6
我记录的一些肮脏IP(持续更新)
Posted by 撒得一地 on 2016年1月13日 in 生活
上一篇: 阿里云服务器IO偏高后,我的折腾之路
下一篇: 赞助清单
下一篇: 赞助清单
The following is my record of dirty IP。最近,频繁遭受到一些恶意ip探测访问,像采集一样的访问一些404页面。以下贴出这些恶意ip,并附上一些访问日志,有遇到相同情况的朋友赶紧将这些ip拉黑吧。
218.64.154.253
218.64.154.253 - - [04/Mar/2016:14:20:35 +0800] "POST /ztxxw/Images/images.asp HTTP/1.1" 404 13490 218.64.154.253 - - [04/Mar/2016:14:20:35 +0800] "POST /ztxxw/images/images.asp HTTP/1.1" 404 13490 218.64.154.253 - - [04/Mar/2016:14:20:36 +0800] "POST /zx.asp HTTP/1.1" 404 13490 218.64.154.253 - - [04/Mar/2016:14:20:38 +0800] "POST /zz.asp HTTP/1.1" 404 13490
218.64.154.253
180.88.222.13
180.88.222.13 - - [24/Feb/2016:20:31:51 +0800] "POST /plus/360.php HTTP/1.1" 404 13172 180.88.222.13 - - [24/Feb/2016:20:31:52 +0800] "POST /data/safe/360.php HTTP/1.1" 404 13172 180.88.222.13 - - [24/Feb/2016:20:31:53 +0800] "POST /include/helperss/filter.helpear.php HTTP/1.1" 404 13172 180.88.222.13 - - [24/Feb/2016:20:31:54 +0800] "POST /dxyylc/1ndex.php HTTP/1.1" 404 13172
213.95.255.231
213.95.255.231 - - [04/Feb/2016:08:54:21 +0800] "GET /thank-you.php HTTP/1.1" 404 13187 213.95.255.231 - - [04/Feb/2016:08:54:28 +0800] "GET /runl.php HTTP/1.1" 404 13187 213.95.255.231 - - [04/Feb/2016:08:54:33 +0800] "GET /wp-admin/interface.php HTTP/1.1" 404 13187 213.95.255.231 - - [04/Feb/2016:08:54:35 +0800] "GET /will.php HTTP/1.1" 404 13187
59.53.147.204
59.53.147.204 - - [29/Jan/2016:15:47:41 +0800] "POST /admin/image/sql.asp HTTP/1.1" 404 13819 59.53.147.204 - - [29/Jan/2016:15:47:42 +0800] "POST /admin/images/Sql.asp HTTP/1.1" 404 13819 59.53.147.204 - - [29/Jan/2016:15:47:42 +0800] "POST /admin/images/SqlIn.asp HTTP/1.1" 404 13819 59.53.147.204 - - [29/Jan/2016:15:47:43 +0800] "POST /admin/images/Thumb.asp HTTP/1.1" 404 13819
182.110.13.254
182.110.13.254 - - [27/Jan/2016:18:39:09 +0800] "POST /admin/images/cache.asp HTTP/1.1" 404 13979 182.110.13.254 - - [27/Jan/2016:18:39:25 +0800] "POST /admin/images/check.asp HTTP/1.1" 404 13979 182.110.13.254 - - [27/Jan/2016:18:39:40 +0800] "POST /admin/images/sql.asp HTTP/1.1" 404 13979 182.110.13.254 - - [27/Jan/2016:18:38:35 +0800] "POST /admin/images/SqlIn.asp HTTP/1.1" 404 13979
115.148.144.35
115.148.144.35 - - [27/Jan/2016:03:36:54 +0800] "POST /admin/Image/Sql.asp HTTP/1.1" 404 14013 115.148.144.35 - - [27/Jan/2016:03:36:57 +0800] "POST /admin/Image/Thumb.asp HTTP/1.1" 404 14013 115.148.144.35 - - [27/Jan/2016:03:37:00 +0800] "POST /admin/Image/cache.asp HTTP/1.1" 404 14013 115.148.144.35 - - [27/Jan/2016:03:37:06 +0800] "POST /admin/Image/sql.asp HTTP/1.1" 404 14013
192.187.101.2
192.187.101.2 - - [24/Jan/2016:23:41:49 +0800] "GET /plus/mytag_js.php HTTP/1.1" 404 14050 192.187.101.2 - - [24/Jan/2016:23:41:51 +0800] "GET /utility/convert/index.php?a=config&source=d7.2_x2.0 HTTP/1.1" 301 - 192.187.101.2 - - [24/Jan/2016:23:41:52 +0800] "GET /convert/index.php?a=config&source=d7.2_x2.0 HTTP/1.1" 301 - 192.187.101.2 - - [24/Jan/2016:23:41:53 +0800] "GET /bbs/utility/convert/index.php?a=config&source=d7.2_x2.0 HTTP/1.1" 301 -
117.21.144.200
117.21.144.200 - - [24/Jan/2016:23:37:04 +0800] "POST /admin/images/SqlIn.asp HTTP/1.1" 404 14050 117.21.144.200 - - [24/Jan/2016:23:37:06 +0800] "POST /admin/images/Thumb.asp HTTP/1.1" 404 14050 117.21.144.200 - - [24/Jan/2016:23:37:09 +0800] "POST /admin/images/cache.asp HTTP/1.1" 404 14050 117.21.144.200 - - [24/Jan/2016:23:37:10 +0800] "POST /admin/images/check.asp HTTP/1.1" 404 14050
59.172.55.4
59.172.55.4 - - [23/Jan/2016:10:20:46 +0800] "POST /plus/mytag_js.php?aid=511348 HTTP/1.1" 404 14074 59.172.55.4 - - [23/Jan/2016:10:20:47 +0800] "POST /plus/mytag_js.php?aid=9527 HTTP/1.1" 404 14074 59.172.55.4 - - [23/Jan/2016:10:20:47 +0800] "POST /plus/mytag_j.php?aid=6022 HTTP/1.1" 404 14074 59.172.55.4 - - [23/Jan/2016:10:20:48 +0800] "POST /plus/mytag_js.php?aid=8080 HTTP/1.1" 404 14074
85.236.59.62
85.236.59.62 - - [23/Jan/2016:08:57:08 +0800] "GET /deal.php HTTP/1.1" 404 14074 85.236.59.62 - - [23/Jan/2016:08:57:06 +0800] "GET /face.php HTTP/1.1" 404 14074 85.236.59.62 - - [23/Jan/2016:08:57:19 +0800] "GET /conns.php HTTP/1.1" 404 14074 85.236.59.62 - - [23/Jan/2016:08:57:05 +0800] "GET /interface.php HTTP/1.1" 404 14074
182.105.11.122
182.105.11.122 - - [22/Jan/2016:20:08:36 +0800] "POST /11m.php HTTP/1.1" 404 14074 182.105.11.122 - - [22/Jan/2016:20:08:37 +0800] "POST /12345.asp HTTP/1.1" 404 14074 182.105.11.122 - - [22/Jan/2016:20:08:44 +0800] "POST /4ll3ygbjj/ll44/css.php HTTP/1.1" 404 14074 182.105.11.122 - - [22/Jan/2016:20:08:45 +0800] "POST /66555.asp;.jpg HTTP/1.1" 404 14074
222.163.180.238
222.163.180.238 - - [22/Jan/2016:08:29:17 +0800] "GET /coderschool.cn.rar HTTP/1.1" 404 14069 222.163.180.238 - - [22/Jan/2016:08:29:17 +0800] "GET /coderschool.cn.zip HTTP/1.1" 404 14069 222.163.180.238 - - [22/Jan/2016:08:29:18 +0800] "GET /coderschool_cn.rar HTTP/1.1" 404 14069 222.163.180.238 - - [22/Jan/2016:08:29:18 +0800] "GET /coderschool_cn.zip HTTP/1.1" 404 14069
115.236.23.121
115.236.23.121 - - [20/Jan/2016:13:19:20 +0800] "GET /admin_login/fckeditor/editor/fckeditor.original.html HTTP/1.1" 404 13991 115.236.23.121 - - [20/Jan/2016:13:19:21 +0800] "GET /admin_login/editor/editor/fckeditor.original.html HTTP/1.1" 404 13991 115.236.23.121 - - [20/Jan/2016:13:19:21 +0800] "GET /admin_login/fck/editor/fckeditor.original.html HTTP/1.1" 404 13991 115.236.23.121 - - [20/Jan/2016:13:19:22 +0800] "GET /admin_login/fckedit/editor/fckeditor.original.html HTTP/1.1" 404 13991
116.16.133.190
116.16.133.190 - - [20/Jan/2016:12:06:59 +0800] "POST /plus/mytag_js.php?aid=511348 HTTP/1.1" 404 13991 116.16.133.190 - - [20/Jan/2016:12:07:00 +0800] "POST /plus/mytag_js.php?aid=9527 HTTP/1.1" 404 13991 116.16.133.190 - - [20/Jan/2016:12:07:04 +0800] "POST /plus/mytag_j.php?aid=6022 HTTP/1.1" 404 13991 116.16.133.190 - - [20/Jan/2016:12:07:12 +0800] "POST /plus/mytag_js.php?aid=8080 HTTP/1.1" 404 13991
222.79.18.8
222.79.18.8 - - [20/Jan/2016:01:44:27 +0800] "GET /wwwroot.zip HTTP/1.1" 404 13988 222.79.18.8 - - [20/Jan/2016:01:44:28 +0800] "GET /wwwroot.rar HTTP/1.1" 404 13988 222.79.18.8 - - [20/Jan/2016:01:44:28 +0800] "GET /www.rar HTTP/1.1" 404 13988 222.79.18.8 - - [20/Jan/2016:01:44:29 +0800] "GET /www.zip HTTP/1.1" 404 13988
23.88.79.87
23.88.79.87 - - [19/Jan/2016:10:55:23 +0800] "GET / HTTP/1.1" 200 7878 23.88.79.87 - - [19/Jan/2016:10:55:23 +0800] "GET /images/admina/sitmap0.png HTTP/1.1" 404 14009 23.88.79.87 - - [19/Jan/2016:10:55:24 +0800] "GET /images/admina/logo.png HTTP/1.1" 404 14009 23.88.79.87 - - [19/Jan/2016:10:55:25 +0800] "GET /install/templates/images/link_bg.gif HTTP/1.1" 404 14009
218.205.35.80
218.205.35.80 - - [19/Jan/2016:08:13:41 +0800] "GET /plus/mytag_js.php?aid=9013 HTTP/1.1" 404 14009 218.205.35.80 - - [19/Jan/2016:08:13:41 +0800] "GET /plus/90sec.php HTTP/1.1" 404 14009 218.205.35.80 - - [19/Jan/2016:08:13:42 +0800] "GET /plus/shaoxhaoxhaoxhaoshaoxhaoxhaoxhaoshaoxhaoxhaoxhaoshaoxhaoxhaoxhao.php HTTP/1.1" 404 14009 218.205.35.80 - - [19/Jan/2016:08:13:43 +0800] "POST /5.66/plus/car.php HTTP/1.1" 404 14009
218.65.67.240
218.65.67.240 - - [18/Jan/2016:20:46:43 +0800] "GET /plus/mytag_js.php HTTP/1.1" 404 14009 218.65.67.240 - - [18/Jan/2016:20:46:44 +0800] "GET /utility/convert/index.php?a=config&source=d7.2_x2.0 HTTP/1.1" 301 - 218.65.67.240 - - [18/Jan/2016:20:46:44 +0800] "GET /utility/convert/?a=config&source=d7.2_x2.0 HTTP/1.1" 404 14009 218.65.67.240 - - [18/Jan/2016:20:46:46 +0800] "POST /11m.php HTTP/1.1" 404 14009
49.246.230.40
49.246.230.40 - - [17/Jan/2016:16:27:35 +0800] "POST /plus/mytag_js.php?aid=511348 HTTP/1.1" 404 13960 49.246.230.40 - - [17/Jan/2016:16:27:36 +0800] "POST /plus/mytag_js.php?aid=9527 HTTP/1.1" 404 13960 49.246.230.40 - - [17/Jan/2016:16:27:36 +0800] "POST /plus/mytag_j.php?aid=6022 HTTP/1.1" 404 13960 49.246.230.40 - - [17/Jan/2016:16:27:37 +0800] "POST /plus/mytag_js.php?aid=8080 HTTP/1.1" 404 13960
36.33.27.154
36.33.27.154 - - [17/Jan/2016:12:06:32 +0800] "POST / HTTP/1.1" 200 34170 36.33.27.154 - - [17/Jan/2016:12:06:33 +0800] "POST /plus/mytag_js.php?aid=511348 HTTP/1.1" 404 13963 36.33.27.154 - - [17/Jan/2016:12:06:34 +0800] "POST /plus/mytag_js.php?aid=9527 HTTP/1.1" 404 13963 36.33.27.154 - - [17/Jan/2016:12:06:36 +0800] "POST /plus/mytag_j.php?aid=6022 HTTP/1.1" 404 13963 ...
180.97.221.79
180.97.221.79 - - [17/Jan/2016:10:56:10 +0800] "POST /plus/mytag_js.php?aid=9999 HTTP/1.1" 404 13949 180.97.221.79 - - [17/Jan/2016:10:56:12 +0800] "POST /plus/myjs.php HTTP/1.1" 404 13949 180.97.221.79 - - [17/Jan/2016:10:56:12 +0800] "GET /plus/mytag_js.php?aid=9044 HTTP/1.1" 404 13949 ...
115.151.205.120
115.151.205.120 - - [17/Jan/2016:06:16:43 +0800] "POST /11m.php HTTP/1.1" 404 13969 115.151.205.120 - - [17/Jan/2016:06:16:45 +0800] "POST /12345.asp HTTP/1.1" 404 13969 115.151.205.120 - - [17/Jan/2016:06:16:45 +0800] "POST /4ll3ygbjj/ll44/css.php HTTP/1.1" 404 13969 115.151.205.120 - - [17/Jan/2016:06:16:46 +0800] "POST /66555.asp;.jpg HTTP/1.1" 404 13969 ...
49.246.230.40
49.246.230.40 - - [16/Jan/2016:15:36:03 +0800] "POST /plus/mytag_js.php?aid=511348 HTTP/1.1" 404 13969 49.246.230.40 - - [16/Jan/2016:15:36:04 +0800] "POST /plus/mytag_js.php?aid=9527 HTTP/1.1" 404 13969 49.246.230.40 - - [16/Jan/2016:15:36:05 +0800] "POST /plus/mytag_j.php?aid=6022 HTTP/1.1" 404 13969 49.246.230.40 - - [16/Jan/2016:15:36:06 +0800] "POST /plus/mytag_js.php?aid=8080 HTTP/1.1" 404 13969 ...
111.77.96.14
111.77.96.14 - - [15/Jan/2016:10:54:57 +0800] "GET /plus/mytag_js.php HTTP/1.1" 404 13873 111.77.96.14 - - [15/Jan/2016:10:55:04 +0800] "POST /11m.php HTTP/1.1" 404 13873 111.77.96.14 - - [15/Jan/2016:10:55:07 +0800] "POST /12345.asp HTTP/1.1" 404 13873 111.77.96.14 - - [15/Jan/2016:10:55:08 +0800] "POST /4ll3ygbjj/ll44/css.php HTTP/1.1" 404 13873 ...
111.77.96.217
111.77.96.217 - - [14/Jan/2016:21:42:21 +0800] "POST /ztxxw/Images/images.asp HTTP/1.1" 404 13875 111.77.96.217 - - [14/Jan/2016:21:42:23 +0800] "POST /ztxxw/images/images.asp HTTP/1.1" 404 13875 111.77.96.217 - - [14/Jan/2016:21:42:24 +0800] "POST /zx.asp HTTP/1.1" 404 13875 111.77.96.217 - - [14/Jan/2016:21:42:24 +0800] "POST /zz.asp HTTP/1.1" 404 13875 ...
108.167.130.36
108.167.130.36 - - [13/Jan/2016:12:37:38 +0800] "GET /wp-includes/pomo/pomo.php?450699&babaraba=vb&php4&root&upl&wphp4&abdullkarem&wp&module&php&php5&wphp5 HTTP/1.1" 404 14018 108.167.130.36 - - [13/Jan/2016:12:37:28 +0800] "GET /wp-content/uploads/wp-index.php?450699&babaraba=vb&php4&root&upl&wphp4&abdullkarem&wp&module&php&php5&wphp5 HTTP/1.1" 404 14018 108.167.130.36 - - [13/Jan/2016:12:37:33 +0800] "GET /1.php?450699&babaraba=vb&php4&root&upl&wphp4&abdullkarem&wp&module&php&php5&wphp5 HTTP/1.1" 404 14018 108.167.130.36 - - [13/Jan/2016:12:38:21 +0800] "GET /wp-includes/theme-compat/?450699&babaraba=vb&php4&root&upl&wphp4&abdullkarem&wp&module&php&php5&wphp5 HTTP/1.1" 403 227 ...
218.30.118.79
218.30.118.79 - - [13/Jan/2016:01:56:59 +0800] "GET /*?replytocom*=replytocom*%3Cscript%3Ealert(abc)%3C/script%3E HTTP/1.1" 404 14028 218.30.118.79 - - [13/Jan/2016:01:57:02 +0800] "GET /nevercouldexistfilenosec HTTP/1.1" 404 14028 218.30.118.79 - - [13/Jan/2016:01:57:03 +0800] "GET /nevercouldexistfilewebsec HTTP/1.1" 404 14028 218.30.118.79 - - [13/Jan/2016:01:57:04 +0800] "GET /nevercouldexistfilenosec.aspx HTTP/1.1" 404 14028 ...
182.118.33.6
182.118.33.6 - - [12/Jan/2016:22:20:04 +0800] "POST /utility/convert/data/config.inc.php HTTP/1.1" 404 14028 182.118.33.6 - - [12/Jan/2016:22:20:05 +0800] "GET /install/svinfo.php HTTP/1.1" 404 14028 182.118.33.6 - - [12/Jan/2016:22:20:16 +0800] "GET /posthistory.php?tel=IiBhbmQoc2VsZWN0IDEgZnJvbShzZWxlY3QgY291bnQoKiksY29uY2F0KChzZWxlY3QgKHNlbGVjdCAoU0VMRUNUIENIQVIoMTAwLCA1NiwgMTAwLCA1NywgNDgsIDk3LCA5NywgNTcsIDUyLCA1MSwgMTAxLCA1MiwgOTcsIDEwMCwgMTAwLCA1MCkpKSBmcm9tIGluZm9ybWF0aW9uX3NjaGVtYS50YWJsZXMgbGltaXQgMCwxKSxmbG9vcihyYW5kKDApKjIpKXggZnJvbSBpbmZvcm1hdGlvbl9zY2hlbWEudGFibGVzIGdyb3VwIGJ5IHgpYSkj HTTP/1.1" 404 14028 182.118.33.6 - - [12/Jan/2016:22:21:09 +0800] "GET /wap/index.php?keywords='and((select%201%20from(select%20count(*),concat((select%20(select%20(SELECT%20CHAR(100,%2056,%20100,%2057,%2048,%2097,%2097,%2057,%2052,%2051,%20101,%2052,%2097,%20100,%20100,%2050)))%20from%20information_schema.tables%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a))and'&mod=search&page=2 HTTP/1.1" 301 - ...
59.62.28.87
59.62.28.87 - - [12/Jan/2016:21:24:58 +0800] "GET / HTTP/1.1" 200 34798 59.62.28.87 - - [12/Jan/2016:21:25:01 +0800] "GET /plus/mytag_js.php HTTP/1.1" 404 14028 59.62.28.87 - - [12/Jan/2016:21:25:05 +0800] "GET /utility/convert/index.php?a=config&source=d7.2_x2.0 HTTP/1.1" 301 - 59.62.28.87 - - [12/Jan/2016:21:25:05 +0800] "GET /utility/convert/?a=config&source=d7.2_x2.0 HTTP/1.1" 404 14028 ...
123.125.160.216
123.125.160.216 - - [12/Jan/2016:19:43:10 +0800] "GET /?tag=%2B%2Fv9+%2BADw-script%2BAD4-alert%281%29%2BADw-%2Fscript%2BAD4- HTTP/1.1" 404 14028 123.125.160.216 - - [12/Jan/2016:19:43:16 +0800] "GET /page/xampp/showcode.php/showcode.php?showcode=1 HTTP/1.1" 404 14028 123.125.160.216 - - [12/Jan/2016:19:43:12 +0800] "GET /admin/admin.php HTTP/1.1" 404 14028 123.125.160.216 - - [12/Jan/2016:19:43:28 +0800] "GET /?tag=;print(md5(1122));%23 HTTP/1.1"404 14028 ...
45.34.1.177
45.34.1.177 - - [12/Jan/2016:17:16:04 +0800] "GET /admin/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php HTTP/1.1" 404 14021 45.34.1.177 - - [12/Jan/2016:17:16:06 +0800] "GET /admin/FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php HTTP/1.1" 404 14021 45.34.1.177 - - [12/Jan/2016:17:16:07 +0800] "GET /admin/fckeditor/editor/filemanager/connectors/aspx/connector.aspx HTTP/1.1" 404 14021 45.34.1.177 - - [12/Jan/2016:17:16:07 +0800] "GET /admin/fckeditor/editor/filemanager/connectors/asp/connector.asp HTTP/1.1" 404 14021
180.97.221.109
180.97.221.109 - - [11/Jan/2016:22:27:22 +0800] "POST /plus/mytag_js.php?aid=511348 HTTP/1.1" 404 14021 180.97.221.109 - - [11/Jan/2016:22:27:23 +0800] "POST /plus/mytag_js.php?aid=9527 HTTP/1.1" 404 14021 180.97.221.109 - - [11/Jan/2016:22:27:23 +0800] "POST /plus/mytag_j.php?aid=6022 HTTP/1.1" 404 14021 180.97.221.109 - - [11/Jan/2016:22:27:24 +0800] "POST /plus/mytag_js.php?aid=8080 HTTP/1.1" 404 14021
103.41.52.91 103.41.53.252 103.41.53.253 这几个ip类似
103.41.52.91 - - [11/Jan/2016:11:10:57 +0800] "GET http://www.baidu.com/ HTTP/1.1" 301 - 103.41.52.91 - - [11/Jan/2016:11:10:58 +0800] "GET http://www.baidu.comhttp/www.baidu.com/ HTTP/1.1" 301 - 103.41.52.91 - - [11/Jan/2016:11:10:58 +0800] "GET http://www.baidu.comhttphttp/www.baidu.comhttp/www.baidu.com/ HTTP/1.1" 301 - 103.41.52.91 - - [11/Jan/2016:11:10:59 +0800] "GET http://www.baidu.comhttphttphttp/www.baidu.comhttphttp/www.baidu.comhttp/www.baidu.com/ HTTP/1.1" 301 -
与及一些没有记录日志的肮脏ip:
115.151.206.148
222.181.159.209
106.114.148.105
220.175.86.96
59.52.100.218
37.187.24.158
122.49.20.169
185.130.5.207
180.97.221.109
45.34.1.177
123.125.160.216
123.125.160.217
59.62.28.87
182.118.33.6
23.251.41.90
103.41.53.252
103.41.52.91
51.254.121.184
188.208.219.25
103.24.0.171
103.36.52.82
103.41.53.253
27.148.159.104
103.243.26.232
182.87.183.245
195.206.253.146
202.29.239.187
46.161.9.8
192.151.148.219
171.113.236.161
222.51.119.179
以上这些ip记录时可能会有重复,有些恶意ip由于是较早之前记录的,所以没附上访问记录,建议统统屏蔽。
上一篇: 阿里云服务器IO偏高后,我的折腾之路
下一篇: 赞助清单
下一篇: 赞助清单
6 Comments
123
GET /wwwroot.rar。。那是想要扒你的整站呐
这个要加屏蔽才行 多谢分享
IP都是动态的 屏蔽有用么 很悬
站长用软件检测就好一般的攻击还是能搞定,刚才我也发现有类似的攻击,,不过是用360网站安全卫士检测到的,被拦截了,我就纳闷了,很多路径不是帝国的就是dedecms的路劲,可是我网站也不是这样的程序建设的,可把我给笑死了,,有必要吗,乱搞。不过看来这不是有针对性的攻击。
是啊,就探测扫描,如果发现漏洞就被攻击了。