竹丼にアクセスしてくるツールをIP BAN した話

投稿日: 投稿者: hondash

MastoPeek なるツールっぽいものが5分毎にアクセスしてきていたので IP BAN することにする。

ログ

$ cat /var/log/nginx/access.log | grep MastoPeek

138.201.42.124 - - [14/May/2018:00:05:14 +0900] "GET /api/v1/timelines/public?local=true&limit=1 HTTP/1.1" 200 634 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:05:14 +0900] "GET /api/v1/timelines/public?local=true&limit=1 HTTP/1.1" 200 634 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:05:15 +0900] "GET /api/v1/timelines/public?local=true&limit=1 HTTP/1.1" 200 634 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:05:15 +0900] "GET /api/v1/timelines/public?local=true&limit=1 HTTP/1.1" 200 634 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:10:14 +0900] "GET /api/v1/instance HTTP/1.1" 200 1064 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:10:14 +0900] "GET /api/v1/instance HTTP/1.1" 200 1064 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:10:14 +0900] "GET /api/v1/instance HTTP/1.1" 200 1064 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:10:15 +0900] "GET /api/v1/instance HTTP/1.1" 200 1064 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:10:15 +0900] "GET /api/v1/timelines/public?local=true&limit=1 HTTP/1.1" 200 634 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:10:15 +0900] "GET /api/v1/timelines/public?local=true&limit=1 HTTP/1.1" 200 634 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:10:16 +0900] "GET /api/v1/timelines/public?local=true&limit=1 HTTP/1.1" 200 634 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:10:16 +0900] "GET /api/v1/timelines/public?local=true&limit=1 HTTP/1.1" 200 634 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:15:14 +0900] "GET /api/v1/instance HTTP/1.1" 200 1064 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:15:14 +0900] "GET /api/v1/instance HTTP/1.1" 200 1064 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:15:14 +0900] "GET /api/v1/instance HTTP/1.1" 200 1064 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:15:15 +0900] "GET /api/v1/instance HTTP/1.1" 200 1064 "-" "MastoPeek v0.5" "-" "-"

何をしてるのかわからないけどインスタンス情報とローカルタイムラインを取りに来てる。

/etc/nginx/conf.d/ のマストドンのconfig を修正する

location / {
  try_files $uri @proxy;
}


location / {
  deny 138.201.42.124;
  allow all;
  try_files $uri @proxy;
}

修正したらリロードする。

$ systemctl reload nginx

次のアクセスを待つ。

138.201.42.124 - - [14/May/2018:00:25:14 +0900] "GET /api/v1/instance HTTP/1.1" 403 134 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:25:14 +0900] "GET /api/v1/instance HTTP/1.1" 403 134 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:25:14 +0900] "GET /api/v1/instance HTTP/1.1" 403 134 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:25:14 +0900] "GET /api/v1/timelines/public?local=true&limit=1 HTTP/1.1" 403 134 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:25:15 +0900] "GET /api/v1/timelines/public?local=true&limit=1 HTTP/1.1" 403 134 "-" "MastoPeek v0.5" "-" "-"
138.201.42.124 - - [14/May/2018:00:25:15 +0900] "GET /api/v1/timelines/public?local=true&limit=1 HTTP/1.1" 403 134 "-" "MastoPeek v0.5" "-" "-"

ステータスコードが 403 になったので終了。