)> 500 Syntax error, command unrecognized.
(000954)2019/8/30 17:27:32 - (not logged in) (47.100.33.151)> disconnected.
(000955)2019/8/30 20:17:35 - (not logged in) (122.228.19.79)> Connected on port 990, sending welcome message...
(000955)2019/8/30 20:17:35 - (not logged in) (122.228.19.79)> 220-FileZilla Server 0.9.60 beta
(000955)2019/8/30 20:17:35 - (not logged in) (122.228.19.79)> 220-written by Tim Kosse (tim.kosse@filezilla-project.org)
(000955)2019/8/30 20:17:35 - (not logged in) (122.228.19.79)> 220 Please visit https://filezilla-project.org/
(000955)2019/8/30 20:17:35 - (not logged in) (122.228.19.79)> TLS connection established
(000955)2019/8/30 20:17:35 - (not logged in) (122.228.19.79)> HELP
(000955)2019/8/30 20:17:35 - (not logged in) (122.228.19.79)> 214-The following commands are recognized:
(000955)2019/8/30 20:17:35 - (not logged in) (122.228.19.79)> ABOR ADAT ALLO APPE AUTH CDUP CLNT CWD
(000955)2019/8/30 20:17:35 - (not logged in) (122.228.19.79)> DELE EPRT EPSV FEAT HASH HELP LIST MDTM
(000955)2019/8/30 20:17:35 - (not logged in) (122.228.19.79)> MFMT MKD MLSD MLST MODE NLST NOOP NOP
(000955)2019/8/30 20:17:35 - (not logged in) (122.228.19.79)> OPTS PASS PASV PBSZ PORT PROT PWD QUIT
(000955)2019/8/30 20:17:35 - (not logged in) (122.228.19.79)> REST RETR RMD RNFR RNTO SITE SIZE STOR
(000955)2019/8/30 20:17:35 - (not logged in) (122.228.19.79)> STRU SYST TYPE USER XCUP XCWD XMKD XPWD
(000955)2019/8/30 20:17:35 - (not logged in) (122.228.19.79)> XRMD
(000955)2019/8/30 20:17:35 - (not logged in) (122.228.19.79)> 214 Have a nice day.
(000955)2019/8/30 20:17:35 - (not logged in) (122.228.19.79)> STAT
(000955)2019/8/30 20:17:35 - (not logged in) (122.228.19.79)> 500 Syntax error, command unrecognized.
(000955)2019/8/30 20:17:35 - (not logged in) (122.228.19.79)> LIST
后面每隔一段时间还有尝试登录和连接的操作,可以看到,这个ftp请求来自linux下的firefox,和同事确认,没有人做过这个操作,我们也没有这个版本的linux+firefox。
应该是被攻击了。
同时,我的客户端在几次尝试后,ftp上传就卡住了,即便设置了timeout,也没有作用,必须要客户端和服务端都重启才能恢复正常。
请问我该如何避免以下问题:
1、ftp传输卡住;
2、你们在使用ftp server 时,是否开启了autoban;
3、发生以上问题,你们是如何避免和处理的。
非常感谢!
想了半天,实在不知道该放在哪个版块。
...全文
请发表友善的回复…
发表回复
不远1210 2019-09-11
- 打赏
- 举报
看来是没有其他建议了,再等等看有其他大佬没!
wanghui0380 2019-09-09
- 打赏
- 举报
请问客户端有没有优化思路,可以避免连接卡住?应该是卡在了request.GetResponese()这里。[/quote]
这个我没啥办法,只能建议你去nuget找一下另外的ftpclient库
不远1210 2019-09-09
- 打赏
- 举报
请问客户端有没有优化思路,可以避免连接卡住?应该是卡在了request.GetResponese()这里。
不远1210 2019-09-09
- 打赏
- 举报
忘了介绍环境,ftp server在阿里云的ECS上,操作系统是Windows Server 2008,实际上第一天就中毒了,所以装了eset。
由于字数限制,上面没有贴完,实际上频率不高,filezilla日志中每隔1-2小时才有一次,连接后会做一些操作和登录尝试,从表面来看不算ddos,不知道是对方没有继续请求,还是被拒绝了,或者是被什么拦截了。
重启后一般能正常使用1-2天,然后又挂了。
wanghui0380 2019-09-09
- 打赏
- 举报
DDos攻击基本属于无解的。只能 流量清洗+白名单
我只想问这个ftp地址是如何被人探测到的,他探测不到就不会攻击,探测到了就会尝试攻击
不远1210 2019-09-09
- 打赏
- 举报
请问客户端有没有优化思路,可以避免连接卡住?应该是卡在了request.GetResponese()这里。[/quote]
这个我没啥办法,只能建议你去nuget找一下另外的ftpclient库[/quote]
好吧谢谢!
