Information about misusage of ip.bieringer.de
Issue
Since longer time (approx. over 2 years now) ip.bieringer.de is misused on port 8080 in a continous way by a Java software from various IP addresses:
GET / HTTP/1.1
Host: ip.bieringer.de:8080
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.5.3 (Java/1.8.0_102)
Accept-Encoding: gzip,deflate
or
GET / HTTP/1.1
Host: 127.0.0.1:
User-Agent: Java/1.8.0_10
Log entries (after blocking User-Agent "Java") like
103.125.189.140 - - [14/Nov/2020:16:35:35 +0100] "GET / HTTP/1.1" 403 209 "-" "Apache-HttpClient/4.5.3 (Java/1.8.0_102)" 8080 "ip.bieringer.de:8080" "-" 155 375 "-/-/-/-"
1.1.236.51 - - [01/Sep/2021:01:19:03 +0200] "GET / HTTP/1.1" 403 199 "-" "Java/1.8.0_102" 8080 "127.0.0.1:1339" "-" 154 365 "-/-/-/-"
Mitigations
Several workarounds did not stop that misusage like:
- respond since long time "HTTP 403" (blocked by detected user agent)
- close down port 8080 for quite a while
- permanent close down port 8080 for various sources
Following step reduced the misusage a lot
-
return to DNS servers with following country codes 'NXDOMAIN' instead of the real IP address: VN RU CN
Workaround
In case of any issues with blocked DNS resolution replace in your browser: ip.bieringer.de -> ipng.bieringer.de
Note
If I detected that one change the FQDN to "ipng.bieringer.de" then I will get really angry and close down the service!
Request of help
If one has any hint about the root cause, please contact me - thank you very much!
2021-09-01, webmaster at bieringer dot de
Your connection is via:
IPv4
Your address: 3.239.58.199
|
www.bieringer.de
is maintained by
webmaster at bieringer dot de
(Impressum)
|
|
|