服务器莫名奇妙来了很多请求,有人知道这些 Ip 是哪里的么, 183 113 开头

2017-02-21 11:59:39 +08:00
 ladyv2

如题,服务器最近几天日志暴增,从以前的一天 5G 左右变成 100 多 G 查了下全是类似的请求

113.99.136.153 - - [21/Feb/2017:07:22:35 +0800] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" "-" 113.99.136.153 - - [21/Feb/2017:07:22:35 +0800] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" "-" 113.99.136.153 - - [21/Feb/2017:07:22:35 +0800] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" "-" 113.99.136.153 - - [21/Feb/2017:07:22:35 +0800] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" "-" 113.99.136.153 - - [21/Feb/2017:07:22:35 +0800] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" "-" 113.99.136.153 - - [21/Feb/2017:07:22:35 +0800] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" "-" 113.99.136.153 - - [21/Feb/2017:07:22:35 +0800] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" "-" 113.99.136.153 - - [21/Feb/2017:07:22:35 +0800] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" "-" 113.99.136.153 - - [21/Feb/2017:07:22:35 +0800] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" "-" 113.99.136.153 - - [21/Feb/2017:07:22:35 +0800] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" "-" 113.99.136.153 - - [21/Feb/2017:07:22:35 +0800] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" "-" 113.99.136.153 - - [21/Feb/2017:07:22:35 +0800] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" "-" 113.99.136.153 - - [21/Feb/2017:07:22:35 +0800] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" "-" 113.99.136.153 - - [21/Feb/2017:07:22:35 +0800] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" "-" 113.99.136.153 - - [21/Feb/2017:07:22:35 +0800] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" "-" 113.99.136.153 - - [21/Feb/2017:07:22:35 +0800] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" "-" 113.99.136.153 - - [21/Feb/2017:07:22:35 +0800] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" "-" 113.99.136.153 - - [21/Feb/2017:07:22:35 +0800] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" "-" 113.99.136.153 - - [21/Feb/2017:07:22:36 +0800] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" "-" 113.99.136.153 - - [21/Feb/2017:07:22:36 +0800] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" "-" 113.99.136.153 - - [21/Feb/2017:07:22:36 +0800] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" "-" 113.99.136.153 - - [21/Feb/2017:07:22:36 +0800] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" "-" 113.99.136.153 - - [21/Feb/2017:07:22:36 +0800] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" "-" 113.99.136.153 - - [21/Feb/2017:07:22:36 +0800] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" "-" 113.99.136.153 - - [21/Feb/2017:07:22:36 +0800] "GET / HTTP/1.1" 302 154 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" "-"

分析了下 log 来源 IP 都是下面 183 和 113 的地址,查了下来源都说是 中国广东广州 电信,该 IP 段为 IDC 机房使用,可能包括部分骨干网数据。

搞的我这是屏蔽也不是,不屏蔽也不是。

183.61.106.145 183.60.82.140 113.99.136.152 183.60.118.48 113.99.136.141 183.60.74.139 113.99.136.53 113.99.136.144 113.99.136.146 183.60.65.140 113.99.136.120 183.61.106.40 113.99.136.87 113.99.136.40 183.61.106.39 113.99.136.153 183.60.74.12 113.99.136.29 183.60.77.139 113.99.136.125 183.61.106.41 183.60.118.84 183.61.106.32 113.99.136.124 183.60.118.99 183.60.67.12 113.99.136.80 183.60.83.10 113.99.136.123 113.99.136.151 183.60.118.92 183.60.118.83 183.60.240.167 183.61.106.34 113.99.136.41 183.60.118.98 183.61.106.33 113.99.136.83 183.60.118.60 183.61.106.35 183.61.106.43 113.99.136.36 183.60.118.79 183.61.106.42 183.60.76.245 113.99.136.66 4 113.99.136.86 4 113.99.136.69 0 113.99.136.147 2 113.99.136.85 3 113.99.136.148 4 183.60.240.151 0 183.61.106.44 7 183.61.106.37 2 183.61.106.36 0 113.99.136.60 5 183.60.74.11 0 113.99.136.143 2 113.99.136.145 6 113.99.136.118 7 113.99.136.37 8 113.99.136.149 9 113.99.136.119 6 113.99.136.12 1 113.99.136.126 8 113.99.136.63 3 183.60.76.248 1 183.60.118.31 4 183.60.118.80 3 183.60.118.100 5 113.99.136.106 8 183.60.118.87 4 183.60.118.93 1 183.60.240.159 0 183.60.118.91 5 113.99.136.140

4626 次点击
所在节点    服务器
2 条回复
ZachChan
2017-03-12 00:29:02 +08:00
会不会是盗链
d754903977
2017-04-04 11:09:35 +08:00
懒得仔细看,但是 106.39.的段妥妥封掉, 106.39.189.0/24 、 106.39.190.0/24 、 106.39.191.0/24 这三个每小时都能给我请求几万次。

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/342006

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX