Embedded Files
My Wekan board serves me in two ways. The first one, quite obviously, is to organize my tasks. The second one is to be a honeypot. Looking at logs, I can spot techniques people use to attack web apps. Pretty interesting readings. Here are some of IPs I blocked recently.
IP: 172.104.242.173Location of Linode's (Linode, LLC) server in Philadelphia.
IP: 88.225.229.42Somebody from Antalya, Turkey (TurkTelekom).
IP: 71.166.242.111Say 'Hi!' to curious people in Centreville, Virginia, USA.
IP: 104.248.194.110Zgrab scanner hosted in one of Digital Ocean's box in Amsterdam.
IP: 89.248.174.216The company (hosting?) registered on Seychelles, but the server is in Amsterdam.
IP: 168.181.121.22Honduras. Really?
IP: 221.147.59.226Somebody from South Korea wants to know my plans.
IP: 128.14.209.178A software hosted in one of Zenlayer's (Zenlayer Inc) spoofs user agent. Vernon, California, USA.
IP: 95.6.22.50Again Turkey, but this time Istanbul (TurkTelekom).
IP: 170.254.74.49Request from the middle of nowhere, Minacu, Goias, Brazil.
IP: 175.107.23.156Guest from Chichawatni, Punjab, Pakistan.
IP: 103.58.249.22Request from Jodhpur, Rajasthan, India looks very similar to requests from Pakistan and Brazil. Proxies?
IP: 104.42.137.111One of Microsoft Azure server in California, USA hosts zgrab tool. I do not expect any requests from other cloud providers, so I blocked whole range of IPs.
IP: 183.129.160.229China is calling.
IP: 201.76.120.212Montenegro, Rio Grande Do Sul, Brazil.
IP: 139.162.119.197Tokyo, Japan. The geography of unwanted guests is the whole Globe.
Sep 30, 2019. Berlin
Report abuse