今儿个一客户发了他一台机器过来.告知在不停的被人CC.
于是二话不说.上去帮他干了4000个恶意IP.正常了不到20分钟.负载持续飙升.
于是.只好挨个排查日志.发现这帮孙子.只要是在C的时候他们的User-Agent都是一样的
比如:

190-207-149-57.dyn.dsl.cantv.net - - [19/Oct/2014:23:36:36 +0800] 
"GET /otras-ligas-c-6.html HTTP/1.0" 302 - 
"http://site/otras-ligas-c-6.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
201-248-102-175.dyn.dsl.cantv.net - - [19/Oct/2014:23:36:36 +0800] 
"GET /otras-ligas-c-6.html HTTP/1.0" 403
 308 "http://site/otras-ligas-c-6.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
190-206-82-223.dyn.dsl.cantv.net - - [19/Oct/2014:23:36:36 +0800] 
"GET /otras-ligas-c-6.html HTTP/1.0" 302 - 
"http://site/otras-ligas-c-6.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

不难发现他们的User-Agent都是Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
知道这点就好办了
在.htaccess里面屏蔽掉他们就能解决了
下面内容直接添加到.htaccess之中.问题解决

SetEnvIfNoCase User-Agent "Mozilla/4.0" shit_user
    Order Allow,Deny
    Allow from all
    Deny from env=shit_user
 
    RewriteCond %{HTTP_USER_AGENT} Mozilla\/4\.0 [NC]
    RewriteRule .* - [R=503,L]