屏蔽恶意扫描ip 112.20.67.222 屏蔽Apache-HttpClient/5.1.3的方法

时间:2023年06月04日

/

来源:网络

/

编辑:佚名

最近网站上一个ip一直扫描网站漏洞,占用网站内存带宽,严重影响网站的正常运行。

网站日志如下:

112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /?Upgrade=%24%28expr+875235436+%2B+881832843%29 HTTP/1.1" 499 0 "https://jiemi.78moban.com/User/Articleedt.html" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"

112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /User/oauth/authorize?response_type=${42781*41411}&client_id=acme&scope=openid&redirect_uri=http://test HTTP/1.1" 499 0 "https://jiemi.78moban.com" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"

112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /register/toDownload.do?fileName=../../../../../../../../../../../../../../windows/win.ini HTTP/1.1" 499 0 "-" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"

112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /category-56.html HTTP/1.1" 499 0 "https://jiemi.78moban.com/" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"

112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /include/downmix.inc.php HTTP/1.1" 499 0 "-" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"

112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /secure/ManageFilters.jspa?filter=popular&filterView=popular HTTP/1.1" 499 0 "-" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"

112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /User/Upgrade.html HTTP/1.1" 499 0 "https://jiemi.78moban.com%0d%0aCRLF-Header:CRLF-Value" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"

112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /?Upgrade=%27and%27u%27%3D%27f HTTP/1.1" 499 0 "https://jiemi.78moban.com/User/Articleedt.html" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"

112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /User/anywebmail/login.php?LOGIN_USER_INCLUDE=/etc/passwd HTTP/1.1" 499 0 "https://jiemi.78moban.com" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"

112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /mantisbt-2.3.0/verify.php?id=1&confirm_hash= HTTP/1.1" 499 0 "-" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"

112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /User/Upgrade.html HTTP/1.1" 499 0 "https://jiemi.78moban.com" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"

112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /User/verify.php?id=1&confirm_hash= HTTP/1.1" 499 0 "https://jiemi.78moban.com" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"

112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /User/Data/Log/22_01_01.log HTTP/1.1" 499 0 "https://jiemi.78moban.com" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"

112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "POST /User/php/rj_get_token.php HTTP/1.1" 499 0 "https://jiemi.78moban.com" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"

112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /category-9.html HTTP/1.1" 499 0 "https://jiemi.78moban.com/" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"

112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /?Upgrade=%22and%2F%2A%2A%2Fextractvalue%281%2Cconcat%28char%28126%29%2Cmd5%281672296969%29%29%29and%22 HTTP/1.1" 499 0 "https://jiemi.78moban.com/User/Articleedt.html" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"

112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /category-55.html HTTP/1.1" 499 0 "https://jiemi.78moban.com/" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"

112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /category-54.html HTTP/1.1" 499 0 "https://jiemi.78moban.com/" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"

112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /?Upgrade=bh6x.com HTTP/1.1" 499 0 "https://jiemi.78moban.com/User/Articleedt.html" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"

112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /?Upgrade HTTP/1.1" 499 0 "https://jiemi.78moban.com/User/Articleedt.html" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"

112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /picturesPreview?urls=aHR0cDovLzEyNy4wLjAuMS8xLnR4dCI%2BPHN2Zy9vbmxvYWQ9YWxlcnQoZG9jdW1lbnQuZG9tYWluKT4%3D HTTP/1.1" 499 0 "-" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"

112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /User/Upgrade.html HTTP/1.1" 499 0 "https://jiemi.78moban.com" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"

112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /category-12.html HTTP/1.1" 499 0 "https://jiemi.78moban.com/" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"

112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /live_mfg.shtml HTTP/1.1" 499 0 "-" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"

恶意IP:112.20.67.222为中国江苏南京江宁

禁止恶意网站IP访问网站方法

deny  112.20.67.222;

另外一个: User-Agent:Apache-HttpClient/5.1.3 (Java/1.8.0_342)不停的访问本站

47.92.33.185 - - [04/Jun/2023:13:05:11 +0800] "GET / HTTP/1.1" 200 32264 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"

47.92.29.136 - - [04/Jun/2023:13:05:11 +0800] "GET /favicon.ico HTTP/1.1" 200 1150 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"

47.92.29.136 - - [04/Jun/2023:13:05:11 +0800] "GET / HTTP/1.1" 200 32258 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"

47.92.29.136 - - [04/Jun/2023:13:05:11 +0800] "GET /favicon.ico HTTP/1.1" 200 1150 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"

47.92.33.185 - - [04/Jun/2023:13:05:12 +0800] "GET / HTTP/1.1" 200 32245 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"

47.92.29.136 - - [04/Jun/2023:13:05:12 +0800] "GET /favicon.ico HTTP/1.1" 200 1150 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"

47.92.33.185 - - [04/Jun/2023:13:05:12 +0800] "GET / HTTP/1.1" 200 32258 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"

47.92.33.185 - - [04/Jun/2023:13:05:12 +0800] "GET /favicon.ico HTTP/1.1" 200 1150 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"

47.92.29.136 - - [04/Jun/2023:13:05:13 +0800] "GET / HTTP/1.1" 200 32260 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"

47.92.29.136 - - [04/Jun/2023:13:05:13 +0800] "GET /favicon.ico HTTP/1.1" 200 1150 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"

47.92.33.185 - - [04/Jun/2023:13:05:13 +0800] "GET / HTTP/1.1" 200 32255 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"

47.92.33.185 - - [04/Jun/2023:13:05:13 +0800] "GET /favicon.ico HTTP/1.1" 200 1150 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"

47.92.29.136 - - [04/Jun/2023:13:05:13 +0800] "GET / HTTP/1.1" 200 32256 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"

47.92.29.136 - - [04/Jun/2023:13:05:13 +0800] "GET /favicon.ico HTTP/1.1" 200 1150 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"

47.92.33.185 - - [04/Jun/2023:13:05:14 +0800] "GET / HTTP/1.1" 200 32266 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"

47.92.29.136 - - [04/Jun/2023:13:05:14 +0800] "GET /favicon.ico HTTP/1.1" 200 1150 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"

47.92.33.185 - - [04/Jun/2023:13:05:15 +0800] "GET / HTTP/1.1" 200 32257 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"

47.92.33.185 - - [04/Jun/2023:13:05:15 +0800] "GET /favicon.ico HTTP/1.1" 200 1150 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"

屏蔽Apache-HttpClient/5.1.3 (Java/1.8.0_342)的方法

屏蔽恶意ip或者放到防火墙里禁止访问

deny 47.92.33.185;

deny 47.92.29.136;

屏蔽User-Agent:Apache-HttpClient 

把下面代码放到禁止User-Agent的列表里面

HTTrack|Apache-HttpClient|harvest|audit|dirbuster|pangolin|nmap|sqln|hydra|Parser|libwww|BBBike|sqlmap|w3af|owasp|Nikto|fimap|havij|zmeu|BabyKrokodil|BabyKrok|netsparker|httperf|bench|SF|

猜你需要

豫ICP备2021026617号-1  豫公网安备:41172602000185   Copyright © 2021-2028 www.78moban.com/ All Rights Reserved

本站作品均来自互联网,转载目的在于传递更多信息,并不代表本站赞同其观点和对其真实性负责。如有侵犯您的版权,请联系 1565229909#qq.com(把#改成@),我们将立即处理。