MastoPeek なるツールっぽいものが5分毎にアクセスしてきていたので IP BAN することにする。
ログ
$ cat /var/log/nginx/access.log | grep MastoPeek
138.201.42.124 - - [14/May/2018:00:05:14 +0900] "GET /api/v1/timelines/public?local=true&limit=1 HTTP/1.1" 200 634 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:05:14 +0900] "GET /api/v1/timelines/public?local=true&limit=1 HTTP/1.1" 200 634 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:05:15 +0900] "GET /api/v1/timelines/public?local=true&limit=1 HTTP/1.1" 200 634 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:05:15 +0900] "GET /api/v1/timelines/public?local=true&limit=1 HTTP/1.1" 200 634 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:10:14 +0900] "GET /api/v1/instance HTTP/1.1" 200 1064 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:10:14 +0900] "GET /api/v1/instance HTTP/1.1" 200 1064 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:10:14 +0900] "GET /api/v1/instance HTTP/1.1" 200 1064 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:10:15 +0900] "GET /api/v1/instance HTTP/1.1" 200 1064 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:10:15 +0900] "GET /api/v1/timelines/public?local=true&limit=1 HTTP/1.1" 200 634 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:10:15 +0900] "GET /api/v1/timelines/public?local=true&limit=1 HTTP/1.1" 200 634 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:10:16 +0900] "GET /api/v1/timelines/public?local=true&limit=1 HTTP/1.1" 200 634 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:10:16 +0900] "GET /api/v1/timelines/public?local=true&limit=1 HTTP/1.1" 200 634 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:15:14 +0900] "GET /api/v1/instance HTTP/1.1" 200 1064 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:15:14 +0900] "GET /api/v1/instance HTTP/1.1" 200 1064 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:15:14 +0900] "GET /api/v1/instance HTTP/1.1" 200 1064 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:15:15 +0900] "GET /api/v1/instance HTTP/1.1" 200 1064 "-" "MastoPeek v0.5" "-" "-"
何をしてるのかわからないけどインスタンス情報とローカルタイムラインを取りに来てる。
/etc/nginx/conf.d/ のマストドンのconfig を修正する
location / {
try_files $uri @proxy;
}
↓
location / {
deny 138.201.42.124;
allow all;
try_files $uri @proxy;
}
修正したらリロードする。
$ systemctl reload nginx
次のアクセスを待つ。
138.201.42.124 - - [14/May/2018:00:25:14 +0900] "GET /api/v1/instance HTTP/1.1" 403 134 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:25:14 +0900] "GET /api/v1/instance HTTP/1.1" 403 134 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:25:14 +0900] "GET /api/v1/instance HTTP/1.1" 403 134 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:25:14 +0900] "GET /api/v1/timelines/public?local=true&limit=1 HTTP/1.1" 403 134 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:25:15 +0900] "GET /api/v1/timelines/public?local=true&limit=1 HTTP/1.1" 403 134 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:25:15 +0900] "GET /api/v1/timelines/public?local=true&limit=1 HTTP/1.1" 403 134 "-" "MastoPeek v0.5" "-" "-"
ステータスコードが 403 になったので終了。