23년 4월 20일 TIL & 개발노트 (nginx 외부 불법 침입 시도 및 google adsense 관련)
내 취미는 매일 나는 nginx log를 보는 것
요새 새로운 취미 생활이다.
흑우집합소 배포 이후 이상한 놈들이 불법으로 접근하는지 체크한다.
그래서 아침에 일어나서 컴퓨터 키고 nginx 로그를 본다.
로그를 보면 가관이다.
1. 불법 침입 흔적
아래는 접근한 불법 침입자 로그다.
66.102.6.190 - - [20/Apr/2023:03:55:00 +0900] "GET / HTTP/1.1" 301 178 "-" "Google-Display-Ads-Bot"
44.202.140.249 - - [20/Apr/2023:04:04:55 +0900] "GET / HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:04:56 +0900] "GET /.env HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:04:57 +0900] "GET /.remote HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:04:57 +0900] "GET /.local HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:04:58 +0900] "GET /.production HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:04:59 +0900] "GET //vendor/.env HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:04:59 +0900] "GET //lib/.env HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:00 +0900] "GET //lab/.env HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:00 +0900] "GET //cronlab/.env HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:01 +0900] "GET //cron/.env HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:01 +0900] "GET //core/.env HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:02 +0900] "GET //core/app/.env HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:02 +0900] "GET //core/Datavase/.env HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:03 +0900] "GET //database/.env HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:04 +0900] "GET //config/.env HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:04 +0900] "GET //assets/.env HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:05 +0900] "GET //app/.env HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:05 +0900] "GET //apps/.env HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:06 +0900] "GET //uploads/.env HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:06 +0900] "GET //sitemaps/.env HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:07 +0900] "GET //saas/.env HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:07 +0900] "GET //api/.env HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:08 +0900] "GET //psnlink/.env HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:08 +0900] "GET //exapi/.env HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:09 +0900] "GET //site/.env HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:09 +0900] "GET //admin/.env HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:10 +0900] "GET //web/.env HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:10 +0900] "GET //public/.env HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:11 +0900] "GET //en/.env HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:11 +0900] "GET //tools/.env HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:12 +0900] "GET //v1/.env HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:13 +0900] "GET //v2/.env HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:13 +0900] "GET //administrator/.env HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:13 +0900] "GET //laravel/.env HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:15 +0900] "POST / HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:15 +0900] "POST //admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:15 +0900] "POST //api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:15 +0900] "POST //backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:16 +0900] "POST //blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:16 +0900] "POST //cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:16 +0900] "POST //demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:16 +0900] "POST //dev/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:16 +0900] "POST //laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:16 +0900] "POST //lib/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:17 +0900] "POST //lib/phpunit/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:17 +0900] "POST //lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:17 +0900] "POST //lib/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:17 +0900] "POST //new/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:17 +0900] "POST //old/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:18 +0900] "POST //panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:18 +0900] "POST //phpunit/Util/PHP/eval-stdin.php HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:18 +0900] "POST //phpunit/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:18 +0900] "POST //phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:18 +0900] "POST //phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:18 +0900] "POST //protected/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:19 +0900] "POST //sites/all/libraries/mailchimp/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:19 +0900] "POST //vendor/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:19 +0900] "POST //vendor/phpunit/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:19 +0900] "POST //vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:19 +0900] "POST //vendor/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:19 +0900] "POST //wp-content/plugins/cloudflare/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:20 +0900] "POST //wp-content/plugins/dzs-videogallery/class_parts/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:20 +0900] "POST //wp-content/plugins/jekyll-exporter/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:20 +0900] "POST //wp-content/plugins/mm-plugin/inc/vendors/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
44.202.140.249 - - [20/Apr/2023:04:05:20 +0900] "POST //www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 301 178 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.35 (KHTML, like Gecko) Chrome/7.0.917.68 Safari/535.23"
198.46.202.158 - - [20/Apr/2023:05:43:48 +0900] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36"
8.36.86.60 - - [20/Apr/2023:09:37:09 +0900] "GET /robots.txt HTTP/1.1" 301 178 "-" "python-requests/2.25.1"
8.36.86.60 - - [20/Apr/2023:09:37:10 +0900] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 Firefox/33.0"
44.202.140.249 악의적 사용자는 계속 특정 키워드 url로 찔러본다.
그리고 헤더 값을 잘 보면 알겠지만 referer값이 google로 되어 있다.
이는 구글을 통해 왔다고 흉내내는데 그냥 차단을 방지하기 위해 달아둔 의미없는 값을 넣은 것 같다.
저런 키워드는 Nginx에서 특정 IP 접근 금지 시키기 포스팅에 잘 정리해뒀다.
그리고 user-agent도 예사롭지 않다.... ㅋㅋㅋ
8.36.86.60 악의적 사용자는 대놓고 user-agent에 python-requests를 줬다.
그리고는 바로 우디르급 태세전환해서 파폭으로 바꿔줬다.
다 보면 알겠지만 악의적 해킹을 목적으로 가진 사용자는 봇을 만들어서 자동으로 무작위 공격을 하게끔 해뒀다.
그리고 저 키워드로 찔렀을 때 응답이 정상으로 오거나 한 것을 토대로 공격 루트를 만들어 오는 것 같다.
흑우집합소를 운영하는 동안 이런 악의적 사용자만 막아도 절반은 성공한게 아닐까 싶다...
adsense 승인 문제 (진행중)
흑우집합소 내에 광고를 준비하기 위해 adsense를 적용하려 했다.
적용 방법은 Next.Js에 구글 애드센스(Adsense) 등록하기 포스팅을 참고하면 된다.
근데 결과는...
역시 쉽지 않다.
사이트를 가보니 다음과 같이 되어 있고...
이유를 보니...
사이트가 다운되었거나 사용할 수 없음 이라는 이유다.
그래서 내가 지금까지 취한 조치는 다음과 같다.
1. nginx 차단
이 부분은 23년 4월 3일 TIL & 개발노트 포스팅에서 다룬 내용이다.
근데 이 부분은 문제의 정답이 아니었던 것 같다.
2. 해외에서 접근 확인
이 부분이 문제일 것 같아서 VPN을 통해서 접근해봤다.
미국이나 기타 국가에서 접근했음에도 정상적으로 접근이 가능했다.
혹시 몰라서 애플의 비공개 릴레이에서도 확인해봤다.
하지만 접속에는 이상이 없었다.
3. ads.txt 접근 확인 및 코드 미적용
이 부분도 한번 확인해봤으나 정상적으로 적용이 되어 있음을 확인했다.
4. 알려지지 않은 도메인?
몇일 전까지는 내가 search console에 몇 가지 작업을 하지 않아서 등록이 안되었다.
그리고 22일쯔음 아래와 같은 메일이 왔다.
그래서 구글에 현재 흑우집합소라는 키워드를 치면 아래와 같이 잘 나온다.
그래서 이것도 정답이 아닌 거 같다.
어떻게 해결할 예정?
일단 sitemap이나 그런거 문제일 수도 있을 것 같아서 다시 시도해보려 했지만...
너무 많은 신청을 해서 특정 일까지는 검수 불가 판정을 받았다 ^^
나만 그런줄 알았는데 상황이 약간 틀리지만 나와 비슷한 분들을 찾을 수 있었다.
두 티스토리 내용을 보면 알겠지만 나랑 비슷한 상황인 것 같고, 이를 해결했다.
일단 검수 신청 가능한 날까진 원인을 다시 찾아보고 포스팅을 성공하면 이를 포스팅으로 남겨보겠다.