Versucht jemand, in unser System einzudringen?

tag-icon tag-icon nginx networking attacks
Versucht jemand, in unser System einzudringen?

Ich habe einen CentOS 6-Server, der sich in den letzten Wochen schlecht verhalten hat. Ich habe versucht, das Netzwerk zu verfolgen, Einstellungen anzupassen und viele kluge Leute dazu befragt (weitere Informationen finden Sie in dieser Frage:Etwas schließt Verbindungen in meinen CentOS-VMs – wie kann ich das Problem am besten beheben?)

Das Problem ist in den letzten 3-4 Tagen nicht aufgetreten, daher war ich der Annahme nahe, dass einige der Anpassungen einen Unterschied bewirkt hatten. Aber jetzt ist es innerhalb einer Stunde zweimal passiert. Ich habe angefangen, in den Protokollen nachzuschauen. Und bin dabei über Folgendes gestolpert /var/log/nginx/access.log:

:
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
:

... und viele mehr!

Dies ist ungefähr beide Male passiert, als ich das Problem gesehen habe. Weiß jemand, ob das in Ordnung ist – oder, wenn nicht, was der beste Weg ist, es zu blockieren?

Danke!

/John

Bearbeiten

Ich habe es wie vorgeschlagen gemeldet – und dann diese IP-Adresse in meinem Nginx blockiert.

Also habe ich heute noch einmal nachgeschaut – und jetzt habe ich eine Menge ähnlicher Anfragen – nur von einer anderen IP.

104.155.101.3 - - [18/Aug/2021:13:54:36 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:02:45 +0200] "GET / HTTP/1.1" 200 26314 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:02:45 +0200] "GET / HTTP/1.1" 200 26313 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:02:46 +0200] "GET / HTTP/1.1" 200 26348 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:02:46 +0200] "GET / HTTP/1.1" 200 26325 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:02:46 +0200] "GET / HTTP/1.1" 200 26280 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:02:48 +0200] "GET / HTTP/1.1" 200 26325 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:02:49 +0200] "GET / HTTP/1.1" 200 26280 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:02:49 +0200] "GET / HTTP/1.1" 200 26299 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:06:25 +0200] "GET / HTTP/1.1" 200 26298 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:06:25 +0200] "GET / HTTP/1.1" 200 26349 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:06:27 +0200] "GET / HTTP/1.1" 200 2379 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:06:27 +0200] "GET / HTTP/1.1" 200 26279 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:06:28 +0200] "GET / HTTP/1.1" 200 26349 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:06:29 +0200] "GET / HTTP/1.1" 200 26318 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:06:30 +0200] "GET / HTTP/1.1" 200 26348 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:06:30 +0200] "GET / HTTP/1.1" 200 26319 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:06:32 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:06:32 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:06:32 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:06:32 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"

Muss ich mir wegen einiger der Neuen (mit Code 200) Sorgen machen???

verwandte Informationen