屏蔽恶意扫描ip 112.20.67.222 屏蔽Apache-HttpClient/5.1.3的方法
时间:2023年06月04日
/来源:网络
/编辑:佚名
最近网站上一个ip一直扫描网站漏洞,占用网站内存带宽,严重影响网站的正常运行。
网站日志如下:
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /?Upgrade=%24%28expr+875235436+%2B+881832843%29 HTTP/1.1" 499 0 "https://jiemi.78moban.com/User/Articleedt.html" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /User/oauth/authorize?response_type=${42781*41411}&client_id=acme&scope=openid&redirect_uri=http://test HTTP/1.1" 499 0 "https://jiemi.78moban.com" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /register/toDownload.do?fileName=../../../../../../../../../../../../../../windows/win.ini HTTP/1.1" 499 0 "-" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /category-56.html HTTP/1.1" 499 0 "https://jiemi.78moban.com/" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /include/downmix.inc.php HTTP/1.1" 499 0 "-" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /secure/ManageFilters.jspa?filter=popular&filterView=popular HTTP/1.1" 499 0 "-" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /User/Upgrade.html HTTP/1.1" 499 0 "https://jiemi.78moban.com%0d%0aCRLF-Header:CRLF-Value" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /?Upgrade=%27and%27u%27%3D%27f HTTP/1.1" 499 0 "https://jiemi.78moban.com/User/Articleedt.html" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /User/anywebmail/login.php?LOGIN_USER_INCLUDE=/etc/passwd HTTP/1.1" 499 0 "https://jiemi.78moban.com" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /mantisbt-2.3.0/verify.php?id=1&confirm_hash= HTTP/1.1" 499 0 "-" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /User/Upgrade.html HTTP/1.1" 499 0 "https://jiemi.78moban.com" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /User/verify.php?id=1&confirm_hash= HTTP/1.1" 499 0 "https://jiemi.78moban.com" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /User/Data/Log/22_01_01.log HTTP/1.1" 499 0 "https://jiemi.78moban.com" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "POST /User/php/rj_get_token.php HTTP/1.1" 499 0 "https://jiemi.78moban.com" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /category-9.html HTTP/1.1" 499 0 "https://jiemi.78moban.com/" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /?Upgrade=%22and%2F%2A%2A%2Fextractvalue%281%2Cconcat%28char%28126%29%2Cmd5%281672296969%29%29%29and%22 HTTP/1.1" 499 0 "https://jiemi.78moban.com/User/Articleedt.html" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /category-55.html HTTP/1.1" 499 0 "https://jiemi.78moban.com/" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /category-54.html HTTP/1.1" 499 0 "https://jiemi.78moban.com/" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /?Upgrade=bh6x.com HTTP/1.1" 499 0 "https://jiemi.78moban.com/User/Articleedt.html" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /?Upgrade HTTP/1.1" 499 0 "https://jiemi.78moban.com/User/Articleedt.html" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /picturesPreview?urls=aHR0cDovLzEyNy4wLjAuMS8xLnR4dCI%2BPHN2Zy9vbmxvYWQ9YWxlcnQoZG9jdW1lbnQuZG9tYWluKT4%3D HTTP/1.1" 499 0 "-" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /User/Upgrade.html HTTP/1.1" 499 0 "https://jiemi.78moban.com" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /category-12.html HTTP/1.1" 499 0 "https://jiemi.78moban.com/" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /live_mfg.shtml HTTP/1.1" 499 0 "-" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
恶意IP:112.20.67.222为中国江苏南京江宁
禁止恶意网站IP访问网站方法
deny 112.20.67.222;
另外一个: User-Agent:Apache-HttpClient/5.1.3 (Java/1.8.0_342)不停的访问本站
47.92.33.185 - - [04/Jun/2023:13:05:11 +0800] "GET / HTTP/1.1" 200 32264 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.29.136 - - [04/Jun/2023:13:05:11 +0800] "GET /favicon.ico HTTP/1.1" 200 1150 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.29.136 - - [04/Jun/2023:13:05:11 +0800] "GET / HTTP/1.1" 200 32258 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.29.136 - - [04/Jun/2023:13:05:11 +0800] "GET /favicon.ico HTTP/1.1" 200 1150 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.33.185 - - [04/Jun/2023:13:05:12 +0800] "GET / HTTP/1.1" 200 32245 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.29.136 - - [04/Jun/2023:13:05:12 +0800] "GET /favicon.ico HTTP/1.1" 200 1150 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.33.185 - - [04/Jun/2023:13:05:12 +0800] "GET / HTTP/1.1" 200 32258 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.33.185 - - [04/Jun/2023:13:05:12 +0800] "GET /favicon.ico HTTP/1.1" 200 1150 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.29.136 - - [04/Jun/2023:13:05:13 +0800] "GET / HTTP/1.1" 200 32260 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.29.136 - - [04/Jun/2023:13:05:13 +0800] "GET /favicon.ico HTTP/1.1" 200 1150 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.33.185 - - [04/Jun/2023:13:05:13 +0800] "GET / HTTP/1.1" 200 32255 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.33.185 - - [04/Jun/2023:13:05:13 +0800] "GET /favicon.ico HTTP/1.1" 200 1150 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.29.136 - - [04/Jun/2023:13:05:13 +0800] "GET / HTTP/1.1" 200 32256 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.29.136 - - [04/Jun/2023:13:05:13 +0800] "GET /favicon.ico HTTP/1.1" 200 1150 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.33.185 - - [04/Jun/2023:13:05:14 +0800] "GET / HTTP/1.1" 200 32266 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.29.136 - - [04/Jun/2023:13:05:14 +0800] "GET /favicon.ico HTTP/1.1" 200 1150 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.33.185 - - [04/Jun/2023:13:05:15 +0800] "GET / HTTP/1.1" 200 32257 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.33.185 - - [04/Jun/2023:13:05:15 +0800] "GET /favicon.ico HTTP/1.1" 200 1150 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
屏蔽Apache-HttpClient/5.1.3 (Java/1.8.0_342)的方法
屏蔽恶意ip或者放到防火墙里禁止访问
deny 47.92.33.185;
deny 47.92.29.136;
屏蔽User-Agent:Apache-HttpClient
把下面代码放到禁止User-Agent的列表里面
HTTrack|Apache-HttpClient|harvest|audit|dirbuster|pangolin|nmap|sqln|hydra|Parser|libwww|BBBike|sqlmap|w3af|owasp|Nikto|fimap|havij|zmeu|BabyKrokodil|BabyKrok|netsparker|httperf|bench|SF|
- 【建站知识】查询nginx日志状态码大于400的请求并打印整行04-03
- 【建站知识】Python中的logger和handler到底是个什么?04-03
- 【建站知识】python3拉勾网爬虫之(您操作太频繁,请稍后访问)04-03
- 【建站知识】xpath 获取meta里的keywords及description的方法04-03
- 【建站知识】python向上取整以50为界04-03
- 【建站知识】scrapy xpath遇见乱码解决04-03
- 【建站知识】scrapy爬取后中文乱码,解决word转为html 时cp1252编码问题04-03
- 【建站知识】scrapy采集—爬取中文乱码,gb2312转为utf-804-03