被盯上了怎么办？？？

harryhare · 发表于 2018-3-26 19:28:57

本帖最后由 harryhare 于 2018-3-26 21:28 编辑

第一条是伪造我的客户端的访问，我的请求是
`curl --socks5 【proxyip】 www.google.com`
我只发了这一条请求，但是这个是我的酸酸的log

补充一下，不仅是被扫描，我自己的请求还被篡改了
75.126.124.162:80 这个ip并不是google，我的机器ping到的ip是69.63.186.30，我的请求没有收到回复。。。
所以不是简单的端口扫描
还有就是，这些扫描可以穿透墙（from的ip是国内的好像），但是我的腾讯云请求似乎被墙来了下来。。。

```
2018-03-26 06:38:03 INFO    connecting 75.126.124.162:80 from 【我的腾讯云ip】:45752
2018-03-26 06:38:05 INFO    connecting www.google.com:443 from 111.162.138.246:52227
2018-03-26 06:38:05 INFO    connecting www.**.com:80 from 36.34.10.166:28259
2018-03-26 06:38:05 INFO    connecting www.123cha.com:80 from 106.91.209.197:21890
2018-03-26 06:38:06 INFO    connecting www.baidu.com:443 from 36.35.31.30:28255
2018-03-26 06:38:06 ERROR [Errno 104] Connection reset by peer
2018-03-26 06:38:07 INFO    connecting www.**.com:80 from 61.52.64.204:15912
2018-03-26 06:38:07 INFO    connecting www.googletagservices.com:443 from 123.191.154.154:24001
2018-03-26 06:38:07 INFO    connecting www.google-analytics.com:80 from 106.91.209.197:39353
2018-03-26 06:38:07 INFO    connecting pagead2.googlesyndication.com:80 from 171.36.164.245:37056
2018-03-26 06:38:07 INFO    connecting hm.baidu.com:443 from 1.189.164.211:11087
2018-03-26 06:38:07 INFO    connecting cpro.baidustatic.com:80 from 220.173.19.46:3961
2018-03-26 06:38:08 INFO    connecting www.google.com:443 from 106.91.210.27:1367
2018-03-26 06:38:08 INFO    connecting www.gstatic.com:443 from 117.14.148.105:20757
2018-03-26 06:38:08 INFO    connecting ss1.bdstatic.com:443 from 60.208.208.66:25455
2018-03-26 06:38:09 INFO    connecting securepubads.g.doubleclick.net:443 from 117.14.145.6:58564
2018-03-26 06:38:09 INFO    connecting adservice.google.com:443 from 123.191.149.162:48293
2018-03-26 06:38:09 INFO    connecting pagead2.googlesyndication.com:443 from 61.52.64.204:47078
2018-03-26 06:38:09 INFO    connecting adservice.google.com:443 from 106.91.211.252:25649
2018-03-26 06:38:10 INFO    connecting pos.baidu.com:80 from 111.162.148.131:40501
2018-03-26 06:38:10 INFO    connecting googleads.g.doubleclick.net:443 from 117.14.148.105:194
2018-03-26 06:38:10 INFO    connecting pagead2.googlesyndication.com:443 from 27.211.179.63:18289
2018-03-26 06:38:10 INFO    connecting googleads.g.doubleclick.net:443 from 139.170.69.202:4190
2018-03-26 06:38:11 INFO    connecting apis.google.com:443 from 36.34.10.166:28337
2018-03-26 06:38:11 INFO    connecting www.123cha.com:80 from 60.208.208.66:21629
2018-03-26 06:38:12 INFO    connecting ss1.bdstatic.com:443 from 106.4.196.164:51054
2018-03-26 06:38:12 INFO    connecting cpro.baidustatic.com:80 from 119.118.18.242:61231
2018-03-26 06:38:12 INFO    connecting pos.baidu.com:443 from 113.4.75.195:13520
2018-03-26 06:38:13 INFO    connecting ss1.bdstatic.com:443 from 182.109.237.147:11247
2018-03-26 06:38:13 INFO    connecting pagead2.googlesyndication.com:80 from 1.189.193.18:21636
2018-03-26 06:38:13 INFO    connecting ss1.bdstatic.com:443 from 111.85.179.113:58272
2018-03-26 06:38:13 INFO    connecting hm.baidu.com:443 from 116.252.188.64:7518
2018-03-26 06:38:13 INFO    connecting cpro.baidustatic.com:80 from 182.110.29.55:56995
2018-03-26 06:38:13 INFO    connecting ss1.bdstatic.com:443 from 60.13.138.42:18020
2018-03-26 06:38:15 INFO    connecting pagead2.googlesyndication.com:443 from 125.76.60.66:52913
2018-03-26 06:38:15 INFO    connecting googleads.g.doubleclick.net:443 from 111.172.32.215:43656
2018-03-26 06:38:15 INFO    connecting adservice.google.com:443 from 171.37.177.14:39589
2018-03-26 06:38:15 INFO    connecting pos.baidu.com:80 from 112.66.77.106:44957
2018-03-26 06:38:16 INFO    connecting www.123cha.com:80 from 60.13.138.42:5405
2018-03-26 06:38:16 INFO    connecting googleads.g.doubleclick.net:443 from 123.191.154.154:14396
2018-03-26 06:38:16 INFO    connecting pagead2.googlesyndication.com:443 from 113.4.75.195:13543
2018-03-26 06:38:17 INFO    connecting cpro.baidustatic.com:80 from 59.53.217.180:33198
2018-03-26 06:38:17 INFO    connecting hm.baidu.com:443 from 106.91.211.157:40040
2018-03-26 06:38:17 INFO    connecting pagead2.googlesyndication.com:80 from 113.206.182.46:52225
2018-03-26 06:38:19 INFO    connecting googleads.g.doubleclick.net:443 from 117.14.150.196:50593
2018-03-26 06:38:19 INFO    connecting pos.baidu.com:80 from 221.198.83.56:55847
2018-03-26 06:38:19 INFO    connecting ip-check.info:80 from 1.30.24.44:30364
2018-03-26 06:38:19 INFO    connecting adservice.google.com:443 from 111.85.179.49:45057
2018-03-26 06:38:19 INFO    connecting pagead2.googlesyndication.com:443 from 116.252.188.64:7555
2018-03-26 06:38:21 INFO    connecting pagead2.googlesyndication.com:443 from 123.145.15.44:9693
2018-03-26 06:38:21 INFO    connecting shop.anonymous-proxy-servers.net:443 from 59.53.217.180:33204
2018-03-26 06:38:21 INFO    connecting shop.anonymous-proxy-servers.net:443 from 220.173.19.178:5042
2018-03-26 06:38:21 INFO    connecting googleads.g.doubleclick.net:443 from 60.13.138.20:19828
2018-03-26 06:38:21 INFO    connecting ipcheck.info:80 from 112.66.77.106:18762
2018-03-26 06:38:21 INFO    connecting cpro.baidustatic.com:80 from 1.189.193.18:21647
2018-03-26 06:38:21 INFO    connecting shop.anonymous-proxy-servers.net:443 from 60.13.138.42:27926
2018-03-26 06:38:22 INFO    connecting ip-check.info:80 from 119.118.18.242:61870
2018-03-26 06:38:23 INFO    connecting ip-check.info:80 from 171.107.27.53:1049
2018-03-26 06:38:23 INFO    connecting ipcheck.info:80 from 113.132.8.224:9034
2018-03-26 06:38:23 INFO    connecting shop.anonymous-proxy-servers.net:443 from 111.172.32.215:15130
2018-03-26 06:38:23 INFO    connecting shop.anonymous-proxy-servers.net:443 from 106.91.210.232:54192
2018-03-26 06:38:24 INFO    connecting shop.anonymous-proxy-servers.net:443 from 113.132.8.224:9036
2018-03-26 06:38:24 INFO    connecting shop.anonymous-proxy-servers.net:443 from 123.191.148.134:44214
2018-03-26 06:38:24 INFO    connecting shop.anonymous-proxy-servers.net:443 from 182.88.168.228:1892
2018-03-26 06:38:24 INFO    connecting ipcheck.info:80 from 113.206.182.46:38168
2018-03-26 06:38:26 INFO    connecting ipcheck.info:80 from 183.184.31.23:45920
2018-03-26 06:38:27 INFO    connecting ipcheck.info:80 from 119.118.17.96:22948
2018-03-26 06:38:27 INFO    connecting ipcheck.info:80 from 171.107.27.119:9080
2018-03-26 06:38:28 INFO    connecting ipcheck.info:80 from 182.88.168.228:1973
2018-03-26 06:38:28 INFO    connecting ipcheck.info:80 from 112.66.74.174:49149
2018-03-26 06:38:29 INFO    connecting ipcheck.info:80 from 111.162.143.62:30954
2018-03-26 06:38:30 INFO    connecting ipcheck.info:80 from 182.88.171.84:11009
2018-03-26 06:38:31 INFO    connecting ipcheck.info:80 from 221.198.83.56:37167
2018-03-26 06:38:32 INFO    connecting ip-api.com:80 from 112.66.77.106:6972
2018-03-26 06:38:34 INFO    connecting 61.135.169.125:443 from 112.80.210.18:21447
2018-03-26 06:38:38 INFO    connecting 8.7.198.45:80 from 121.57.14.68:8664
2018-03-26 06:38:39 INFO    connecting 243.185.187.39:80 from 221.14.170.220:13530
2018-03-26 06:38:40 INFO    connecting 69.63.190.2:80 from 106.45.0.196:42788
2018-03-26 06:38:41 INFO    connecting 204.155.149.51:80 from 218.63.139.26:62820
2018-03-26 06:38:41 INFO    connecting 199.59.148.14:80 from 58.19.59.28:2518
2018-03-26 06:38:42 INFO    connecting 204.79.197.200:443 from 182.138.158.13:17549
2018-03-26 06:38:42 INFO    connecting 198.41.214.99:80 from 58.248.203.162:56372
2018-03-26 06:38:43 INFO    connecting 199.101.133.43:443 from 125.76.61.18:39510
2018-03-26 06:38:44 INFO    connecting 8.7.198.45:443 from 180.136.217.213:59595
2018-03-26 06:38:45 INFO    connecting 202.89.233.101:443 from 42.80.198.228:11684
2018-03-26 06:38:45 INFO    connecting 198.41.214.88:443 from 150.255.87.116:37385
2018-03-26 06:38:46 INFO    connecting 93.46.8.89:443 from 113.128.104.158:33969
2018-03-26 06:38:53 INFO    connecting 121.40.21.118:80 from 106.45.1.232:38343
```
```
另外一次的log片段：
2018-03-26 06:38:34 INFO    connecting 61.135.169.125:443 from 112.80.210.18:21447
2018-03-26 06:38:38 INFO    connecting 8.7.198.45:80 from 121.57.14.68:8664
2018-03-26 06:38:39 INFO    connecting 243.185.187.39:80 from 221.14.170.220:13530
2018-03-26 06:38:40 INFO    connecting 69.63.190.2:80 from 106.45.0.196:42788
2018-03-26 06:38:41 INFO    connecting 204.155.149.51:80 from 218.63.139.26:62820
2018-03-26 06:38:41 INFO    connecting 199.59.148.14:80 from 58.19.59.28:2518
2018-03-26 06:38:42 INFO    connecting 204.79.197.200:443 from 182.138.158.13:17549
2018-03-26 06:38:42 INFO    connecting 198.41.214.99:80 from 58.248.203.162:56372
2018-03-26 06:38:43 INFO    connecting 199.101.133.43:443 from 125.76.61.18:39510
2018-03-26 06:38:44 INFO    connecting 8.7.198.45:443 from 180.136.217.213:59595
2018-03-26 06:38:45 INFO    connecting 202.89.233.101:443 from 42.80.198.228:11684
2018-03-26 06:38:45 INFO    connecting 198.41.214.88:443 from 150.255.87.116:37385
2018-03-26 06:38:46 INFO    connecting 93.46.8.89:443 from 113.128.104.158:33969
2018-03-26 06:38:53 INFO    connecting 121.40.21.118:80 from 106.45.1.232:3834

```

jshkk · 发表于 2018-3-26 19:35:32

嗯你完了。。。删机格盘跑路吧

qweasdzxc123 · 发表于 2018-3-26 19:41:44

吃顿好细软跑

hdown · 发表于 2018-3-26 19:45:26

目测是开放了一个匿名socks5端口导致的。
菜鸟又想搞个大新闻系列

harryhare · 发表于 2018-3-26 19:48:03

hdown 发表于 2018-3-26 19:45
目测是开放了一个匿名socks5端口导致的。
菜鸟又想搞个大新闻系列

为什么开个sock5端口，会被这么快检测到？对方是墙还是黑客？

hxuf · 发表于 2018-3-26 19:53:56

重装系统换密码

fiht233 · 发表于 2018-3-26 19:55:43

不然你以为代理站的代理 IP 都是怎么来的？

hdown · 发表于 2018-3-26 19:56:23

harryhare 发表于 2018-3-26 19:48
为什么开个sock5端口，会被这么快检测到？对方是墙还是黑客？

就像马路上到处都是小偷，你把钱包露在外面，人多的地方跑一圈，钱包肯定没了。
网络上时时刻刻充满着各种扫描，只要你有漏洞，很快就会被发现并利用。

king51 · 发表于 2018-3-26 21:06:42

harryhare 发表于 2018-3-26 19:48
为什么开个sock5端口，会被这么快检测到？对方是墙还是黑客？

匿名socket全球一堆机子在同时扫描呢，要不然你以为那些代理哪来的

harryhare · 发表于 2018-3-26 21:31:55

hdown 发表于 2018-3-26 19:45
目测是开放了一个匿名socks5端口导致的。
菜鸟又想搞个大新闻系列

问题是我开了还不到5s就这样了。。。就只是切换putty窗口的间隔。。。还有我自己的请求被篡改了，并且没有收到回复，一般的扫描没这么厉害吧。还有这些扫描的ip不少是国内的，竟然没有被墙。。。。

		自动登录	找回密码
密码			注册

[Windows VPS] 被盯上了怎么办？？？