在我的网站上,我创建了一个脚本,每当一个自称是 Google 的新 IP 访问该网站时,它都会向我发送一封电子邮件。
当我看到电子邮件时,我会去检查(例如在 whois.com 上)声称是 google 的 IP 是否真的是 google,如果不是,我会用防火墙阻止它。
通常我每周都会发现一两个假谷歌,但是在过去的几天里,谷歌一直在攻击我的服务器。
103432 Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.130 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
1022802 Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.80 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
1063366 Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
1178083 Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.127 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
(过去 24 小时内我的服务器上的 Google 访问次数)
发生了一些事情,google 比平时更频繁地进入我的服务器,随着 google 访问的增加,“假 google”也增加了很多。但奇怪的是,它们一起增加了……
我会阻止某些 Google 服务的 IP 吗?
(这些是过去 24 小时的数据)
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='193.203.11.230' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='45.80.104.189' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='45.148.124.171' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='37.44.196.194' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='88.218.45.98' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='46.161.60.168' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='212.60.21.63' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='85.202.195.178' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='45.148.124.139' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='84.54.58.80' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='45.148.234.198' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='212.119.46.111' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='195.133.24.218' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='83.142.55.37' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='194.87.112.182' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='193.93.195.206' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='194.156.125.92' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='212.119.46.82' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='45.140.206.107' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='45.66.208.145' reject"
$ sudo firewall-cmd --reload
它们似乎几乎都来自相同的来源(通常 whois.com 的结果彼此不同)。
那么疑问来了,我屏蔽了谷歌的一部分吗?比如 lighthouse、pagespeed 或其他仍属于谷歌扫描的一部分的东西?或者它们只是假装是谷歌来入侵我的服务器或克隆我的网站的骗子的 IP?
会不会是 google 相关服务在 HTTP_USER_AGENT 中声称自己是 google,然后通过在 whois.com 上验证域名所有权而找不到任何关于 google 的信息?(即使 google 自己说唯一真正验证某个 ip 是否属于他们的方式就是验证其所有权,例如使用反向 DNS?)
你能帮助我了解他们是谁吗?我应该如何处理这些 IP?
谢谢
- - - - - - - - - - - 更新 - - - - - - - - -
也许我们的讨论有些偏离主题,也许是因为缺少了一些信息。
我手动检查每个声称是 Google 的 IP,如果不是 Google(在 DNS 中),我会用防火墙阻止它。我不使用自动反向代理,因为它实际上太长且太重。
我使用 fail2ban,我有许多过滤器可以阻止许多诈骗 IP,这些都是通过我的 fail2ban 过滤器幸存下来的。
我不想阻止或隐藏我的内容,我希望搜索引擎能够看到和理解它,但可能不会克隆整个网站。
我通常在服务器上发现的“假谷歌”IP 属于 SQL 注入尝试,在我的网站上插入广告评论,不幸的是,过去我还发现整个网站被克隆。(后来我添加了一些防止克隆的技巧)。
进一步检查发现,这些新的“假谷歌”IP 都访问我服务器上的同一个网站,每个网站都在不同的页面上,并且只进入我的服务器一次。
有一次,我想这就是他们能够在我的fail2ban中幸存下来的原因。
一切都导致人们想到尝试克隆,即使奇怪的是它是用所有这些 IP 来完成的(不是吗?)。
但最让我思考的是,这些“假谷歌”的入侵随着“真谷歌”IP 的扫描而呈指数级增长。
这让我认为它们之间存在某种联系,即使我找不到真实的和虚假的 Google IP 之间的联系。
我希望您能真正了解他们是谁?如果他们是骗子,该如何阻止他们。
这些是今天的 IP:
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='85.202.194.0/24' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='85.202.194.214' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='62.76.232.248' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='212.193.13.168' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='194.104.11.51' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='194.58.68.26' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='5.133.123.198' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='45.140.207.224' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='212.192.28.155' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='83.142.52.178' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='185.89.100.216' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='193.93.192.236' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='195.133.24.190' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='45.140.206.79' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='185.68.184.215' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='185.250.46.119' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='31.40.249.208' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='185.233.187.174' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='37.44.253.226' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='93.177.118.162' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='37.44.253.229' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='94.158.22.50' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='83.171.226.158' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='185.250.45.51' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='212.193.15.194' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='194.99.26.102' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='83.142.55.48' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='185.14.194.78' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='77.220.193.69' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='193.203.10.224' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='193.202.82.135' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='193.31.126.107' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='83.142.54.110' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='77.220.194.114' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='193.151.189.82' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='212.60.21.72' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='195.133.24.68' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='185.250.45.43' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='185.88.100.212' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='212.193.14.102' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='45.80.104.253' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='194.58.68.204' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='194.58.33.128' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='185.68.247.216' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='83.171.227.121' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='212.192.28.169' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='77.243.91.234' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='194.87.116.145' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='194.58.33.192' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='45.80.104.160' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='91.222.239.251' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='194.87.52.175' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='185.68.185.126' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='193.31.126.78' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='212.119.46.226' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='141.98.87.44' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='194.99.26.51' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='31.40.248.142' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='212.193.14.15' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='83.171.252.202' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='193.124.9.221' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='194.58.34.69' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='83.142.52.224' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='77.220.193.239' reject"
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='185.233.187.46' reject"
答案1
验证 Googlebot 是否为假并不复杂。Google 建议使用反向 + 正向 DNS 查找 -验证 Googlebot。
你可以轻松地发现这样的问题 -fail2ban # 2951,其中 DNS 查找需要很长时间(甚至因超时而失败)。
因此,如果您想针对假冒 googlebot 实施一些禁令,最好在本地 DNS 服务或脚本级别组织缓存,例如在 fail2ban(或任何您要使用的东西)中,以避免挂起时间过长,尤其是对于来自它们的大量请求。
另一种方式是限制这些代理的速率(除非该 IP 通过验证被列入白名单作为真正的 googlebots)。
答案2
你必须明确你想要保护什么。创建场景并明确哪些是重要的,哪些不重要。
如果您需要保护您的网站不被复制,您有两个选择:
- 使用版权法并强迫他们遵守 - 这可能会很广泛且耗时,具体取决于您所在的国家/地区和违法者的国家/地区。
- 让他们难以复制你的网站
使用Google SearchConsole了解 Google 何时无法索引您的网站并调试该问题。