最近また中華からのスパムbotが酷い件

WS2013-11-26_18_02_11

2013.11.25にはボットのアタックでサーバーが落ちて、それに気づかないで丸一日サーバーが落ちていたので、アクセス数もここ数日激減していますが、今日も上の様なメールがGoogleさんから来ていて、サプリメント見聞録にアクセスできなかったよーとメールが来ていたので、サーバーのログを調べてみると物凄い勢いでボットが来ているので対処しました。

下のmt-kiss-mint.cgiと言うのは本来mt-comment.cgiの事で、昔スパム対策でファイル名を変更した名残です。まあ、今どきmovable typeっていうのもあれなんですけど。

サプリメント見聞録のログだけでも下のようになってるので、サーバーには結構な負荷がかかるわけです。コメントcgiは重いので。

110.85.100.81 – – [26/Nov/2013:00:19:01 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.85.100.81 – – [26/Nov/2013:00:21:59 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.85.100.81 – – [26/Nov/2013:00:24:48 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.85.100.81 – – [26/Nov/2013:00:29:43 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.85.100.81 – – [26/Nov/2013:00:32:30 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
91.236.74.114 – – [26/Nov/2013:01:17:25 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
91.236.74.114 – – [26/Nov/2013:01:26:38 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
91.236.74.114 – – [26/Nov/2013:01:35:41 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
41.216.33.120.broad.pt.fj.dynamic.163data.com.cn – – [26/Nov/2013:01:36:34 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
41.216.33.120.broad.pt.fj.dynamic.163data.com.cn – – [26/Nov/2013:01:40:40 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
91.236.74.114 – – [26/Nov/2013:01:44:32 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
209.7.207.91.unknown.steephost.net – – [26/Nov/2013:02:06:00 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.150.208.141 – – [26/Nov/2013:03:17:16 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.150.208.141 – – [26/Nov/2013:03:19:43 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.89.27.37 – – [26/Nov/2013:03:21:35 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.89.27.37 – – [26/Nov/2013:03:23:35 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.214.241 – – [26/Nov/2013:03:25:04 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.89.27.37 – – [26/Nov/2013:03:25:36 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.150.208.141 – – [26/Nov/2013:03:25:39 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.214.241 – – [26/Nov/2013:03:26:34 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.89.27.37 – – [26/Nov/2013:03:27:29 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.89.27.37 – – [26/Nov/2013:03:29:22 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.214.241 – – [26/Nov/2013:03:29:51 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.89.27.37 – – [26/Nov/2013:03:35:21 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.214.241 – – [26/Nov/2013:03:36:28 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.89.27.37 – – [26/Nov/2013:03:37:26 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.89.27.37 – – [26/Nov/2013:03:39:31 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.89.27.37 – – [26/Nov/2013:03:43:44 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.89.27.37 – – [26/Nov/2013:03:48:10 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
112.101.64.211 – – [26/Nov/2013:03:50:33 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
221.130.17.33 – – [26/Nov/2013:03:56:04 +0900] "POST /http://supplement.kumacchi.com/mtos/mt-kiss-mint.cgi HTTP/1.0" 404 323
110.89.27.37 – – [26/Nov/2013:03:56:00 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.89.27.37 – – [26/Nov/2013:04:00:19 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.89.27.37 – – [26/Nov/2013:04:02:19 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.89.27.37 – – [26/Nov/2013:04:06:15 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.89.27.37 – – [26/Nov/2013:04:08:25 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.89.27.37 – – [26/Nov/2013:04:12:32 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.89.27.37 – – [26/Nov/2013:04:16:39 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.89.27.37 – – [26/Nov/2013:04:18:39 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
host.malahanorun.com – – [26/Nov/2013:04:20:11 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.89.27.37 – – [26/Nov/2013:04:26:15 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.89.27.37 – – [26/Nov/2013:04:26:44 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.89.27.37 – – [26/Nov/2013:04:28:40 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.89.27.37 – – [26/Nov/2013:04:30:44 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.89.27.37 – – [26/Nov/2013:04:32:39 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.89.27.37 – – [26/Nov/2013:04:36:48 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.89.27.37 – – [26/Nov/2013:04:42:29 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
91.236.74.114 – – [26/Nov/2013:05:35:41 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
91.200.13.20 – – [26/Nov/2013:05:46:02 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
91.236.74.114 – – [26/Nov/2013:05:47:41 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
91.236.74.114 – – [26/Nov/2013:05:59:10 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
91.236.74.114 – – [26/Nov/2013:06:09:31 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.24.251 – – [26/Nov/2013:06:11:25 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.24.251 – – [26/Nov/2013:06:14:03 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.24.251 – – [26/Nov/2013:06:17:00 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.24.251 – – [26/Nov/2013:06:19:42 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.24.251 – – [26/Nov/2013:06:24:55 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.24.251 – – [26/Nov/2013:06:30:05 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.24.251 – – [26/Nov/2013:06:32:45 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.24.251 – – [26/Nov/2013:06:35:40 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.24.251 – – [26/Nov/2013:06:40:47 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
91.200.13.18 – – [26/Nov/2013:06:48:16 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.24.251 – – [26/Nov/2013:06:51:31 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.24.251 – – [26/Nov/2013:06:54:14 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.24.251 – – [26/Nov/2013:06:57:20 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.24.251 – – [26/Nov/2013:06:59:31 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.24.251 – – [26/Nov/2013:07:02:15 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.24.251 – – [26/Nov/2013:07:08:30 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.24.251 – – [26/Nov/2013:07:14:09 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.24.251 – – [26/Nov/2013:07:15:26 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.24.251 – – [26/Nov/2013:07:18:57 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.24.251 – – [26/Nov/2013:07:20:48 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.24.251 – – [26/Nov/2013:07:25:10 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.24.251 – – [26/Nov/2013:07:26:09 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.24.251 – – [26/Nov/2013:07:28:35 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
91.200.13.18 – – [26/Nov/2013:08:16:07 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
116.226.49.175 – – [26/Nov/2013:09:09:01 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 200 9676
208.177.76.9.ptr.us.xo.net – – [26/Nov/2013:09:15:09 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
91.236.74.95 – – [26/Nov/2013:09:21:46 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
199.15.233.130 – – [26/Nov/2013:09:27:24 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
91.236.74.95 – – [26/Nov/2013:09:29:22 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.254.254 – – [26/Nov/2013:09:31:22 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.254.254 – – [26/Nov/2013:09:35:52 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
91.236.74.95 – – [26/Nov/2013:09:36:40 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
91.236.74.95 – – [26/Nov/2013:09:43:20 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.254.254 – – [26/Nov/2013:09:44:43 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.25.134 – – [26/Nov/2013:09:47:24 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.201.54 – – [26/Nov/2013:09:49:45 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.201.54 – – [26/Nov/2013:09:52:38 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.254.254 – – [26/Nov/2013:09:54:12 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.201.54 – – [26/Nov/2013:09:56:52 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.201.54 – – [26/Nov/2013:09:58:13 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.201.54 – – [26/Nov/2013:09:59:35 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.192.103 – – [26/Nov/2013:10:02:16 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.192.103 – – [26/Nov/2013:10:04:57 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.24.212 – – [26/Nov/2013:10:07:22 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.192.103 – – [26/Nov/2013:10:07:40 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.254.254 – – [26/Nov/2013:10:07:49 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.201.54 – – [26/Nov/2013:10:11:56 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.254.254 – – [26/Nov/2013:10:14:19 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.254.254 – – [26/Nov/2013:10:16:47 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
91.236.74.114 – – [26/Nov/2013:10:29:42 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.254.254 – – [26/Nov/2013:10:30:52 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
91.236.74.114 – – [26/Nov/2013:10:36:20 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
208.177.76.11.ptr.us.xo.net – – [26/Nov/2013:10:39:09 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.254.254 – – [26/Nov/2013:10:40:19 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
91.236.74.114 – – [26/Nov/2013:10:42:57 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
91.236.74.114 – – [26/Nov/2013:10:49:31 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
91.200.13.7 – – [26/Nov/2013:10:54:06 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.254.254 – – [26/Nov/2013:10:59:01 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.254.254 – – [26/Nov/2013:11:08:00 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
91.200.13.20 – – [26/Nov/2013:11:11:40 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.254.254 – – [26/Nov/2013:11:46:38 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.254.254 – – [26/Nov/2013:11:55:26 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.254.254 – – [26/Nov/2013:11:59:02 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.198.221 – – [26/Nov/2013:12:02:12 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.198.221 – – [26/Nov/2013:12:05:57 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
112.111.189.19 – – [26/Nov/2013:12:09:07 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.205.234 – – [26/Nov/2013:12:09:43 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.31.195 – – [26/Nov/2013:12:13:31 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.255.22 – – [26/Nov/2013:12:22:51 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.31.195 – – [26/Nov/2013:12:24:09 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.255.22 – – [26/Nov/2013:12:26:28 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.31.195 – – [26/Nov/2013:12:26:59 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.255.22 – – [26/Nov/2013:12:29:25 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.255.22 – – [26/Nov/2013:12:32:33 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.205.234 – – [26/Nov/2013:12:34:33 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.255.22 – – [26/Nov/2013:12:41:28 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.205.234 – – [26/Nov/2013:12:43:20 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.255.22 – – [26/Nov/2013:12:44:29 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.205.234 – – [26/Nov/2013:12:48:07 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.255.22 – – [26/Nov/2013:12:50:24 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.205.234 – – [26/Nov/2013:12:51:49 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.255.22 – – [26/Nov/2013:12:59:16 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.255.22 – – [26/Nov/2013:13:08:36 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.198.221 – – [26/Nov/2013:13:12:35 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.255.22 – – [26/Nov/2013:13:14:22 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.198.221 – – [26/Nov/2013:13:16:18 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.198.221 – – [26/Nov/2013:13:20:04 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.153.230.136 – – [26/Nov/2013:13:24:09 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.255.22 – – [26/Nov/2013:13:29:29 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.255.22 – – [26/Nov/2013:13:35:37 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.255.22 – – [26/Nov/2013:13:38:41 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.153.230.136 – – [26/Nov/2013:13:40:05 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
121.229.68.174 – – [26/Nov/2013:13:41:44 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 200 9676
27.159.255.22 – – [26/Nov/2013:13:41:53 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.255.22 – – [26/Nov/2013:13:45:13 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.255.22 – – [26/Nov/2013:13:48:00 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.255.22 – – [26/Nov/2013:13:51:49 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.205.234 – – [26/Nov/2013:13:51:58 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
91.236.74.114 – – [26/Nov/2013:13:55:18 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.153.230.136 – – [26/Nov/2013:13:55:58 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
91.236.74.114 – – [26/Nov/2013:14:00:13 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.255.22 – – [26/Nov/2013:13:59:56 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.255.22 – – [26/Nov/2013:14:03:13 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
91.236.74.114 – – [26/Nov/2013:14:05:28 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
91.236.74.114 – – [26/Nov/2013:14:10:25 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
91.200.13.7 – – [26/Nov/2013:14:25:46 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
91.200.13.20 – – [26/Nov/2013:14:47:20 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
192.95.17.49 – – [26/Nov/2013:15:07:10 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 200 9676
27.159.255.250 – – [26/Nov/2013:15:46:56 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
58.20.127.106 – – [26/Nov/2013:15:55:59 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 200 9676
120.43.31.186 – – [26/Nov/2013:16:13:45 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.31.186 – – [26/Nov/2013:16:13:48 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.31.186 – – [26/Nov/2013:16:13:52 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.31.186 – – [26/Nov/2013:16:14:06 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.31.186 – – [26/Nov/2013:16:14:18 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.85.103.156 – – [26/Nov/2013:16:34:19 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.85.103.156 – – [26/Nov/2013:16:34:19 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.85.103.156 – – [26/Nov/2013:16:34:20 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.85.103.156 – – [26/Nov/2013:16:34:20 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.85.103.156 – – [26/Nov/2013:16:34:21 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.85.103.156 – – [26/Nov/2013:16:34:21 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.85.103.156 – – [26/Nov/2013:16:34:21 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.85.103.156 – – [26/Nov/2013:16:34:23 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.85.103.156 – – [26/Nov/2013:16:34:23 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.85.103.156 – – [26/Nov/2013:16:34:22 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.85.103.156 – – [26/Nov/2013:16:34:21 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.85.103.156 – – [26/Nov/2013:16:34:22 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.85.103.156 – – [26/Nov/2013:16:34:20 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.85.103.156 – – [26/Nov/2013:16:34:23 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.85.103.156 – – [26/Nov/2013:16:34:25 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.85.103.156 – – [26/Nov/2013:16:34:26 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
110.85.103.156 – – [26/Nov/2013:16:34:37 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
91.236.74.114 – – [26/Nov/2013:16:57:41 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.202.249.197 – – [26/Nov/2013:16:58:05 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 200 9676
27.159.198.221 – – [26/Nov/2013:17:01:12 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.159.192.227 – – [26/Nov/2013:17:03:16 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
91.236.74.114 – – [26/Nov/2013:17:04:05 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
91.236.74.114 – – [26/Nov/2013:17:09:54 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.153.230.136 – – [26/Nov/2013:17:10:16 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
85.214.205.121.broad.pt.fj.dynamic.163data.com.cn – – [26/Nov/2013:17:11:02 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.28.110 – – [26/Nov/2013:17:10:57 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.28.110 – – [26/Nov/2013:17:10:59 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.28.110 – – [26/Nov/2013:17:11:00 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.28.110 – – [26/Nov/2013:17:11:05 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.28.110 – – [26/Nov/2013:17:11:06 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.28.110 – – [26/Nov/2013:17:11:06 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
120.43.28.110 – – [26/Nov/2013:17:11:21 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
27.153.230.136 – – [26/Nov/2013:17:14:44 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
91.236.74.114 – – [26/Nov/2013:17:15:59 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
182.91.75.66 – – [26/Nov/2013:17:30:40 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 200 9676
182.91.75.66 – – [26/Nov/2013:17:30:41 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 200 9676
182.91.75.66 – – [26/Nov/2013:17:30:41 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 200 9676
182.91.75.66 – – [26/Nov/2013:17:30:48 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 200 9676
182.91.75.66 – – [26/Nov/2013:17:30:52 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 200 9676
182.91.75.66 – – [26/Nov/2013:17:30:56 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 200 9676
182.91.75.66 – – [26/Nov/2013:17:30:59 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 200 9676
182.91.75.66 – – [26/Nov/2013:17:31:07 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 200 9676
182.91.75.66 – – [26/Nov/2013:17:31:34 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 200 9676
182.91.75.66 – – [26/Nov/2013:17:31:48 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 200 9676
182.91.75.66 – – [26/Nov/2013:17:32:31 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 200 9676
182.91.75.66 – – [26/Nov/2013:17:32:34 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 200 9676
91.200.13.20 – – [26/Nov/2013:17:37:01 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 403 296
182.91.75.66 – – [26/Nov/2013:17:37:13 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 200 9676
182.91.75.66 – – [26/Nov/2013:17:43:39 +0900] "POST /mtos/mt-kiss-mint.cgi HTTP/1.0" 200 9676

 

で、対処としては下の様にiptablesでやるか.htaccessでdenyするかになります。

不正アクセス対策を行なってサーバーが安定した件 – KUMA TYPE

今回はお手軽に.htaccessでやっています。

方針としては、該当するipアドレスだけ弾いても数が多すぎてらちがあかないのでアドレス範囲ごとBANします。

でも、巻き添えで全くアクセスできなくなってしまうのも問題なので、コメントcgiやトラックバックcgiにのみアクセス出来ないようにしてサイトの閲覧自体は出来ないようにします。

具体的には.htaccessに以下のように記述します。

<Filesの後にアクセス制御したいファイル名を記載します。

<Files mt-tb.cgi>とすればMovable Typeの場合トラックバックcgiです。

<Files mt-comments.cgi>
    order allow,deny
    allow from all

    #2013.11.21
    deny from 27.152.0.0/13    #CN    27.159.202.254
    deny from 36.248.0.0/14    #CN    36.248.161.152
    deny from 115.192.0.0/11    #CN    115.210.75.255
    deny from 125.112.0.0/12    #CN    125.112.199.137
    #2013.11.22
    deny from 74.221.208.0/20    #US    74.221.208.145

    #2013.11.25 サーバー落ちてた
    deny from 110.88.0.0/14    #CN    110.89.27.37
    deny from 91.236.74.0/23    #PL    91.236.74.114
    deny from 27.152.0.0/13    #CN    27.159.205.26
    deny from 36.248.0.0/14    #CN    36.248.163.34
    deny from 208.176.0.0/15    #US    208.177.76.8.ptr.us.xo.net
    deny from 113.204.0.0/14    #CN    113.206.237.254
    deny from 80.79.112.0/20    #EE    wc212.webcare360.com
    deny from 27.152.0.0/13    #CN    27.153.248.170
    deny from 117.24.0.0/13    #CN    54.194.26.117.broad.pt.fj.dynamic.163data.com.cn
    deny from 222.76.0.0/14    #CN    59.215.77.222.broad.pt.fj.dynamic.163data.com.cn
    deny from 120.32.0.0/13    #CN    120.37.208.186
    deny from 125.112.0.0/12    #CN    125.112.200.163
    deny from 110.88.0.0/14    #CN    110.89.60.105

    #2013.11.26 Googleからアクセスできなかったエラーが着てた。botがいっぱい来てるので対処
    deny from 110.80.0.0/13    #CN    110.85.100.81
    deny from 110.88.0.0/14    #CN    110.89.27.37
    deny from 112.100.0.0/14    #CN    112.101.64.211
    deny from 112.111.0.0/16    #CN    112.111.189.19
    deny from 116.224.0.0/12    #CN    116.226.49.175
    deny from 120.192.0.0/10    #CN    120.202.249.197
    deny from 120.40.0.0/14    #CN    120.43.24.212
    deny from 121.224.0.0/12    #CN    121.229.68.174
    deny from 182.88.0.0/14    #CN    182.91.75.66
    deny from 192.95.0.0/18    #CA    192.95.17.49
    deny from 199.15.232.0/21    #US    199.15.233.130
    deny from 208.176.0.0/15    #US    208.177.76.11.ptr.us.xo.net
    deny from 209.7.0.0/16    #US    209.7.207.91
    deny from 221.130.0.0/15    #CN    221.130.17.33
    deny from 27.148.0.0/14    #CN    27.150.208.141
    deny from 27.152.0.0/13    #CN    27.153.230.136
    deny from 27.152.0.0/13    #CN    27.159.192.103
    deny from 41.216.32.0/19    #BJ    41.216.33.120
    deny from 58.20.0.0/16    #CN    58.20.127.106
    deny from 85.214.0.0/15    #DE    h2092465.stratoserver.net
    deny from 91.200.12.0/22    #UA    91.200.13.18
    deny from 91.236.74.0/23    #PL    91.236.74.114

</Files>

こんな感じでしばらくはボットの監視が必要そうです。

※apache1.3系だと.htaccessに「#」でコメントを同じ行に書くとエラーになるかもかも。

基本は中華をはじけばかなりマシになるので、

毎回対応するのも疲れたので、もう、あらかじめうざい国からのコメントcgiやトラックバックcgiへのアクセスは遮断しておいても良さそうな気がします。下のサイトを参考にしてうざい国のIPは収集可能です。

うざい国からのアクセスを全て遮断

追記:

よくログを見てませんでしたが、ステータスコードが200の物はアクセス出来たもの、403は既に対処済みはアクセス拒否出来たものなので、結構弾いてますね。

タグ : , ,