技术日志

记录分享邓杰律师从事网络技术工作点点滴滴。

位置:首页>资讯动态>技术日志

如何从众多访问IP中,识别出漏洞扫描,恶意攻击的IP,从而将黑客揪出来封禁屏蔽?

点击复制标题网址

——温馨提示——

已复制到剪贴板,可粘贴到下一处。


时间:2023-03-05   访问量:1066

编者按:首先,查找web服务器访问日志中包含有返回代码:HTTP/1.1" 403和HTTP/1.1" 404:,如下所示:34.174.217.120 - - [05/Mar/2023:10:49:18 +0800] "GET //wp-includes/wlwmanifest.xml HTTP/1.1" 403 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, lik

        首先,查找web服务器访问日志中包含有返回代码:HTTP/1.1" 403HTTP/1.1" 404:,如下所示:

34.174.217.120 - - [05/Mar/2023:10:49:18 +0800] "GET //wp-includes/wlwmanifest.xml HTTP/1.1" 403 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"

34.174.217.120 - - [05/Mar/2023:10:49:19 +0800] "GET //xmlrpc.php?rsd HTTP/1.1" 404 1432 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"

34.174.217.120 - - [05/Mar/2023:10:49:19 +0800] "GET / HTTP/1.1" 200 28091 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"

34.174.217.120 - - [05/Mar/2023:10:49:19 +0800] "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1" 403 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"

34.174.217.120 - - [05/Mar/2023:10:49:20 +0800] "GET //web/wp-includes/wlwmanifest.xml HTTP/1.1" 403 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"

34.174.217.120 - - [05/Mar/2023:10:49:20 +0800] "GET //wordpress/wp-includes/wlwmanifest.xml HTTP/1.1" 403 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"

34.174.217.120 - - [05/Mar/2023:10:49:20 +0800] "GET //website/wp-includes/wlwmanifest.xml HTTP/1.1" 403 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"

34.174.217.120 - - [05/Mar/2023:10:49:20 +0800] "GET //wp/wp-includes/wlwmanifest.xml HTTP/1.1" 403 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"

34.174.217.120 - - [05/Mar/2023:10:49:20 +0800] "GET //news/wp-includes/wlwmanifest.xml HTTP/1.1" 403 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"

34.174.217.120 - - [05/Mar/2023:10:49:21 +0800] "GET //2018/wp-includes/wlwmanifest.xml HTTP/1.1" 403 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"

34.174.217.120 - - [05/Mar/2023:10:49:21 +0800] "GET //2019/wp-includes/wlwmanifest.xml HTTP/1.1" 403 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"

34.174.217.120 - - [05/Mar/2023:10:49:21 +0800] "GET //shop/wp-includes/wlwmanifest.xml HTTP/1.1" 403 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"

34.174.217.120 - - [05/Mar/2023:10:49:21 +0800] "GET //wp1/wp-includes/wlwmanifest.xml HTTP/1.1" 403 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"

34.174.217.120 - - [05/Mar/2023:10:49:21 +0800] "GET //test/wp-includes/wlwmanifest.xml HTTP/1.1" 403 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"

34.174.217.120 - - [05/Mar/2023:10:49:21 +0800] "GET //media/wp-includes/wlwmanifest.xml HTTP/1.1" 403 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"

34.174.217.120 - - [05/Mar/2023:10:49:22 +0800] "GET //wp2/wp-includes/wlwmanifest.xml HTTP/1.1" 403 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"

34.174.217.120 - - [05/Mar/2023:10:49:22 +0800] "GET //site/wp-includes/wlwmanifest.xml HTTP/1.1" 403 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"

34.174.217.120 - - [05/Mar/2023:10:49:22 +0800] "GET //cms/wp-includes/wlwmanifest.xml HTTP/1.1" 403 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"

34.174.217.120 - - [05/Mar/2023:10:49:22 +0800] "GET //sito/wp-includes/wlwmanifest.xml HTTP/1.1" 403 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"

34.174.217.120 - - [05/Mar/2023:10:49:22 +0800] "" 400 0 "-" "-"

        其次,比对核实相关网站程序文件中并无前述目录和文件,如wp2/wp-includes/wlwmanifest.xml,初步判断案涉危险动作系黑客扫描试探网站漏洞行为。

        第三,查询核实ip为34.174.217.120的相关情况如下:

未命名-1.jpg

        综合以上情况,可以初步认定 IP为34.174.217.120当前用户系利用谷歌云提供的服务器进行漏洞扫描和恶意攻击,并非谷歌搜索引擎的正常网络爬虫所为,您完全可以根据自身实际情况予以封禁屏蔽处理。

        如您对本文有任何疑问,可以加微信进行深入交流。

本文标签:

发表评论:

评论记录:

未查询到任何数据!

上一篇如何判断网站访问日志中的ip是否为微软必应搜索引擎爬虫Bingbot?

下一篇与bc.googleusercontent.com相关IP地址跟谷歌搜索引擎爬虫业务有关吗?

关于律师
————受人之托,忠人之事————
深圳数据合规律师
邓杰律师

专业

专注执业领域事务

尽责

全力办理委托事项

务实

扎实维护合法权益

邓杰系深耕于数据合规领域复合型资深专业律师,其律师执业证号为14403201810022100。邓杰律师现(曾)任WEB前端开发工程师、WEB服务器维护工程师、计算机信息网络安全员、深圳市人民政府听证员、深圳市政府采购评审专家(法律类)、深圳市某区政府系统公职律师,在网络领域和政府系统从业多年,深刻理解网络前沿技术和行政程序运行规则,十分擅长互联网+平台领域数据合规法律实务,可为政府、企业和个人在数据合规领域提供富有针对性的非诉、诉讼、仲裁、执行等法律风险防控解决方案,能有效维护当事人的各类合法权益。

· · · 查看更多 · · ·

二维码

用手机扫码后浏览网站

拜访炜衡律所

  • 律所执业证号:24403200511032007
  • 地址:广东省深圳市南山区科发路19号华润置地大厦D座19楼
  • 邮编:518057
  • 传真:+86-0755-82984599

联系邓杰律师

  • 律师执业证号:14403201810022100
  • 手机:13715198118
  • 座机:+86-0755-82984411
  • 邮箱:szdengjie@qq.com
  • Q Q:578700168

深圳数据合规律师名片

扫码惠存邓杰律师名片

深圳数据合规律师微信

扫码添加邓杰律师微信

CopyRight © 2029 mygreen.cn All Rights Reserved.
建站由法脉网提供,点击购买同款网站
XML格式地图TXT格式地图

关于我们

执业领域

联系我们

电话咨询

扫一扫,存名片

深圳数据合规律师名片

律师名片

QQ扫一扫

深圳数据合规律师qq

QQ咨询

电话咨询

邓杰律师电话:13715198118

请输入您的联系电话,座机请加区号

电话咨询

微信扫一扫

深圳数据合规律师微信

微信联系