cht電腦資訊網路
adm Find login register

分享有入侵 server 行為的 IP blocks

eliu
1 分享有入侵 server 行為的 IP blocks
Promote 0 Bookmark 02013-12-07quote  

這些都是來自 China 的 IP blocks,很可能是中國的網軍,特別是河北省那些。

是用 download backup 的方式

118.123.17.86 - - [07/Dec/2013:07:29:17 0800] "HEAD /wwwroot.rar HTTP/1.1" 404 163 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
118.123.17.86 - - [07/Dec/2013:07:29:17 0800] "HEAD /wwwroot.zip HTTP/1.1" 404 163 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
118.123.17.86 - - [07/Dec/2013:07:29:17 0800] "HEAD /HYTop.mdb HTTP/1.1" 404 163 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
118.123.17.86 - - [07/Dec/2013:07:29:17 0800] "HEAD /beifen.rar HTTP/1.1" 404 163 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
118.123.17.86 - - [07/Dec/2013:07:29:17 0800] "HEAD /beifen.zip HTTP/1.1" 404 163 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
118.123.17.86 - - [07/Dec/2013:07:29:17 0800] "HEAD /web.rar HTTP/1.1" 404 163 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
118.123.17.86 - - [07/Dec/2013:07:29:17 0800] "HEAD /web.zip HTTP/1.1" 404 163 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"

 

底下是 shorewall 用的 iptables rules

DROP net:124.238.244.0/24 all tcp 80
DROP net:124.237.133.0/24 all tcp 80
DROP net:125.77.142.0/24 all tcp 80
DROP net:61.55.186.0/24 all tcp 80
DROP net:27.189.197.0/20 all tcp 80
DROP net:113.116.120.0/24 all tcp 80
DROP net:118.123.17.0/24 all tcp 80

edited: 1

cht電腦資訊網路
adm Find login register
views:3941