惡意攻擊IP地址段


作者: rogerskys    時間: 11 小時前
標題: 惡意攻擊IP地址段
本帖最後由 rogerskys 於 2022-7-7 00:29 編輯

我的WordPress一直被惡意搜索,今天直接梭哈1小時,整理出來攻擊的IP段。直接全部403


可以通過CDN攔截,直接匹配user-agent
*92.0.4515.159*



123.149.78.*
123.149.77.*
171.8.238.*
171.8.172.*
1.192.245.*
1.192.244.*
125.46.241.*
123.149.76.*
123.149.79.*
120.245.60.*
120.244.123.*
171.8.236.*
171.8.173.*
120.245.61.*
1.192.241.*
1.192.240.*
222.137.83.*
222.137.1.*
222.137.0.*
182.119.164.*
1.192.242.*
1.192.246.*
1.192.243.*
125.46.244.*
222.137.84.148
作者: a2313153    時間: 11 小時前
非常感謝同樣被困擾
作者: rogerskys    時間: 11 小時前
補充日志格式

使用cdn可以嘗試在cdn攔截,使用user-agent過濾92.0.4515.159

221.15.255.219|221.15.255.219 [07/Jul/2022:00:22:14 +0800] i4t.com "GET /?s=%E9%95%BF%E6%98%A5%E4%B9%9D%E5%8F%B0%E5%8C%BA%E9%85%92%E5%BA%97%E5%AD%A6%E7%94%9F%E3%80%90%E2%92%9228%E2%92%98%E2%92%94%E5%AA%BA%E3%80%91%E5%9F%8E%E5%A4%96&type=shop HTTP/1.1" 200 "https://i4t.com?s=%E9%95%BF%E6%98%A5%E4%B9%9D%E5%8F%B0%E5%8C%BA%E9%85%92%E5%BA%97%E5%AD%A6%E7%94%9F%E3%80%90%E2%92%9228%E2%92%98%E2%92%94%E5%AA%BA%E3%80%91%E5%9F%8E%E5%A4%96&type=circle" Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Mobile Safari/537.36 - [156486字節,0.246秒]
221.15.255.219|221.15.255.219 [07/Jul/2022:00:22:18 +0800] i4t.com "GET /?s=%E4%BF%A1%E9%98%B3%E5%9B%BA%E5%A7%8B%E5%8E%BF(%E4%BC%9A)%E6%89%80%E5%A4%A7(%E4%BF%9D)%E5%81%A5%E4%BB%B7%E6%A0%BC%E6%98%AF%E5%A4%9A%E5%B0%91(%E9%AD%8F%E6%80%A729.645722)K5rtn&type=post HTTP/1.1" 200 "https://i4t.com?s=%E4%BF%A1%E9%98%B3%E5%9B%BA%E5%A7%8B%E5%8E%BF%28%E4%BC%9A%29%E6%89%80%E5%A4%A7%28%E4%BF%9D%29%E5%81%A5%E4%BB%B7%E6%A0%BC%E6%98%AF%E5%A4%9A%E5%B0%91%28%E9%AD%8F%E6%80%A729.645722%29K5rtn&type=user" Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Mobile Safari/537.36 - [157316字節,0.191秒]
221.15.255.219|221.15.255.219 [07/Jul/2022:00:22:47 +0800] i4t.com "GET /?s=%E6%AD%A6%E6%B1%89%E6%B1%89%E5%8D%97%E5%8C%BA%E5%A6%B9%E5%AD%90%E5%A4%A7%E6%B4%BB%E3%80%90%E2%92%97%E2%92%9459%E2%92%9B%E5%AA%BA%E3%80%91%E8%87%AA%E7%9A%84&type=circle HTTP/1.1" 200 "https://i4t.com?s=%E6%AD%A6%E6%B1%89%E6%B1%89%E5%8D%97%E5%8C%BA%E5%A6%B9%E5%AD%90%E5%A4%A7%E6%B4%BB%E3%80%90%E2%92%97%E2%92%9459%E2%92%9B%E5%AA%BA%E3%80%91%E8%87%AA%E7%9A%84&type=post" Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Mobile Safari/537.36 - [156475字節,0.161秒]
125.46.246.228|125.46.246.228 [07/Jul/2022:00:23:47 +0800] i4t.com "GET /?s=%E5%A4%A9%E6%B4%A5%E8%A5%BF%E9%9D%92%E5%8C%BA%E4%BC%91%E9%97%B2%E5%A6%B9%E5%A6%B9%E3%80%90%E2%92%972%E2%92%99%E2%92%982%E5%AA%BA%E3%80%91%E9%80%9A%E6%9C%BA&type=shop HTTP/1.1" 200 "https://i4t.com?s=%E5%A4%A9%E6%B4%A5%E8%A5%BF%E9%9D%92%E5%8C%BA%E4%BC%91%E9%97%B2%E5%A6%B9%E5%A6%B9%E3%80%90%E2%92%972%E2%92%99%E2%92%982%E5%AA%BA%E3%80%91%E9%80%9A%E6%9C%BA&type=post" Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Mobile Safari/537.36 - [156486字節,0.241秒]
222.137.5.116|222.137.5.116 [07/Jul/2022:00:24:20 +0800] i4t.com "GET /?s=%E9%B9%A4%E5%B2%97%E5%A6%B9%E5%AD%90%E5%BF%AB%E9%A4%90%E3%80%90%E2%92%9228%E2%92%98%E2%92%94%E5%AA%BA%E3%80%91%E9%9A%BE%E6%89%80&type=circle HTTP/1.1" 200 "https://i4t.com?s=%E9%B9%A4%E5%B2%97%E5%A6%B9%E5%AD%90%E5%BF%AB%E9%A4%90%E3%80%90%E2%92%9228%E2%92%98%E2%92%94%E5%AA%BA%E3%80%91%E9%9A%BE%E6%89%80&type=shop" Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Mobile Safari/537.36 - [156223字節,0.228秒]
222.137.5.116|222.137.5.116 [07/Jul/2022:00:24:54 +0800] i4t.com "GET /?s=%E6%AD%A6%E5%A8%81%E6%8E%A8%E6%B2%B9%E5%B0%8F%E5%A6%B9%E5%AD%90513.86118%E5%BE%AE%E4%BF%A1%E5%89%AF%E9%9D%92&type=newsflashes HTTP/1.1" 200 "https://i4t.com?s=%E6%AD%A6%E5%A8%81%E6%8E%A8%E6%B2%B9%E5%B0%8F%E5%A6%B9%E5%AD%90513.86118%E5%BE%AE%E4%BF%A1%E5%89%AF%E9%9D%92&type=shop" Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Mobile Safari/537.36 - [156199字節,0.241秒]
作者: Sy.    時間: 8 小時前
求個子主題aff 如果是自己魔改 當我沒說
作者: iks    時間: 3 小時前
我啥都沒看懂,一會兒一個 IP 一會兒一個 user-agent 的
作者: 客官不可以    時間: 3 小時前
沒有cf的 差評      
作者: rogerskys    時間: 3 小時前
iks 發表於 2022-7-7 08:54
我啥都沒看懂,一會兒一個 IP 一會兒一個 user-agent 的
這些攻擊的ip看請求頭啊,明顯都是一個機器搞得,這麼多垃圾請求找相同點攔截就行瞭。
作者: 法外狂徒張三    時間: 3 小時前
前倆天有個倫敦ip掃我獨角的wordpress主題目錄。。。
作者: rogerskys    時間: 2 小時前
法外狂徒張三 發表於 2022-7-7 09:08
前倆天有個倫敦ip掃我獨角的wordpress主題目錄。。。
外面的世界太危險,我這半年來一直被老外sex網站註冊,每天註冊50多個,給我數據庫跑滿瞭,氣得我直接升級WordPress攔截註冊瞭
Tag:惡意 攻擊 地址 IP
相關文章