Information about misusage of ip.bieringer.de
Issue
Since longer time (approx. over a year) ip.bieringer.de is misused on port 8080 in a continous way by a Java software from various IP addresses:
GET / HTTP/1.1
Host: ip.bieringer.de:8080
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.5.3 (Java/1.8.0_102)
Accept-Encoding: gzip,deflate
Mitigations
Several workarounds did not stop that misusage like:
- respond since long time "HTTP 403" (blocked by detected user agent)
- close down port 8080 for quite a while
Following step reduced the misusage a lot
-
return to DNS servers with following country codes 'NXDOMAIN' instead of the real IP address: VN
Leftover requestor is now:
103.125.189.140 - - [14/Nov/2020:16:35:35 +0100] "GET / HTTP/1.1" 403 209 "-" "Apache-HttpClient/4.5.3 (Java/1.8.0_102)" 8080 "ip.bieringer.de:8080" "-" 155 375 "-/-/-/-"
(must be something like a master control server...)
Workaround
In case of any issues with blocked DNS resolution replace in your browser: ip.bieringer.de -> ipng.bieringer.de
Note
If I detected that one change the FQDN to "ipng.bieringer.de" then I will get really angry and close down the service!
Request of help
If one has any hint about the root cause, please contact me - thank you very much!
2020-11-14, webmaster at bieringer dot de
Your connection is via:
IPv4
Your address: 3.227.235.183
|
www.bieringer.de
is maintained by
webmaster at bieringer dot de
(Impressum)
|
|
|