Padėkite iššifruoti arba puola šnipai

7
  • 10 Sau '16

Apache registrų žurnale padaugėjo apsilankymų, skirtingų IP.

Du scenarijai yra: adresą kai kurie žino asmenys; bet štai problema, kad ten kur lankėsi šiandien, niekas negalėjo žinot.

Na ir įtartini, nesuprantami įrašai, gal kas nors suprantat ir ko man reikėtų bijot?

95.213.177.122 - - [10/Jan/2016:01:42:20 +0200] "CONNECT check.proxyradar.com:80 HTTP/1.1" 400 311 "-" "-"

115.230.124.164 - - [10/Jan/2016:04:14:19 +0200] "GET http://zc.qq.com/cgi-bin/common/attr?id=260714&r=0.9729191047438822 HTTP/1.1" 404 291 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; 360SE)"

192.99.144.140 - - [10/Jan/2016:06:01:16 +0200] "PROPFIND /webdav/ HTTP/1.1" 405 311 "-" "WEBDAV Client"

95.213.177.125 - - [10/Jan/2016:09:53:48 +0200] "CONNECT check.proxyradar.com:80 HTTP/1.1" 400 311 "-" "-"
T
Techtronic
Mindaugas N.
  • 10 Sau '16

*CONNECT url:port - Tavo naudojamas servisas jungiasi i tavo IP adresa tam, kad paziureti ar tu naudoji proxy.
**
PROPFIND* path - WebDav(?) naudojamas, bet turbut irgi vienas is budu tikrinti ar naudoji proxy.

Galima placiau nagrindeti kas cia kaip ir kodel, bet nematau rimtos tam priezasties.

7
  • 10 Sau '16

Supratau, dėkui, jau galvojau čia mane puola botai kokie ar kas. Pasižiūrėjau IP šalis - Kinija, Rusija.. nk gero nežada galvoju

T
Techtronic
Mindaugas N.
  • 10 Sau '16

@768M rašė:
Supratau, dėkui, jau galvojau čia mane puola botai kokie ar kas. Pasižiūrėjau IP šalis - Kinija, Rusija.. nk gero nežada galvoju

As naudodavau keleta taisykliu baninti visus ip adresus chinos (tai nera labai bloga ideja ).
Taip pat gali block nereikalingus requests metodus (palik tik POST, GET, HEAD)...

Kaip pvz mano naudojamos taisykles (shared hosting, static pages, cloudflare secured):

<span class="syntaxdefault"><br /></span><span class="syntaxcomment"># Set error pages<br /></span><span class="syntaxdefault">ErrorDocument 403 </span><span class="syntaxkeyword">/</span><span class="syntaxdefault">403.html<br /><br /></span><span class="syntaxcomment"># Disable Indexing<br /></span><span class="syntaxdefault">Options </span><span class="syntaxkeyword">-</span><span class="syntaxdefault">Indexes<br /><br /></span><span class="syntaxcomment"># List of resources to look for when the client requests a directory<br /></span><span class="syntaxdefault">DirectoryIndex index</span><span class="syntaxkeyword">.</span><span class="syntaxdefault">html<br /><br /></span><span class="syntaxcomment"># Set Expires header<br /></span><span class="syntaxkeyword"><</span><span class="syntaxdefault">FilesMatch </span><span class="syntaxstring">"\.(css|js|gif|jpe?g|png|ico|otf|woff|ttf|svg|eot|html|txt|xml)$"</span><span class="syntaxkeyword">><br /></span><span class="syntaxdefault">    ExpiresActive On<br />    ExpiresDefault </span><span class="syntaxstring">"access plus 3 week"<br /></span><span class="syntaxkeyword"></</span><span class="syntaxdefault">FilesMatch</span><span class="syntaxkeyword">><br /><br /></span><span class="syntaxcomment"># Defining MIME types to ensure the web server actually knows about them.<br /></span><span class="syntaxkeyword"><</span><span class="syntaxdefault">IfModule mod_mime</span><span class="syntaxkeyword">.</span><span class="syntaxdefault">c</span><span class="syntaxkeyword">><br /></span><span class="syntaxdefault">    AddType application</span><span class="syntaxkeyword">/</span><span class="syntaxdefault">javascript js<br />    AddType application</span><span class="syntaxkeyword">/</span><span class="syntaxdefault">vnd</span><span class="syntaxkeyword">.</span><span class="syntaxdefault">ms</span><span class="syntaxkeyword">-</span><span class="syntaxdefault">fontobject eot<br />    AddType application</span><span class="syntaxkeyword">/</span><span class="syntaxdefault">x</span><span class="syntaxkeyword">-</span><span class="syntaxdefault">font</span><span class="syntaxkeyword">-</span><span class="syntaxdefault">ttf ttf<br />    AddType font</span><span class="syntaxkeyword">/</span><span class="syntaxdefault">opentype otf<br />    AddType application</span><span class="syntaxkeyword">/</span><span class="syntaxdefault">x</span><span class="syntaxkeyword">-</span><span class="syntaxdefault">font</span><span class="syntaxkeyword">-</span><span class="syntaxdefault">woff woff<br />    AddType image</span><span class="syntaxkeyword">/</span><span class="syntaxdefault">svg</span><span class="syntaxkeyword">+</span><span class="syntaxdefault">xml svg svgz <br />    AddEncoding gzip svgz<br /></span><span class="syntaxkeyword"></</span><span class="syntaxdefault">Ifmodule</span><span class="syntaxkeyword">><br /><br /></span><span class="syntaxcomment"># Compressing output.<br /></span><span class="syntaxkeyword"><</span><span class="syntaxdefault">IfModule mod_deflate</span><span class="syntaxkeyword">.</span><span class="syntaxdefault">c</span><span class="syntaxkeyword">><br /></span><span class="syntaxdefault">    AddOutputFilterByType DEFLATE text</span><span class="syntaxkeyword">/</span><span class="syntaxdefault">html text</span><span class="syntaxkeyword">/</span><span class="syntaxdefault">plain text</span><span class="syntaxkeyword">/</span><span class="syntaxdefault">css<br />    AddOutputFilterByType DEFLATE application</span><span class="syntaxkeyword">/</span><span class="syntaxdefault">javascript application</span><span class="syntaxkeyword">/</span><span class="syntaxdefault">x</span><span class="syntaxkeyword">-</span><span class="syntaxdefault">javascriptv<br />    AddOutputFilterByType DEFLATE text</span><span class="syntaxkeyword">/</span><span class="syntaxdefault">xml application</span><span class="syntaxkeyword">/</span><span class="syntaxdefault">xml text</span><span class="syntaxkeyword">/</span><span class="syntaxdefault">x</span><span class="syntaxkeyword">-</span><span class="syntaxdefault">component<br />    AddOutputFilterByType DEFLATE application</span><span class="syntaxkeyword">/</span><span class="syntaxdefault">xhtml</span><span class="syntaxkeyword">+</span><span class="syntaxdefault">xml application</span><span class="syntaxkeyword">/</span><span class="syntaxdefault">rss</span><span class="syntaxkeyword">+</span><span class="syntaxdefault">xml application</span><span class="syntaxkeyword">/</span><span class="syntaxdefault">atom</span><span class="syntaxkeyword">+</span><span class="syntaxdefault">xml<br />    AddOutputFilterByType DEFLATE image</span><span class="syntaxkeyword">/</span><span class="syntaxdefault">x</span><span class="syntaxkeyword">-</span><span class="syntaxdefault">icon image</span><span class="syntaxkeyword">/</span><span class="syntaxdefault">svg</span><span class="syntaxkeyword">+</span><span class="syntaxdefault">xml application</span><span class="syntaxkeyword">/</span><span class="syntaxdefault">vnd</span><span class="syntaxkeyword">.</span><span class="syntaxdefault">ms</span><span class="syntaxkeyword">-</span><span class="syntaxdefault">fontobject application</span><span class="syntaxkeyword">/</span><span class="syntaxdefault">x</span><span class="syntaxkeyword">-</span><span class="syntaxdefault">font</span><span class="syntaxkeyword">-</span><span class="syntaxdefault">ttf font</span><span class="syntaxkeyword">/</span><span class="syntaxdefault">opentype application</span><span class="syntaxkeyword">/</span><span class="syntaxdefault">x</span><span class="syntaxkeyword">-</span><span class="syntaxdefault">font</span><span class="syntaxkeyword">-</span><span class="syntaxdefault">woff<br /></span><span class="syntaxkeyword"></</span><span class="syntaxdefault">Ifmodule</span><span class="syntaxkeyword">><br /><br /></span><span class="syntaxcomment"># Private content protection<br /></span><span class="syntaxkeyword"><</span><span class="syntaxdefault">IfModule mod_rewrite</span><span class="syntaxkeyword">.</span><span class="syntaxdefault">c</span><span class="syntaxkeyword">><br /></span><span class="syntaxdefault">    RewriteEngine On<br />    RewriteBase </span><span class="syntaxkeyword">/<br /></span><span class="syntaxdefault">    <br />    </span><span class="syntaxcomment"># Block China (CloudFlare)<br /></span><span class="syntaxdefault">    RewriteCond </span><span class="syntaxkeyword">%{</span><span class="syntaxdefault">HTTP</span><span class="syntaxkeyword">:</span><span class="syntaxdefault">CF</span><span class="syntaxkeyword">-</span><span class="syntaxdefault">IPCOUNTRY</span><span class="syntaxkeyword">}</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">^(</span><span class="syntaxdefault">cn</span><span class="syntaxkeyword">)</span><span class="syntaxdefault">$ </span><span class="syntaxkeyword">[</span><span class="syntaxdefault">NC</span><span class="syntaxkeyword">]<br /></span><span class="syntaxdefault">    RewriteRule </span><span class="syntaxkeyword">^(.*)</span><span class="syntaxdefault">$ http</span><span class="syntaxkeyword">:</span><span class="syntaxcomment">//foaas.com/you/%{HTTP:X-FORWARDED-FOR}/GNUbox [R,L]<br /></span><span class="syntaxdefault">    <br />    </span><span class="syntaxcomment"># Deny access to other unused/unnecessary types of requests<br /></span><span class="syntaxdefault">    RewriteCond </span><span class="syntaxkeyword">%{</span><span class="syntaxdefault">REQUEST_METHOD</span><span class="syntaxkeyword">}</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">!^(</span><span class="syntaxdefault">get</span><span class="syntaxkeyword">|</span><span class="syntaxdefault">post</span><span class="syntaxkeyword">)</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">[</span><span class="syntaxdefault">NC</span><span class="syntaxkeyword">]<br /></span><span class="syntaxdefault">    RewriteRule </span><span class="syntaxkeyword">^(.*)</span><span class="syntaxdefault">$ https</span><span class="syntaxkeyword">:</span><span class="syntaxcomment">//www.nsa.gov/%{HTTP:X-FORWARDED-FOR} [R,L]<br /></span><span class="syntaxdefault">    <br />    </span><span class="syntaxcomment"># Deny access via the User Agent string<br /></span><span class="syntaxdefault">    RewriteCond </span><span class="syntaxkeyword">%{</span><span class="syntaxdefault">HTTP_USER_AGENT</span><span class="syntaxkeyword">}</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">^</span><span class="syntaxdefault">$ </span><span class="syntaxkeyword">[OR]<br /></span><span class="syntaxdefault">    RewriteCond </span><span class="syntaxkeyword">%{</span><span class="syntaxdefault">HTTP_USER_AGENT</span><span class="syntaxkeyword">}</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">^.*(<|>|</span><span class="syntaxstring">'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]<br />    RewriteCond %{HTTP_USER_AGENT} ^.*(HTTrack|email|nikto|miner|python|java).* [NC,OR]<br />    RewriteCond %{HTTP_USER_AGENT} ^.*(winhttp|libwww\-perl|curl|wget|nmap).* [NC]<br />    RewriteRule ^(.*)$ https://www.nsa.gov/%{HTTP:X-FORWARDED-FOR} [R,L]<br />    <br />    # Block proxy<br />    RewriteCond %{HTTP_REFERER} ^.*(hide\.me|sumrando).* [NC]<br />    RewriteRule ^(.*)$ https://www.nsa.gov [R,L]<br />    <br />    # Remove www<br />    RewriteCond %{HTTP_HOST} !^vardas\.lt$ [NC]<br />    RewriteRule ^(.*)$ https://vardas.lt%{REQUEST_URI} [R,L]<br />    <br />    # Force SSL (CloudFlare)<br />    RewriteCond %{HTTP:CF-VISITOR} '"scheme"</span><span class="syntaxkeyword">:</span><span class="syntaxstring">"http"'<br />    RewriteRule ^(.*)$ https://vardas.lt%{REQUEST_URI} [R,L]<br />    <br />    # Allow pages reqest<br />    RewriteCond %{REQUEST_URI} ^/(about|contact|reading)$<br />    RewriteRule ^(.*)$ https://vardas.lt/pages%{REQUEST_URI}.html [R,L]<br />    RewriteCond %{REQUEST_URI} ^/(bits|writing)$<br />    RewriteRule ^(.*)$ https://vardas.lt/category%{REQUEST_URI}.html [R,L]<br />    <br />    # Private content protection (CloudFlare)<br />    RewriteCond %{REQUEST_URI} ^/(writing|blabla)/.*\.(html|markdown|php)$<br />    RewriteCond %{HTTP:X-FORWARDED-FOR} !^800\.300\.127\.999$<br />    RewriteCond %{HTTP:X-FORWARDED-FOR} !^127\.0\.0\.1$<br />    RewriteRule ^(.*)$ - [F,L]<br /></Ifmodule><br /><br /># Default charset parameter to be added when a response content-type is text/plain or text/html.<br />AddDefaultCharset UTF-8<br /><br /># Sets all files in the given scope to the specified language<br />DefaultLanguage en-US<br /><br /># Allows only resources which are apart of the Same Origin Policy to frame the protected resource.<br />#Header set X-Frame-Options "SAMEORIGIN"<br /><br /># Add X-XSS-Protection header to prevent simple XSS attacks<br />Header set X-XSS-Protection "1; mode=block"<br /><br /># Configures the footer on server-generated documents<br />ServerSignature On<br /><br /># Reducing MIME type security risks<br />Header set X-Content-Type-Options: nosniff</span>