eliu
| 1
企圖入侵的 中國 IP 123.57.16.76 |
0
0 | 2015-01-19 | quote | | |
早上看網站的 Apache access_log 發現有企圖入侵的 IP 123.57.16.76
用 whois 一看,這不就是馬云的「阿里云」嗎?如果是這樣你敢把 data 放在他們家嗎?
直接封鎖這個 IP block
inetnum: 123.56.0.0 - 123.57.255.255 netname: ALISOFT descr: Aliyun Computing Co., LTD descr: 5F, Builing D, the West Lake International Plaza of S&T descr: No.391 Wen'er Road, Hangzhou, Zhejiang, China, 310099
---
123.57.16.76 - - [19/Jan/2015:08:39:30 0800] "HEAD /beifen.rar HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 123.57.16.76 - - [19/Jan/2015:08:39:31 0800] "HEAD /beifen.zip HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 123.57.16.76 - - [19/Jan/2015:08:39:31 0800] "HEAD /beifen.tar.gz HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 123.57.16.76 - - [19/Jan/2015:08:39:31 0800] "HEAD /backup.rar HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 123.57.16.76 - - [19/Jan/2015:08:39:32 0800] "HEAD /backup.zip HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 123.57.16.76 - - [19/Jan/2015:08:39:32 0800] "HEAD /backup.tar.gz HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 123.57.16.76 - - [19/Jan/2015:08:39:33 0800] "HEAD /Runtime.rar HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 123.57.16.76 - - [19/Jan/2015:08:39:33 0800] "HEAD /Runtime.zip HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 123.57.16.76 - - [19/Jan/2015:08:39:34 0800] "HEAD /Runtime.tar.gz HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 123.57.16.76 - - [19/Jan/2015:08:39:34 0800] "HEAD /data.rar HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 123.57.16.76 - - [19/Jan/2015:08:39:34 0800] "HEAD /data.zip HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 123.57.16.76 - - [19/Jan/2015:08:39:35 0800] "HEAD /data.tar.gz HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 123.57.16.76 - - [19/Jan/2015:08:39:35 0800] "HEAD /inc.rar HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 123.57.16.76 - - [19/Jan/2015:08:39:36 0800] "HEAD /inc.zip HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
edited: 1
|
阿里雲又企圖入侵。
121.40.163.63 - - [24/Mar/2015:22:00:17 0800] "HEAD /wwwhyperratecom.zip HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 121.40.163.63 - - [24/Mar/2015:22:00:17 0800] "HEAD /wwwhyperratecom.tar.gz HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 121.40.163.63 - - [24/Mar/2015:22:00:17 0800] "HEAD /hyperrate.com.rar HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 121.40.163.63 - - [24/Mar/2015:22:00:18 0800] "HEAD /hyperrate.com.zip HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 121.40.163.63 - - [24/Mar/2015:22:00:18 0800] "HEAD /hyperrate.com.tar.gz HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 121.40.163.63 - - [24/Mar/2015:22:00:18 0800] "HEAD /hyperrate.rar HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 121.40.163.63 - - [24/Mar/2015:22:00:18 0800] "HEAD /hyperrate.zip HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 121.40.163.63 - - [24/Mar/2015:22:00:18 0800] "HEAD /hyperrate.tar.gz HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 121.40.163.63 - - [24/Mar/2015:22:00:18 0800] "HEAD /hyperratecom.rar HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
inetnum: 121.40.0.0 - 121.43.255.255
netname: ALISOFT descr: Aliyun Computing Co., LTD descr: 5F, Builing D, the West Lake International Plaza of S&T descr: No.391 Wen'er Road, Hangzhou, Zhejiang, China, 310099 country: CN
edited: 1
|
阿里雲怎麼一直想入侵別人的網站?
120.24.86.165 - - [25/Mar/2015:14:02:23 0800] "HEAD /hyperratecom.tar.gz HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 120.24.86.165 - - [25/Mar/2015:14:02:23 0800] "HEAD /beifen.rar HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 120.24.86.165 - - [25/Mar/2015:14:02:23 0800] "HEAD /beifen.zip HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 120.24.86.165 - - [25/Mar/2015:14:02:23 0800] "HEAD /beifen.tar.gz HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 120.24.86.165 - - [25/Mar/2015:14:02:23 0800] "HEAD /backup.rar HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 120.24.86.165 - - [25/Mar/2015:14:02:23 0800] "HEAD /backup.zip HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 120.24.86.165 - - [25/Mar/2015:14:02:23 0800] "HEAD /backup.tar.gz HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 120.24.86.165 - - [25/Mar/2015:14:02:23 0800] "HEAD /Runtime.rar HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 120.24.86.165 - - [25/Mar/2015:14:02:23 0800] "HEAD /Runtime.zip HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
inetnum: 120.24.0.0 - 120.27.255.255 netname: ALISOFT descr: Aliyun Computing Co., LTD descr: 5F, Builing D, the West Lake International Plaza of S&T descr: No.391 Wen'er Road, Hangzhou, Zhejiang, China, 310099 country: CN
|
阿里雲又想入侵了
115.29.221.204 - - [02/Jul/2015:08:21:45 0800] "HEAD /Runtime.tar.gz HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 115.29.221.204 - - [02/Jul/2015:08:21:46 0800] "HEAD /data.zip HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 115.29.221.204 - - [02/Jul/2015:08:21:46 0800] "HEAD /data.tar.gz HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 115.29.221.204 - - [02/Jul/2015:08:21:46 0800] "HEAD /inc.zip HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 115.29.221.204 - - [02/Jul/2015:08:21:46 0800] "HEAD /inc.tar.gz HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 115.29.221.204 - - [02/Jul/2015:08:21:46 0800] "HEAD /datas.zip HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 115.29.221.204 - - [02/Jul/2015:08:21:46 0800] "HEAD /Runtime/Data/_bak.zip HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
$ whois 115.29.221.204 % Information related to '115.28.0.0 - 115.29.255.255'
inetnum: 115.28.0.0 - 115.29.255.255 netname: ALISOFT descr: Aliyun Computing Co., LTD descr: 5F, Builing D, the West Lake International Plaza of S&T descr: No.391 Wen'er Road, Hangzhou, Zhejiang, China, 310099
|
阿里雲又想入侵了
139.196.14.61 - - [26/Sep/2015:14:35:14 0800] "HEAD /web.rar HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 139.196.14.61 - - [26/Sep/2015:14:35:14 0800] "HEAD /hyperrate.rar HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 139.196.14.61 - - [26/Sep/2015:14:35:14 0800] "HEAD /www.rar HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 139.196.14.61 - - [26/Sep/2015:14:35:14 0800] "HEAD /wwwroot.rar HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 139.196.14.61 - - [26/Sep/2015:14:35:14 0800] "HEAD /1.rar HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 139.196.14.61 - - [26/Sep/2015:14:35:14 0800] "HEAD /123.rar HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 139.196.14.61 - - [26/Sep/2015:14:35:14 0800] "HEAD /hyperratecom.rar HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 139.196.14.61 - - [26/Sep/2015:14:35:14 0800] "HEAD /hyperrate.com.rar HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 139.196.14.61 - - [26/Sep/2015:14:35:15 0800] "HEAD /hyperrate.com.rar HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 139.196.14.61 - - [26/Sep/2015:14:35:15 0800] "HEAD /hyperratecom.rar HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 139.196.14.61 - - [26/Sep/2015:14:35:15 0800] "HEAD /beifen.rar HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 139.196.14.61 - - [26/Sep/2015:14:35:15 0800] "HEAD /web.zip HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 139.196.14.61 - - [26/Sep/2015:14:35:15 0800] "HEAD /wwwroot.zip HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 139.196.14.61 - - [26/Sep/2015:14:35:15 0800] "HEAD /www.zip HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 139.196.14.61 - - [26/Sep/2015:14:35:15 0800] "HEAD /hyperrate.zip HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 139.196.14.61 - - [26/Sep/2015:14:35:15 0800] "HEAD /www1.rar HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 139.196.14.61 - - [26/Sep/2015:14:35:15 0800] "HEAD /web1.rar HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 139.196.14.61 - - [26/Sep/2015:14:35:15 0800] "HEAD /webroot.rar HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
inetnum: 139.196.0.0 - 139.196.255.255 netname: ALISOFT descr: Aliyun Computing Co., LTD descr: 5F, Builing D, the West Lake International Plaza of S&T descr: No.391 Wen'er Road, Hangzhou, Zhejiang, China, 310099 country: CN
edited: 2
|
inetnum: 115.28.0.0 - 115.29.255.255 netname: ALISOFT descr: Aliyun Computing Co., LTD descr: 5F, Builing D, the West Lake International Plaza of S&T descr: No.391 Wen'er Road, Hangzhou, Zhejiang, China, 310099
115.29.246.40 - - [26/Oct/2015:10:41:38 0800] "HEAD /htdocs.rar HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 115.29.246.40 - - [26/Oct/2015:10:41:38 0800] "HEAD /backup.rar HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 115.29.246.40 - - [26/Oct/2015:10:41:38 0800] "HEAD /data.rar HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 115.29.246.40 - - [26/Oct/2015:10:41:39 0800] "HEAD /Runtime.rar HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" 115.29.246.40 - - [26/Oct/2015:10:41:39 0800] "HEAD /inc/datas.rar HTTP/1.1" 404 139 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)"
|