목록으로

무작위 공격시.. 채택완료

JN나비 2년 전 조회 1,454

답변 3

안녕하세요. 사이트를 하나 운영중인데...

원인모를 공격이 들어오는데

동일 ip로 계속 같은 공격이면 그 아이피 차단하게끔 설정은 해놨는데

다음과 같이 공격이 들어오니 참 당황스럽네요...

이런경우 어떻게들 대응하시나요?

실제로는 이거보다 엄청나게 많지만 일부만 올립니다.

고수님들 혹시 어떤 방법이 있을까요?

118.81.14.4 - - [02/Dec/2022:13:08:25 +0800] ＂GET /editor_insmenu.htm HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
58.244.30.230 - - [02/Dec/2022:13:08:25 +0800] ＂GET /Escape.asp HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
1.85.217.32 - - [02/Dec/2022:13:08:25 +0800] ＂GET /pj.htm HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
180.109.49.62 - - [02/Dec/2022:13:08:25 +0800] ＂GET /windo-dff.asp HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
182.88.165.156 - - [02/Dec/2022:13:08:25 +0800] ＂GET /leishang.asp HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
221.11.5.61 - - [02/Dec/2022:13:08:25 +0800] ＂GET /id.txt HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
112.80.136.254 - - [02/Dec/2022:13:08:25 +0800] ＂GET /company.htm HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
220.250.63.207 - - [02/Dec/2022:13:08:25 +0800] ＂GET /2.txt HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
180.109.49.62 - - [02/Dec/2022:13:08:25 +0800] ＂GET /THE.htm HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
111.85.200.125 - - [02/Dec/2022:13:08:25 +0800] ＂GET /coli.txt HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
112.193.171.97 - - [02/Dec/2022:13:08:25 +0800] ＂GET /editor_marpuee.htm HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
221.11.5.55 - - [02/Dec/2022:13:08:25 +0800] ＂GET /anonph.htm HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
119.163.43.249 - - [02/Dec/2022:13:08:25 +0800] ＂GET /dirk.htm HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
117.15.89.51 - - [02/Dec/2022:13:08:25 +0800] ＂GET /cmd.asp HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
182.54.18.223 - - [02/Dec/2022:13:08:25 +0800] ＂GET /520.asp HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
114.100.176.197 - - [02/Dec/2022:13:08:25 +0800] ＂GET /hack.asp HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
122.139.172.171 - - [02/Dec/2022:13:08:25 +0800] ＂GET /LinghtNing.asp HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
222.94.163.114 - - [02/Dec/2022:13:08:25 +0800] ＂GET /2009820225332869.html HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
182.245.57.9 - - [02/Dec/2022:13:08:25 +0800] ＂GET /2008726161943933.asa HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
121.29.178.117 - - [02/Dec/2022:13:08:25 +0800] ＂GET /xh.htm HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
182.138.158.240 - - [02/Dec/2022:13:08:25 +0800] ＂GET /fuck.html HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
42.63.89.19 - - [02/Dec/2022:13:08:25 +0800] ＂GET /D4ck.htm HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
112.193.192.121 - - [02/Dec/2022:13:08:25 +0800] ＂GET /go.asp HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
61.166.198.215 - - [02/Dec/2022:13:08:25 +0800] ＂GET /help.html HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
36.32.2.73 - - [02/Dec/2022:13:08:25 +0800] ＂GET /1.jsp HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
110.87.132.159 - - [02/Dec/2022:13:08:25 +0800] ＂GET /xinsui.php HTTP/1.1＂ 404 146 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
182.54.7.154 - - [02/Dec/2022:13:08:25 +0800] ＂GET /hackbs.txt HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
36.32.2.90 - - [02/Dec/2022:13:08:25 +0800] ＂GET /2010122784038041.htm HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
223.166.22.108 - - [02/Dec/2022:13:08:25 +0800] ＂GET /123.htm HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
42.63.89.19 - - [02/Dec/2022:13:08:25 +0800] ＂GET /index2.htm HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
111.224.7.204 - - [02/Dec/2022:13:08:25 +0800] ＂GET /dst.asp HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
61.52.72.8 - - [02/Dec/2022:13:08:25 +0800] ＂GET /su.html HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
121.56.26.94 - - [02/Dec/2022:13:08:25 +0800] ＂GET /xiaojian.htm HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
175.152.35.250 - - [02/Dec/2022:13:08:25 +0800] ＂GET /homepage.htm HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂
223.166.22.20 - - [02/Dec/2022:13:08:25 +0800] ＂GET /inde.html HTTP/1.1＂ 502 150 ＂-＂＂Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1＂

#공격

댓글을 작성하려면 로그인이 필요합니다.

답변 3개

정렬:

ls마이너스al

2년 전

해외차단이 젤 편하더라고요

로그인 후 평가할 수 있습니다

댓글을 작성하려면 로그인이 필요합니다.

비버팩토리

2년 전

서버 업체 어디껀가요?

그리고 단독서버면 아이피테이블인가 그걸로 막아보세요

훅시 모르니 백신도 설치해보세요 디도스 조심하시길

로그인 후 평가할 수 있습니다

댓글을 작성하려면 로그인이 필요합니다.

배르만

2년 전

간격을 넓게 보고 로그를 수집한 다음

A.B.C.D 에서 A.B 클래스가 일치하는 경우가 많으면 CIDR 표기로 막는 방법도 많이 사용합니다.

로그인 후 평가할 수 있습니다

댓글을 작성하려면 로그인이 필요합니다.

답변을 작성하려면 로그인이 필요합니다.

로그인

무작위 공격시.. 채택완료

답변 3개

공유하기