最近网站上一个ip一直扫描网站漏洞,占用网站内存带宽,严重影响网站的正常运行。
网站日志如下:
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /?Upgrade=%24%28expr+875235436+%2B+881832843%29 HTTP/1.1" 499 0 "https://jiemi.78moban.com/User/Articleedt.html" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /User/oauth/authorize?response_type=${42781*41411}&client_id=acme&scope=openid&redirect_uri=http://test HTTP/1.1" 499 0 "https://jiemi.78moban.com" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /register/toDownload.do?fileName=../../../../../../../../../../../../../../windows/win.ini HTTP/1.1" 499 0 "-" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /category-56.html HTTP/1.1" 499 0 "https://jiemi.78moban.com/" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /include/downmix.inc.php HTTP/1.1" 499 0 "-" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /secure/ManageFilters.jspa?filter=popular&filterView=popular HTTP/1.1" 499 0 "-" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /User/Upgrade.html HTTP/1.1" 499 0 "https://jiemi.78moban.com%0d%0aCRLF-Header:CRLF-Value" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /?Upgrade=%27and%27u%27%3D%27f HTTP/1.1" 499 0 "https://jiemi.78moban.com/User/Articleedt.html" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /User/anywebmail/login.php?LOGIN_USER_INCLUDE=/etc/passwd HTTP/1.1" 499 0 "https://jiemi.78moban.com" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /mantisbt-2.3.0/verify.php?id=1&confirm_hash= HTTP/1.1" 499 0 "-" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /User/Upgrade.html HTTP/1.1" 499 0 "https://jiemi.78moban.com" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /User/verify.php?id=1&confirm_hash= HTTP/1.1" 499 0 "https://jiemi.78moban.com" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /User/Data/Log/22_01_01.log HTTP/1.1" 499 0 "https://jiemi.78moban.com" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "POST /User/php/rj_get_token.php HTTP/1.1" 499 0 "https://jiemi.78moban.com" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /category-9.html HTTP/1.1" 499 0 "https://jiemi.78moban.com/" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /?Upgrade=%22and%2F%2A%2A%2Fextractvalue%281%2Cconcat%28char%28126%29%2Cmd5%281672296969%29%29%29and%22 HTTP/1.1" 499 0 "https://jiemi.78moban.com/User/Articleedt.html" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /category-55.html HTTP/1.1" 499 0 "https://jiemi.78moban.com/" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /category-54.html HTTP/1.1" 499 0 "https://jiemi.78moban.com/" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /?Upgrade=bh6x.com HTTP/1.1" 499 0 "https://jiemi.78moban.com/User/Articleedt.html" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /?Upgrade HTTP/1.1" 499 0 "https://jiemi.78moban.com/User/Articleedt.html" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /picturesPreview?urls=aHR0cDovLzEyNy4wLjAuMS8xLnR4dCI%2BPHN2Zy9vbmxvYWQ9YWxlcnQoZG9jdW1lbnQuZG9tYWluKT4%3D HTTP/1.1" 499 0 "-" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /User/Upgrade.html HTTP/1.1" 499 0 "https://jiemi.78moban.com" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /category-12.html HTTP/1.1" 499 0 "https://jiemi.78moban.com/" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
112.20.67.222 - - [04/Jun/2023:12:29:27 +0800] "GET /live_mfg.shtml HTTP/1.1" 499 0 "-" "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"
恶意IP:112.20.67.222为中国江苏南京江宁
禁止恶意网站IP访问网站方法
deny 112.20.67.222;
deny 101.32.97.232;
另外一个: User-Agent:Apache-HttpClient/5.1.3 (Java/1.8.0_342)不停的访问本站
47.92.33.185 - - [04/Jun/2023:13:05:11 +0800] "GET / HTTP/1.1" 200 32264 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.29.136 - - [04/Jun/2023:13:05:11 +0800] "GET /favicon.ico HTTP/1.1" 200 1150 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.29.136 - - [04/Jun/2023:13:05:11 +0800] "GET / HTTP/1.1" 200 32258 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.29.136 - - [04/Jun/2023:13:05:11 +0800] "GET /favicon.ico HTTP/1.1" 200 1150 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.33.185 - - [04/Jun/2023:13:05:12 +0800] "GET / HTTP/1.1" 200 32245 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.29.136 - - [04/Jun/2023:13:05:12 +0800] "GET /favicon.ico HTTP/1.1" 200 1150 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.33.185 - - [04/Jun/2023:13:05:12 +0800] "GET / HTTP/1.1" 200 32258 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.33.185 - - [04/Jun/2023:13:05:12 +0800] "GET /favicon.ico HTTP/1.1" 200 1150 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.29.136 - - [04/Jun/2023:13:05:13 +0800] "GET / HTTP/1.1" 200 32260 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.29.136 - - [04/Jun/2023:13:05:13 +0800] "GET /favicon.ico HTTP/1.1" 200 1150 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.33.185 - - [04/Jun/2023:13:05:13 +0800] "GET / HTTP/1.1" 200 32255 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.33.185 - - [04/Jun/2023:13:05:13 +0800] "GET /favicon.ico HTTP/1.1" 200 1150 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.29.136 - - [04/Jun/2023:13:05:13 +0800] "GET / HTTP/1.1" 200 32256 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.29.136 - - [04/Jun/2023:13:05:13 +0800] "GET /favicon.ico HTTP/1.1" 200 1150 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.33.185 - - [04/Jun/2023:13:05:14 +0800] "GET / HTTP/1.1" 200 32266 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.29.136 - - [04/Jun/2023:13:05:14 +0800] "GET /favicon.ico HTTP/1.1" 200 1150 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.33.185 - - [04/Jun/2023:13:05:15 +0800] "GET / HTTP/1.1" 200 32257 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
47.92.33.185 - - [04/Jun/2023:13:05:15 +0800] "GET /favicon.ico HTTP/1.1" 200 1150 "-" "Apache-HttpClient/5.1.3 (Java/1.8.0_342)"
屏蔽Apache-HttpClient/5.1.3 (Java/1.8.0_342)的方法
屏蔽恶意ip或者放到防火墙里禁止访问
deny 47.92.33.185;
deny 47.92.29.136;
屏蔽User-Agent:Apache-HttpClient
把下面代码放到禁止User-Agent的列表里面
HTTrack|Apache-HttpClient|harvest|audit|dirbuster|pangolin|nmap|sqln|hydra|Parser|libwww|BBBike|sqlmap|w3af|owasp|Nikto|fimap|havij|zmeu|BabyKrokodil|BabyKrok|netsparker|httperf|bench|SF|
本文链接:http://78moban.cn/post/15203.html
版权声明:站内所有文章皆来自网络转载,只供模板演示使用,并无任何其它意义!
模板技术学习站-专注于织梦cms模板、discuz模板、帝国cms模板,wordpress主题与插件等技术教程,分享常见的cms模板站长教程,让您轻松学习开发建站模板技术,技术无忧!
Copyright 2019-2024 78模板网 | 
豫ICP备2021026617号-2
豫公网安备:41172602000192 | Powered by 78模板网 ·
