恶意攻击IP地址段

rogerskys · 发表于 2022-7-7 00:19:44

本帖最后由 rogerskys 于 2022-7-7 00:29 编辑

我的WordPress一直被恶意搜索，今天直接梭哈1小时，整理出来攻击的IP段。直接全部403

可以通过CDN拦截，直接匹配user-agent
*92.0.4515.159*

123.149.78.*
123.149.77.*
171.8.238.*
171.8.172.*
1.192.245.*
1.192.244.*
125.46.241.*
123.149.76.*
123.149.79.*
120.245.60.*
120.244.123.*
171.8.236.*
171.8.173.*
120.245.61.*
1.192.241.*
1.192.240.*
222.137.83.*
222.137.1.*
222.137.0.*
182.119.164.*
1.192.242.*
1.192.246.*
1.192.243.*
125.46.244.*
222.137.84.148

a2313153 · 发表于 2022-7-7 00:22:44

非常感谢同样被困扰

rogerskys · 发表于 2022-7-7 00:28:05

补充日志格式

使用cdn可以尝试在cdn拦截，使用user-agent过滤92.0.4515.159

221.15.255.219|221.15.255.219 [07/Jul/2022:00:22:14 +0800] i4t.com "GET /?s=%E9%95%BF%E6%98%A5%E4%B9%9D%E5%8F%B0%E5%8C%BA%E9%85%92%E5%BA%97%E5%AD%A6%E7%94%9F%E3%80%90%E2%92%9228%E2%92%98%E2%92%94%E5%AA%BA%E3%80%91%E5%9F%8E%E5%A4%96&type=shop HTTP/1.1" 200 "https://i4t.com?s=%E9%95%BF%E6%98%A5%E4%B9%9D%E5%8F%B0%E5%8C%BA%E9%85%92%E5%BA%97%E5%AD%A6%E7%94%9F%E3%80%90%E2%92%9228%E2%92%98%E2%92%94%E5%AA%BA%E3%80%91%E5%9F%8E%E5%A4%96&type=circle" Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Mobile Safari/537.36 - [156486字节,0.246秒]
221.15.255.219|221.15.255.219 [07/Jul/2022:00:22:18 +0800] i4t.com "GET /?s=%E4%BF%A1%E9%98%B3%E5%9B%BA%E5%A7%8B%E5%8E%BF(%E4%BC%9A)%E6%89%80%E5%A4%A7(%E4%BF%9D)%E5%81%A5%E4%BB%B7%E6%A0%BC%E6%98%AF%E5%A4%9A%E5%B0%91(%E9%AD%8F%E6%80%A729.645722)K5rtn&type=post HTTP/1.1" 200 "https://i4t.com?s=%E4%BF%A1%E9%98%B3%E5%9B%BA%E5%A7%8B%E5%8E%BF%28%E4%BC%9A%29%E6%89%80%E5%A4%A7%28%E4%BF%9D%29%E5%81%A5%E4%BB%B7%E6%A0%BC%E6%98%AF%E5%A4%9A%E5%B0%91%28%E9%AD%8F%E6%80%A729.645722%29K5rtn&type=user" Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Mobile Safari/537.36 - [157316字节,0.191秒]
221.15.255.219|221.15.255.219 [07/Jul/2022:00:22:47 +0800] i4t.com "GET /?s=%E6%AD%A6%E6%B1%89%E6%B1%89%E5%8D%97%E5%8C%BA%E5%A6%B9%E5%AD%90%E5%A4%A7%E6%B4%BB%E3%80%90%E2%92%97%E2%92%9459%E2%92%9B%E5%AA%BA%E3%80%91%E8%87%AA%E7%9A%84&type=circle HTTP/1.1" 200 "https://i4t.com?s=%E6%AD%A6%E6%B1%89%E6%B1%89%E5%8D%97%E5%8C%BA%E5%A6%B9%E5%AD%90%E5%A4%A7%E6%B4%BB%E3%80%90%E2%92%97%E2%92%9459%E2%92%9B%E5%AA%BA%E3%80%91%E8%87%AA%E7%9A%84&type=post" Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Mobile Safari/537.36 - [156475字节,0.161秒]
125.46.246.228|125.46.246.228 [07/Jul/2022:00:23:47 +0800] i4t.com "GET /?s=%E5%A4%A9%E6%B4%A5%E8%A5%BF%E9%9D%92%E5%8C%BA%E4%BC%91%E9%97%B2%E5%A6%B9%E5%A6%B9%E3%80%90%E2%92%972%E2%92%99%E2%92%982%E5%AA%BA%E3%80%91%E9%80%9A%E6%9C%BA&type=shop HTTP/1.1" 200 "https://i4t.com?s=%E5%A4%A9%E6%B4%A5%E8%A5%BF%E9%9D%92%E5%8C%BA%E4%BC%91%E9%97%B2%E5%A6%B9%E5%A6%B9%E3%80%90%E2%92%972%E2%92%99%E2%92%982%E5%AA%BA%E3%80%91%E9%80%9A%E6%9C%BA&type=post" Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Mobile Safari/537.36 - [156486字节,0.241秒]
222.137.5.116|222.137.5.116 [07/Jul/2022:00:24:20 +0800] i4t.com "GET /?s=%E9%B9%A4%E5%B2%97%E5%A6%B9%E5%AD%90%E5%BF%AB%E9%A4%90%E3%80%90%E2%92%9228%E2%92%98%E2%92%94%E5%AA%BA%E3%80%91%E9%9A%BE%E6%89%80&type=circle HTTP/1.1" 200 "https://i4t.com?s=%E9%B9%A4%E5%B2%97%E5%A6%B9%E5%AD%90%E5%BF%AB%E9%A4%90%E3%80%90%E2%92%9228%E2%92%98%E2%92%94%E5%AA%BA%E3%80%91%E9%9A%BE%E6%89%80&type=shop" Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Mobile Safari/537.36 - [156223字节,0.228秒]
222.137.5.116|222.137.5.116 [07/Jul/2022:00:24:54 +0800] i4t.com "GET /?s=%E6%AD%A6%E5%A8%81%E6%8E%A8%E6%B2%B9%E5%B0%8F%E5%A6%B9%E5%AD%90513.86118%E5%BE%AE%E4%BF%A1%E5%89%AF%E9%9D%92&type=newsflashes HTTP/1.1" 200 "https://i4t.com?s=%E6%AD%A6%E5%A8%81%E6%8E%A8%E6%B2%B9%E5%B0%8F%E5%A6%B9%E5%AD%90513.86118%E5%BE%AE%E4%BF%A1%E5%89%AF%E9%9D%92&type=shop" Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Mobile Safari/537.36 - [156199字节,0.241秒]

Sy. · 发表于 2022-7-7 04:07:24

求个子主题aff 如果是自己魔改当我没说

iks · 发表于 2022-7-7 08:54:34

我啥都没看懂，一会儿一个 IP 一会儿一个 user-agent 的

客官不可以 · 发表于 2022-7-7 08:58:21

没有cf的差评

rogerskys · 发表于 2022-7-7 09:06:07

iks 发表于 2022-7-7 08:54
我啥都没看懂，一会儿一个 IP 一会儿一个 user-agent 的

这些攻击的ip看请求头啊，明显都是一个机器搞得，这么多垃圾请求找相同点拦截就行了。

法外狂徒张三 · 发表于 2022-7-7 09:08:09

前俩天有个伦敦ip扫我独角的wordpress主题目录。。。

rogerskys · 发表于 2022-7-7 09:09:58

法外狂徒张三发表于 2022-7-7 09:08
前俩天有个伦敦ip扫我独角的wordpress主题目录。。。

外面的世界太危险，我这半年来一直被老外sex网站注册，每天注册50多个，给我数据库跑满了，气得我直接升级WordPress拦截注册了

		自动登录	找回密码
密码			注册