從西班牙來的傢伙進行加密貨幣挖礦攻擊(Cryptojacking), 攻擊者試圖利用我的伺服器來挖掘Monero (XMR)、以太坊 (ETH)等加密貨幣
以下這些請求來自挖礦軟體, 它們試圖連接我的伺服器並訂閱到一個挖礦池
195.170.172.128 - - [30/Mar/2025:17:15:57 +0800] "\x16\x03\x01\x02" 400 226 "-" "-"
195.170.172.128 - - [30/Mar/2025:17:15:58 +0800] "{\"id\": 1, \"method\": \"mining.subscribe\", \"params\": [\"cpuminer/2.5.1\"]}\n" 400 226 "-" "-"
195.170.172.128 - - [30/Mar/2025:17:16:00 +0800] "{\"id\": 1, \"method\": \"mining.subscribe\", \"params\": [\"MinerName/1.0.0\", \"EthereumStratum/1.0.0\"]}\n" 400 226 "-" "-"
以下是以太坊挖礦協議(Ethereum Stratum)的一部分, 攻擊者嘗試登入他們的以太坊挖礦帳戶, 並使用我的伺服器作為算力來源
195.170.172.128 - - [30/Mar/2025:17:16:01 +0800] "{\"id\":1,\"method\":\"eth_submitLogin\",\"worker\":\"igwrcvap\",\"params\":[\"0x044b879a07547d75de1f3bf0b35a9185d8db4c59\",\"x\"],\"jsonrpc\":\"2.0\"}\n" 400 226 "-" "-"
以下是 Monero(XMR)挖礦軟體 XMRig嘗試登入請求, 攻擊者試圖讓伺服器開始為他們挖礦
195.170.172.128 - - [30/Mar/2025:17:16:03 +0800] "{\"id\":1,\"jsonrpc\":\"2.0\",\"method\":\"login\",\"params\":{\"login\":\"4AXkveLwwqn72xdjbC5ANKF4SypYA4nzKKZo4msYkbotMVFANkRQ2Bsa8aJqncbahb5Z1x11V7ZZiRMThZn2DRhrV3iqmpv\",\"pass\":\"x\",\"agent\":\"XMRig/6.15.3 (Windows NT 10.0; Win64; x64) libuv/1.42.0 msvc/2019\",\"algo\":[\"cn/1\",\"cn/2\",\"cn/r\",\"cn/fast\",\"cn/half\",\"cn/xao\",\"cn/rto\",\"cn/rwz\",\"cn/zls\",\"cn/double\",\"cn/ccx\",\"cn-lite/1\",\"cn-heavy/0\",\"cn-heavy/tube\",\"cn-heavy/xhv\",\"cn-pico\",\"cn-pico/tlo\",\"cn/upx2\",\"rx/0\",\"rx/wow\",\"rx/arq\",\"rx/graft\",\"rx/sfx\",\"rx/keva\",\"argon2/chukwa\",\"argon2/chukwav2\",\"argon2/ninja\",\"astrobwt\"]}}\n" 400 226 "-" "-"
只能封鎖 IP 跟關閉 port: 3333、4444