스팸 트랙백에 대한 대응?
글쓴이: 조성현 / 작성시간: 화, 2007/01/16 - 1:39오전
제가 최근에 가끔씩 돌보고 있는, 서버의 네트워크 상태를 보니 장난이 아닙니다.
근데, 전에는 관리자 권한이 없어서 몰랐는데, 살펴보니 스팸 트랙백이 엄청난 것 같습니다.
특히 서버가 웹 서비스를 주로 제공하고, 회원들이 300여명 되니깐.. 관리가 아예 안되는 듯 합니다.
# iptables -L -n -v | awk '$1 != 0'
현재 http_filter 체인에 의해서 80 포트로 온 요청들이 필터링 되고 있습니다.
그리고 위 명령으로 현재 패킷의 요구, 전송량을 대략 짐작이 가능한데, 결과는 아래와 같습니다.
Chain INPUT (policy ACCEPT 4771K packets, 3189M bytes)
pkts bytes target prot opt in out source destination
2002K 137M http_filter tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
181K 9718K DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 Source country: ! KR
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 5036K packets, 4285M bytes)
pkts bytes target prot opt in out source destination
Chain http_filter (1 references)
pkts bytes target prot opt in out source destination
6 288 DROP 0 -- eth0 * 121.143.108.207 0.0.0.0/0
6 288 DROP 0 -- eth0 * 121.144.62.243 0.0.0.0/0
6 288 DROP 0 -- eth0 * 122.18.75.233 0.0.0.0/0
6 288 DROP 0 -- eth0 * 124.144.20.204 0.0.0.0/0
6 288 DROP 0 -- eth0 * 124.59.10.168 0.0.0.0/0
3 144 DROP 0 -- eth0 * 124.62.72.86 0.0.0.0/0
36 1728 DROP 0 -- eth0 * 125.103.55.53 0.0.0.0/0
3 144 DROP 0 -- eth0 * 125.14.108.59 0.0.0.0/0
6 288 DROP 0 -- eth0 * 125.143.133.101 0.0.0.0/0
9 432 DROP 0 -- eth0 * 125.143.181.125 0.0.0.0/0
3 144 DROP 0 -- eth0 * 125.178.216.44 0.0.0.0/0
15 720 DROP 0 -- eth0 * 125.191.42.62 0.0.0.0/0
3 180 DROP 0 -- eth0 * 125.250.30.82 0.0.0.0/0
6 288 DROP 0 -- eth0 * 129.194.8.73 0.0.0.0/0
3 144 DROP 0 -- eth0 * 131.107.27.21 0.0.0.0/0
39 1872 DROP 0 -- eth0 * 131.107.64.93 0.0.0.0/0
4 240 DROP 0 -- eth0 * 140.109.225.239 0.0.0.0/0
5 320 DROP 0 -- eth0 * 148.233.159.58 0.0.0.0/0
5 320 DROP 0 -- eth0 * 148.233.229.235 0.0.0.0/0
6 360 DROP 0 -- eth0 * 151.2.169.27 0.0.0.0/0
7 353 DROP 0 -- eth0 * 159.134.203.181 0.0.0.0/0
9 444 DROP 0 -- eth0 * 161.58.59.81 0.0.0.0/0
3 144 DROP 0 -- eth0 * 168.213.1.132 0.0.0.0/0
18 1080 DROP 0 -- eth0 * 192.207.27.44 0.0.0.0/0
6 360 DROP 0 -- eth0 * 194.7.148.100 0.0.0.0/0
6 288 DROP 0 -- eth0 * 195.25.182.250 0.0.0.0/0
26 1288 DROP 0 -- eth0 * 195.47.219.1 0.0.0.0/0
6 288 DROP 0 -- eth0 * 195.77.186.113 0.0.0.0/0
4 192 DROP 0 -- eth0 * 196.12.158.198 0.0.0.0/0
18 1080 DROP 0 -- eth0 * 198.175.154.223 0.0.0.0/0
5 320 DROP 0 -- eth0 * 198.175.230.96 0.0.0.0/0
14 672 DROP 0 -- eth0 * 198.45.24.30 0.0.0.0/0
2 96 DROP 0 -- eth0 * 200.107.11.254 0.0.0.0/0
9 468 DROP 0 -- eth0 * 200.142.179.56 0.0.0.0/0
6 360 DROP 0 -- eth0 * 200.172.62.130 0.0.0.0/0
11 660 DROP 0 -- eth0 * 200.208.102.14 0.0.0.0/0
12 720 DROP 0 -- eth0 * 200.31.42.3 0.0.0.0/0
12 576 DROP 0 -- eth0 * 200.41.39.123 0.0.0.0/0
3 144 DROP 0 -- eth0 * 200.42.225.239 0.0.0.0/0
6 288 DROP 0 -- eth0 * 200.62.215.21 0.0.0.0/0
18 864 DROP 0 -- eth0 * 200.85.44.227 0.0.0.0/0
15 960 DROP 0 -- eth0 * 200.88.46.58 0.0.0.0/0
9 432 DROP 0 -- eth0 * 200.89.251.61 0.0.0.0/0
1 48 DROP 0 -- eth0 * 201.244.68.2 0.0.0.0/0
1 52 DROP 0 -- eth0 * 201.37.50.26 0.0.0.0/0
13 624 DROP 0 -- eth0 * 202.151.178.89 0.0.0.0/0
6 360 DROP 0 -- eth0 * 202.158.165.82 0.0.0.0/0
72 3840 DROP 0 -- eth0 * 202.185.111.30 0.0.0.0/0
5 320 DROP 0 -- eth0 * 203.115.90.132 0.0.0.0/0
6 288 DROP 0 -- eth0 * 203.123.188.75 0.0.0.0/0
2 96 DROP 0 -- eth0 * 203.130.240.243 0.0.0.0/0
2 96 DROP 0 -- eth0 * 203.133.149.95 0.0.0.0/0
9 540 DROP 0 -- eth0 * 203.144.143.3 0.0.0.0/0
9 540 DROP 0 -- eth0 * 203.144.160.251 0.0.0.0/0
3 136 DROP 0 -- eth0 * 203.145.131.158 0.0.0.0/0
3 144 DROP 0 -- eth0 * 203.210.56.119 0.0.0.0/0
4 176 DROP 0 -- eth0 * 203.247.156.16 0.0.0.0/0
6 360 DROP 0 -- eth0 * 204.11.237.113 0.0.0.0/0
4 184 DROP 0 -- eth0 * 205.172.200.57 0.0.0.0/0
3 144 DROP 0 -- eth0 * 205.200.65.121 0.0.0.0/0
15 900 DROP 0 -- eth0 * 205.234.161.159 0.0.0.0/0
7 336 DROP 0 -- eth0 * 206.82.130.210 0.0.0.0/0
4 176 DROP 0 -- eth0 * 206.83.210.58 0.0.0.0/0
57 2736 DROP 0 -- eth0 * 208.22.111.1 0.0.0.0/0
9 444 DROP 0 -- eth0 * 209.203.227.139 0.0.0.0/0
3 144 DROP 0 -- eth0 * 209.212.20.250 0.0.0.0/0
6 360 DROP 0 -- eth0 * 210.16.47.7 0.0.0.0/0
2 96 DROP 0 -- eth0 * 210.17.238.165 0.0.0.0/0
12 576 DROP 0 -- eth0 * 210.222.53.68 0.0.0.0/0
132 7920 DROP 0 -- eth0 * 210.73.73.104 0.0.0.0/0
6 288 DROP 0 -- eth0 * 210.91.44.222 0.0.0.0/0
18 936 DROP 0 -- eth0 * 210.92.51.41 0.0.0.0/0
3 144 DROP 0 -- eth0 * 211.172.222.217 0.0.0.0/0
3 144 DROP 0 -- eth0 * 211.176.182.71 0.0.0.0/0
12 576 DROP 0 -- eth0 * 211.199.111.224 0.0.0.0/0
12 576 DROP 0 -- eth0 * 211.204.84.209 0.0.0.0/0
6 288 DROP 0 -- eth0 * 211.205.53.65 0.0.0.0/0
30 1440 DROP 0 -- eth0 * 211.206.237.194 0.0.0.0/0
27 1296 DROP 0 -- eth0 * 211.212.47.170 0.0.0.0/0
3 144 DROP 0 -- eth0 * 211.237.182.20 0.0.0.0/0
42 2520 DROP 0 -- eth0 * 212.155.139.61 0.0.0.0/0
31 1860 DROP 0 -- eth0 * 212.227.80.22 0.0.0.0/0
3 144 DROP 0 -- eth0 * 212.45.25.11 0.0.0.0/0
5 300 DROP 0 -- eth0 * 213.115.205.82 0.0.0.0/0
18 1080 DROP 0 -- eth0 * 213.140.58.187 0.0.0.0/0
6 360 DROP 0 -- eth0 * 213.30.141.186 0.0.0.0/0
10 600 DROP 0 -- eth0 * 216.75.15.26 0.0.0.0/0
30 1800 DROP 0 -- eth0 * 216.75.32.2 0.0.0.0/0
30 1440 DROP 0 -- eth0 * 217.174.21.19 0.0.0.0/0
3 144 DROP 0 -- eth0 * 218.133.30.78 0.0.0.0/0
6 288 DROP 0 -- eth0 * 218.180.173.13 0.0.0.0/0
3 144 DROP 0 -- eth0 * 218.180.224.135 0.0.0.0/0
10 600 DROP 0 -- eth0 * 218.189.215.182 0.0.0.0/0
3 156 DROP 0 -- eth0 * 218.232.244.33 0.0.0.0/0
9 432 DROP 0 -- eth0 * 218.237.98.169 0.0.0.0/0
6 288 DROP 0 -- eth0 * 218.49.13.97 0.0.0.0/0
15 720 DROP 0 -- eth0 * 218.56.144.42 0.0.0.0/0
6 360 DROP 0 -- eth0 * 218.86.126.226 0.0.0.0/0
24 1152 DROP 0 -- eth0 * 218.98.195.19 0.0.0.0/0
4 176 DROP 0 -- eth0 * 219.136.239.51 0.0.0.0/0
3 144 DROP 0 -- eth0 * 219.140.193.137 0.0.0.0/0
1 48 DROP 0 -- eth0 * 219.140.60.182 0.0.0.0/0
2 96 DROP 0 -- eth0 * 219.140.60.189 0.0.0.0/0
1 48 DROP 0 -- eth0 * 219.140.60.196 0.0.0.0/0
3 144 DROP 0 -- eth0 * 219.175.96.154 0.0.0.0/0
3 144 DROP 0 -- eth0 * 219.214.212.146 0.0.0.0/0
32 1920 DROP 0 -- eth0 * 219.232.9.181 0.0.0.0/0
6 288 DROP 0 -- eth0 * 219.240.36.174 0.0.0.0/0
51 2652 DROP 0 -- eth0 * 219.241.74.40 0.0.0.0/0
9 432 DROP 0 -- eth0 * 219.48.150.115 0.0.0.0/0
6 288 DROP 0 -- eth0 * 220.1.172.79 0.0.0.0/0
15 780 DROP 0 -- eth0 * 220.116.253.221 0.0.0.0/0
3 144 DROP 0 -- eth0 * 220.121.141.101 0.0.0.0/0
3 144 DROP 0 -- eth0 * 220.77.58.177 0.0.0.0/0
6 288 DROP 0 -- eth0 * 220.92.96.66 0.0.0.0/0
9 432 DROP 0 -- eth0 * 221.13.66.161 0.0.0.0/0
6 288 DROP 0 -- eth0 * 221.138.4.212 0.0.0.0/0
33 1584 DROP 0 -- eth0 * 221.142.234.186 0.0.0.0/0
9 432 DROP 0 -- eth0 * 221.153.56.253 0.0.0.0/0
5 240 DROP 0 -- eth0 * 221.18.53.33 0.0.0.0/0
3 144 DROP 0 -- eth0 * 221.231.139.168 0.0.0.0/0
1 48 DROP 0 -- eth0 * 221.232.155.202 0.0.0.0/0
4 192 DROP 0 -- eth0 * 221.232.155.203 0.0.0.0/0
3 144 DROP 0 -- eth0 * 221.30.246.15 0.0.0.0/0
6 288 DROP 0 -- eth0 * 221.56.76.12 0.0.0.0/0
3 144 DROP 0 -- eth0 * 222.100.252.16 0.0.0.0/0
15 720 DROP 0 -- eth0 * 222.100.38.157 0.0.0.0/0
3 144 DROP 0 -- eth0 * 222.107.144.160 0.0.0.0/0
2 88 DROP 0 -- eth0 * 222.108.198.14 0.0.0.0/0
6 288 DROP 0 -- eth0 * 222.234.87.160 0.0.0.0/0
5 240 DROP 0 -- eth0 * 24.1.18.247 0.0.0.0/0
3 144 DROP 0 -- eth0 * 24.178.191.124 0.0.0.0/0
6 288 DROP 0 -- eth0 * 24.188.194.32 0.0.0.0/0
18 960 DROP 0 -- eth0 * 24.22.15.237 0.0.0.0/0
6 360 DROP 0 -- eth0 * 38.119.66.207 0.0.0.0/0
4 192 DROP 0 -- eth0 * 58.13.154.81 0.0.0.0/0
18 864 DROP 0 -- eth0 * 58.140.36.124 0.0.0.0/0
51 2448 DROP 0 -- eth0 * 58.157.26.92 0.0.0.0/0
46 2208 DROP 0 -- eth0 * 58.230.239.88 0.0.0.0/0
3 156 DROP 0 -- eth0 * 58.232.124.90 0.0.0.0/0
11 660 DROP 0 -- eth0 * 58.247.2.108 0.0.0.0/0
9 432 DROP 0 -- eth0 * 58.61.128.78 0.0.0.0/0
12 768 DROP 0 -- eth0 * 58.67.31.194 0.0.0.0/0
45 2160 DROP 0 -- eth0 * 59.12.198.22 0.0.0.0/0
18 864 DROP 0 -- eth0 * 59.171.7.141 0.0.0.0/0
6 288 DROP 0 -- eth0 * 59.186.67.28 0.0.0.0/0
3 156 DROP 0 -- eth0 * 59.26.150.110 0.0.0.0/0
12 624 DROP 0 -- eth0 * 59.6.183.19 0.0.0.0/0
33 1584 DROP 0 -- eth0 * 59.9.188.183 0.0.0.0/0
145 6960 DROP 0 -- eth0 * 60.195.250.90 0.0.0.0/0
30 1440 DROP 0 -- eth0 * 60.217.227.135 0.0.0.0/0
72 3456 DROP 0 -- eth0 * 60.217.227.136 0.0.0.0/0
12 576 DROP 0 -- eth0 * 60.217.227.140 0.0.0.0/0
6 288 DROP 0 -- eth0 * 60.217.227.141 0.0.0.0/0
6 288 DROP 0 -- eth0 * 60.217.227.142 0.0.0.0/0
24 1152 DROP 0 -- eth0 * 60.217.227.143 0.0.0.0/0
24 1152 DROP 0 -- eth0 * 60.217.227.145 0.0.0.0/0
6 288 DROP 0 -- eth0 * 61.246.216.86 0.0.0.0/0
17 816 DROP 0 -- eth0 * 61.47.201.157 0.0.0.0/0
5 320 DROP 0 -- eth0 * 62.150.40.142 0.0.0.0/0
4 192 DROP 0 -- eth0 * 62.183.45.210 0.0.0.0/0
6 288 DROP 0 -- eth0 * 62.65.183.35 0.0.0.0/0
7 420 DROP 0 -- eth0 * 64.114.124.137 0.0.0.0/0
6 360 DROP 0 -- eth0 * 64.34.166.88 0.0.0.0/0
24 1440 DROP 0 -- eth0 * 64.34.168.29 0.0.0.0/0
3 180 DROP 0 -- eth0 * 64.34.173.104 0.0.0.0/0
12 720 DROP 0 -- eth0 * 64.34.200.200 0.0.0.0/0
4 240 DROP 0 -- eth0 * 66.135.34.11 0.0.0.0/0
48 2880 DROP 0 -- eth0 * 66.139.76.153 0.0.0.0/0
18 1080 DROP 0 -- eth0 * 66.139.76.17 0.0.0.0/0
42 2520 DROP 0 -- eth0 * 66.139.77.214 0.0.0.0/0
8 368 DROP 0 -- eth0 * 66.192.59.18 0.0.0.0/0
2 96 DROP 0 -- eth0 * 66.38.100.159 0.0.0.0/0
27 1620 DROP 0 -- eth0 * 67.99.20.45 0.0.0.0/0
6 360 DROP 0 -- eth0 * 72.32.73.98 0.0.0.0/0
21 1152 DROP 0 -- eth0 * 72.36.203.138 0.0.0.0/0
3 144 DROP 0 -- eth0 * 75.60.188.172 0.0.0.0/0
5 320 DROP 0 -- eth0 * 80.227.0.153 0.0.0.0/0
5 320 DROP 0 -- eth0 * 80.227.0.156 0.0.0.0/0
9 540 DROP 0 -- eth0 * 80.237.140.233 0.0.0.0/0
34 2040 DROP 0 -- eth0 * 80.50.82.90 0.0.0.0/0
5 300 DROP 0 -- eth0 * 80.93.118.124 0.0.0.0/0
20 1280 DROP 0 -- eth0 * 82.137.247.131 0.0.0.0/0
3 144 DROP 0 -- eth0 * 82.230.245.232 0.0.0.0/0
3 144 DROP 0 -- eth0 * 82.67.160.229 0.0.0.0/0
12 720 DROP 0 -- eth0 * 83.206.210.131 0.0.0.0/0
6 288 DROP 0 -- eth0 * 83.208.170.134 0.0.0.0/0
36 2160 DROP 0 -- eth0 * 84.19.178.108 0.0.0.0/0
30 1440 DROP 0 -- eth0 * 85.21.96.239 0.0.0.0/0
299 15220 DROP 0 -- eth0 * 85.255.116.2 0.0.0.0/0
63 3780 DROP 0 -- eth0 * 87.118.108.58 0.0.0.0/0
6 288 DROP 0 -- eth0 * 89.34.56.198 0.0.0.0/0 일단 한국이 아닌 곳에서 접속하는 것은 다 막았고(N/A는 예외), 위와 같은 추출된 ip에 대해서 또 막은 상황입니다. 앞에 숫자를 보시면 아시겠지만, 아직도 패킷 요청이 들어오고 있습니다. ㅜ.ㅜ
내부 proxy 서버를 두어, ip를 교체하면서 스팸 트랙백을 보낸다고 하지만, 결국 가지고 있는 ip는 한정되어 있기 때문에, 또 쉽게 구현할 수 있어서 일단은 이렇게 했는데요.
문자열로 처리를 하고자 해도, 일반 사용자가 POST 방식의 트랙백인 경우에는 열어놓아야 된다는 점. 때문에 딱히 해결법이 떠오르지 않습니다. 그나마 구분되는 것이, reference 확인과 영어로만 되어 있는지가 아닐까 생각합니다. 저한텐 정말 애매하군요. :(
일반 유저에겐 블로그 운영할 때, 교류를 위해선 트랙백이 필수라는 생각이 들지만, 서버관리자 입장에선 여간 관리하기 까다로운 녀석이 아닌가 쉽네요. 여러분들은 어떻게 대처 하시나요?
p.s. 이렇게 ip 공개한다고 신고당하려나? ㅎㅎ
Forums: