2018年3月22日木曜日

日本のスパマー 43.250.228.0/22

IPアドレスブロック

43.250.228.0/22

を丸ごと遮断推奨

From: ..
Subject: =?utf-8?B?4pag5paw552A44Oh44O844Or4pag5LuK5Zue44Gu6LOH55Sj6LSI?=
 =?utf-8?B?5LiO44Gv6LK05pa544KS5ZCr44KB44GfOeWQjeOBruaWueOBq+OAjjPlhIQz?=
 =?utf-8?B?MDAw5LiH44CP44KS44GK5rih44GX44GZ44KL44GT44Go44Gn5a6M6YGC44GX?=
 =?utf-8?B?44G+44GZ44CC5pei44GrOOWQjeOBruaWueOBr+OBiuWPl+WPluOBq+OBqg==?=
 =?utf-8?B?44Gj44Gm44GK44KK44G+44GZ44Gu44Gn5q6L44GZ44Gv6LK05pa544GL44KJ?=
 =?utf-8?B?44Gu6YCj57Wh44KS5Y+X5Y+W44KK44Gu5a6M5LqG44Gn44GZ44CC44Gp44GG?=
 =?utf-8?B?44GL44GK5Y+X44GR5Y+W44KK44KS5a6c44GX44GP44GK6aGY44GE6Ie044GX?=
 =?utf-8?B?44G+44GZ44CC44GK5Y+X44GR5Y+W44KK6aCC44GP54K644Gu44GU6YCj57Wh?=
 =?utf-8?B?44KS44Gp44GG44GL5a6u5bSO5qeY44G444GK6aGY44GE6Ie044GX44G+44GZ?=
 =?utf-8?B?44CC?=
MIME-Version: 1.0
Date: Thu, 22 Mar 2018 16:08:12 +0900
Message-ID: <..>
Received: from localhost ([43.251.48.19])
 by mfsmax.docomo.ne.jp(DOCOMO Mail Server Ver2.0) with SMTP id ..
 for..
To: ..
Received: from  ..
 by .. (Postfix) with ESMTP id ..
 for <..>; Thu, 22 Mar 2018 16:08:29 +0900 (JST)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

% Information related to '43.251.48.0 - 43.251.51.255'

inetnum:        43.251.48.0 - 43.251.51.255
netname:        UCHINA-WEB-JP
descr:          Uchina-Web, Inc.
descr:          Okijimu-tsubokawa building 5F Tsubokawa 3-4-26
country:        JP
admin-c:        MINA7-AP
tech-c:         MINA7-AP
mnt-by:         APNIC-HM
mnt-lower:      MAINT-UCHINA-WEB-JP
mnt-routes:     MAINT-UCHINA-WEB-JP
mnt-irt:        IRT-UCHINA-WEB-JP
status:         ALLOCATED PORTABLE
changed:        hm-changed@apnic.net 20160421
source:         APNIC

irt:            IRT-UCHINA-WEB-JP
address:        Okijimu-tsubokawa building 5F Tsubokawa 3-4-26 Naha-shi Okinawa-ken Japan 900-0025
e-mail:         support@uchina-web.biz
abuse-mailbox:  abuse@uchina-web.biz
admin-c:        MINA7-AP
tech-c:         MINA7-AP
auth:           # Filtered
mnt-by:         MAINT-UCHINA-WEB-JP
changed:        hm-changed@apnic.net 20120411
source:         APNIC

role:           MEDIAWAVE INC - network administrator
address:        Okijimu-tsubokawa building 5F Tsubokawa 3-4-26 Naha-shi Okinawa-ken Japan 900-0025
country:        JP
phone:          +81-98-835-4611
e-mail:         chiaki.saito@uchina-web.biz
admin-c:        MINA7-AP
tech-c:         MINA7-AP
nic-hdl:        MINA7-AP
mnt-by:         MAINT-UCHINA-WEB-JP
changed:        hm-changed@apnic.net 20120411
source:         APNIC

% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r7-SNAPSHOT (WHOIS1)


Domain Name: isdidb7sx5ppy.biz
Registry Domain ID: DA44056B729914BF09A31A56D1D5F87CE-NSR
Registrar WHOIS Server: whois.discount-domain.com
Registrar URL: www.onamae.com
Updated Date: 2018-03-21T08:02:10Z
Creation Date: 2018-03-16T08:02:09Z
Registry Expiry Date: 2019-03-16T08:02:09Z
Registrar: GMO Internet, Inc. d/b/a Onamae.com
Registrar IANA ID: 49
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Domain Status: ok https://icann.org/epp#ok
Registry Registrant ID: C3A3CAA0FC4EF4491A99803874B02D8A3-NSR
Registrant Name: Ryuuhei Sinagawa
Registrant Organization: Sinagawa Ryuuhei
Registrant Street: 1-3 kawagutiTyoume
Registrant Street: Oberutawakawagutikorajjyu2604
Registrant Street:
Registrant City: Kawaguchi Shi
Registrant State/Province: Saitama
Registrant Postal Code: 332-0015
Registrant Country: JP
Registrant Phone: +81.8041236659
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: tjmstar555@yahoo.co.jp
Registry Admin ID: C969FCB5FD1014252938EE9130F7A4B4D-NSR
Admin Name: Ryuuhei Sinagawa
Admin Organization: Sinagawa Ryuuhei
Admin Street: 1-3 kawagutiTyoume
Admin Street: Oberutawakawagutikorajjyu2604
Admin Street:
Admin City: Kawaguchi Shi
Admin State/Province: Saitama
Admin Postal Code: 332-0015
Admin Country: JP
Admin Phone: +81.8041236659
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: tjmstar555@yahoo.co.jp
Registry Tech ID: CC0ADDB6881C248F885CC2DEBC1BC76C4-NSR
Tech Name: Ryuuhei Sinagawa
Tech Organization: Sinagawa Ryuuhei
Tech Street: 1-3 kawagutiTyoume
Tech Street: Oberutawakawagutikorajjyu2604
Tech Street:
Tech City: Kawaguchi Shi
Tech State/Province: Saitama
Tech Postal Code: 332-0015
Tech Country: JP
Tech Phone: +81.8041236659
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: tjmstar555@yahoo.co.jp
Name Server: 04.dnsv.jp
Name Server: 03.dnsv.jp
Name Server: 01.dnsv.jp
Name Server: 02.dnsv.jp
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2018-03-22T07:28:43Z <<<

For more information on Whois status codes, please visit https://icann.org/epp

NeuStar, Inc., the Registry Operator for .BIZ, has collected this information for the WHOIS database through an ICANN-Accredited Registrar. This information is provided to you for informational purposes only and is designed to assist persons in determining contents of a domain name registration record in the NeuStar registry database. NeuStar makes this information available to you "as is" and does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data: (1) to allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via direct mail, electronic mail, or by telephone; (2) in contravention of any applicable data and privacy protection acts; or (3) to enable high volume, automated, electronic processes that apply to the registry (or its systems). Compilation, repackaging, dissemination, or other use of the WHOIS database in its entirety, or of a substantial portion thereof, is not allowed without NeuStar's prior written permission. NeuStar reserves the right to modify or change these conditions at any time without prior or subsequent notification of any kind. By executing this query, in any manner whatsoever, you agree to abide by these terms.


2018年3月20日火曜日

デフォルトの接続を維持しつつOpenVPNを利用する

旧ブログより転載


クライアント
 <-eth0-> DefaultNetwork <-> httpbin.org/ip <-> デフォルトのIPアドレス
 <-tun0-> VPN           <-> httpbin.org/ip <-> VPNのIPアドレス
route_up.sh
#!/bin/sh
 
echo "$dev : $ifconfig_local -> $ifconfig_remote gw: $route_vpn_gateway"
 
ip route add default via $route_vpn_gateway dev $dev table 20
ip rule add from $ifconfig_local table 20
ip rule add to $route_vpn_gateway table 20
ip route flush cache
exit 0
VPNプロバイダから提供されるovpn-configに以下を追記する
script-security 2 system
route-noexec
route-up /etc/openvpn/route_up.sh
実行
screen
sudo openvpn --config /root/vpn/PIA/NL.ovpn
screenから抜けるにはCtrl+A+D
確認
curl http://httpbin.org/ip --interface tun0
プログラムからも実行可能
test.php
<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://httpbin.org/ip');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch,CURLOPT_INTERFACE,$args[1]); //NIC
var_dump(curl_exec($ch));
curl_close($ch);
php test.php # eth0 ip
php test.php tun0 #vpn ip

PHPをデーモンとして動かす

旧ブログより転載
  • /root/get.php
#!/usr/bin/env php
<?php
$count = 0;
while(1){
    if($count >10000){
        $count = 0;
    }
    file_get_contents('http://localhost/heartbeat/?count='.$count.'&t='.time());
    $count++;
    sleep(1);
}
  • /etc/systemd/system/gethttp.service
[Unit]
Description=PHPJobProcess1
After=network.target

[Service]
Type=simple
RemainAfterExit=no
ExecStart=/root/runtest.sh
Restart=always

[Install]
WantedBy=multi-user.target
  • /root/runtest.sh
#!/usr/bin/sh
/usr/bin/php -f /root/get.php
systemctl daemon-reload
service gethttp start
service gethttp status
tail -f  /var/log/httpd/access_log

AlpineLinux + ProxyChains-ng + PHP + curl(musl)で多段串で通信をする

旧ブログより転載

AlpineLinuxを導入する

musl-libcが使用されているAlpineLinuxを導入します
http://wiki.musl-libc.org/wiki/Projects_using_musl

 

リポジトリの設定

vi /etc/apk/repositories
http://dl-4.alpinelinux.org/alpine/v3.3/main
http://dl-4.alpinelinux.org/alpine/v3.3/community
http://dl-4.alpinelinux.org/alpine/edge/testing

ネットワーク設定

面倒なのでdhcpで
vi /etc/network/interfaces
以下を追記して保存する。
auto eth0
iface eth0 inet dhcp
pingで確認
/etc/init.d/networking restart
ping google.com
apk update
apk add php7
ls /usr/bin/php7
/usr/bin/php7 -v
apk add php7-curl

apk add git
git clone https://github.com/rofl0r/proxychains-ng

apk add gcc
apk add make
/usr/bin/make

apk add tor
ls /etc/tor/
cp /etc/tor/torrc.sample /etc/tor/torrc
vi /etc/tor/torrc
service tor start

apk add musl-dbg musl-dev musl-utils
/usr/bin/make install
/usr/bin/make install-config
次のテスト用PHPファイルを作成する
vi test.php

<?php
echo "file_get_contents:".PHP_EOL;
echo file_get_contents("http://ifconfig.me");
print PHP_EOL;
echo "curl:".PHP_EOL;
$ch=curl_init();
curl_setopt($ch,CURLOPT_URL,"http://ifconfig.me");
curl_setopt($ch,CURLOPT_HEADER,0);
curl_exec($ch);
curl_close($ch);
サーバのIPが表示されるか確認する
/usr/bin/php7 test.php

proxychainsで指定したProxyのIPが表示されるか確認する
proxychains4 /usr/bin/php test.php
参考文献/リンク:
Alpine Linux package management
http://wiki.alpinelinux.org/wiki/Alpine_Linux_package_management

Creating a Package Repository for Alpine Linux
https://engineering.fundingcircle.com/blog/2015/04/28/create-alpine-linux-repository/

Alpine Linux使ってみた
http://qiita.com/tukiyo3/items/247f853c81bf00e82c11

DistroWatch
http://distrowatch.com/table.php

Alpinelinux Package Search
https://pkgs.alpinelinux.org/contents

Configure Networking
http://wiki.alpinelinux.org/wiki/Configure_Networking#IPv4_DHCP_Configuration

proxychains-ng
https://github.com/rofl0r/proxychains-ng

speedtest.netのホストを一時中断

10ギガビットの普及に伴い、新たに10ギガビットネットワークの用意ができるまでホストをやめます (PING値でサーバが決定されてしまうので計測ユーザに迷惑なため) [root@localhost ~]# ifconfig enp2s0f0: flags=4163<...