Document Actions
2007/09/27 Abusers
2007年9月27日の早朝にTrackback SPAM攻撃してきた,IPアドレスです.
grep "27/Sep/2007:0" access_log | grep POST | grep tbping ¥ | sed 's/^\([0-9.]*\) .*$/\1/' | sort -n | uniq -c
あきれたことに,99個もの個別アドレスから攻めてきています.多数の個別のアドレスから,同じ時間帯に,同じBLOGに,同じような内容のTBを送ってくるということで,間違いなくZombie PCでしょう.
1 12.180.200.115
1 64.131.67.150
1 64.18.158.194
2 64.202.165.131
1 64.202.165.133
3 64.202.165.201
1 64.22.114.234
3 64.34.66.29
1 64.72.120.56
4 64.85.160.107
1 65.98.60.90
1 66.232.105.206
1 66.232.113.128
1 66.232.113.242
1 66.246.246.50
3 66.6.122.148
1 66.79.166.107
1 66.79.171.101
1 66.90.104.154
1 66.90.77.2
1 67.159.30.105
1 67.159.30.9
1 68.178.224.222
1 69.16.232.156
1 69.50.210.8
2 69.50.218.150
1 69.65.29.242
2 70.85.147.194
1 70.85.147.66
1 70.87.122.212
2 71.18.216.36
1 72.18.203.22
2 72.232.119.234
1 72.232.150.250
1 72.232.182.234
2 72.232.250.226
2 72.232.250.50
1 72.36.237.90
1 72.46.130.23
1 72.46.130.27
1 72.9.152.150
2 74.200.78.120
1 74.208.14.215
8 74.208.14.63
1 74.208.9.221
1 74.220.207.103
1 74.53.25.18
1 75.126.132.22
1 75.126.157.163
1 75.126.230.154
2 76.67.200.146
1 81.0.234.120
1 81.169.137.209
1 82.122.239.185
1 83.217.66.50
2 84.18.200.120
2 85.12.31.76
1 88.198.175.78
1 91.186.4.53
1 140.129.68.124
1 166.70.207.2
2 193.86.238.12
1 198.145.112.224
1 199.231.148.223
4 202.131.89.100
1 203.146.251.107
1 204.13.236.244
1 204.157.15.136
1 206.123.73.15
1 207.58.130.162
2 208.109.191.100
1 208.109.211.150
2 208.109.248.20
1 208.109.254.156
1 208.110.218.138
4 208.113.144.5
1 208.113.170.9
1 208.113.204.25
1 208.116.41.5
1 208.122.1.166
2 208.122.14.114
2 208.53.131.46
2 208.53.138.212
3 208.53.138.22
1 208.64.140.248
1 208.75.150.40
1 209.139.208.178
2 209.200.19.180
1 211.1.193.60
1 211.147.224.140
1 212.112.241.44
2 212.227.114.150
1 212.227.65.75
2 212.27.63.204
2 213.251.189.201
3 213.251.189.203
1 216.176.180.122
1 217.160.142.111
24bitのサブネットで数えてみても89あります.敵もなかなかやりますな.
上記IPアドレスについて,当分の間上位24bitのサブネットとして,DROPします.