ログがスッキリして、色々捗ると思っていたら、下記ログが記録されていました。
198.235.24.165 - - [24/Dec/2024:00:00:23 +0900] "GET / HTTP/1.1" 200 73825 "-" "Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"
どうもパロアルトネットワークスのスキャナーによるアクセスのようで、除外して欲しければメールにて連絡せよとのこと。
なので、下記文面でscaninfo@paloaltonetworks.comへ件名「execlude IP and Domain」でメールを送ってみました。
Please execlude from scan. follow IP/Domain 133.242.180.11 rgz95.com
サーバの実IPとブログのドメイン名を指定して、これらを除外して欲しい旨をメールをしたところ、6日後に先方から連絡が下記の通りありました。
Thank you for reaching out. Cortex Xpanse from Palo Alto Networks, takes an outside-in view of network security and asset management. As part of our technology, Xpanse performs global internet scans to discover internet assets for customers. Searches are done across all of IPv4 multiple times per day, looking for new assets and risks to notify customers about. We've added 133.242.180.11 and rgz95.com to our excludelist. It can take up to a week for the system to update excluded ranges and domains, but once they propagate you will stop seeing connections from our scanners. If you do still see activity after a week from our ranges (35.203.210.0/24, 35.203.211.0/24, 162.216.149.0/24, 162.216.150.0/24, 198.235.24.0/24, 205.210.31.0/24, 147.185.132.0/24,147.185.133.0/24), please reach out again with the time you observed scanning activity, and we'll troubleshoot. On Wed, Dec 25, 2024 at 5:21 AM ***@********** wrote: >Please execlude from scan. follow IP/Domain > >133.242.180.11 >rgz95.com
除外したので1週間ほど様子を見て欲しいこと、スキャナーのIPアドレスを示すので再度これらからのアクセスがあったら、トラブルシュートを開始する旨が記載されています。
とりあえず1週間様子見ですね、これは・・・
