Blocking this program.

[bridgetsarah]

Hello,

I have nothing to do with this program and I have my own VPC and I was accessing the access logs and i'm quite concerned at that you've picked up my IP address or domain in someway due to this tool. I understand the nature of this tool but do you not think it's wrong?

You are trying to mass scan, sending intentional traffic to find as many servers but I'm sure i'm not the only one who is in the position of unwanted traffic. Can anything be done?

202.168.64.24 - - [05/Nov/2019:10:12:58 +0000] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 159.65.11.106 - - [05/Nov/2019:10:22:15 +0000] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 91.121.70.155 - - [05/Nov/2019:10:35:43 +0000] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 35.187.106.196 - - [05/Nov/2019:09:20:59 +0000] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 173.249.51.194 - - [05/Nov/2019:09:25:27 +0000] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 80.211.227.118 - - [05/Nov/2019:09:39:41 +0000] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)"

[daweedco]

Yes please stop it

[NXTwoThou]

The problem is, it's a tool, an insanely powerful and useful one. The developers don't have any control how others use the tool. Just like we don't know if the person scanning just used decided to scan the whole internet to benchmark their new connection, doing some school research paper, or looking for exploits to take advantage of.

I'm just thankful they actually have a useragent by default allowing us to identify and protect ourselves from those that might be maliciously scanning. I'd gotten two or three a week in my log up until yesterday when I started getting slammed with them. Adjusted my security software to start blocking the ips with the useragent and moving on.

Here's my logs over the last 24 hours to get a sense of scope as to why I've had to make the decision to auto ban.

Software: Microsoft HTTP API 2.0

Version: 1.0

Date: 2019-11-01 23:03:41

Fields: date time c-ip c-port s-port cs-version cs-method cs-uri cs(User-Agent) cs(Cookie) cs(Referer) cs-host sc-status sc-bytes cs-bytes time-taken s-siteid s-reason s-queuename

2019-11-04 19:18:01 173.212.221.90 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 19:19:45 173.249.47.56 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 19:23:38 168.235.99.103 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 19:26:02 173.249.24.31 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 19:33:29 192.99.55.15 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 19:38:18 5.189.163.253 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 19:40:27 167.99.82.150 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 19:40:54 67.205.142.117 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 20:00:28 79.143.181.172 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 20:01:08 79.143.181.172 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 20:02:19 80.150.16.216 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 20:02:59 54.38.157.127 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 20:03:16 18.136.8.90 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 20:12:52 139.99.141.237 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 20:13:17 54.38.178.106 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 20:13:17 54.38.178.106 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 20:17:04 177.87.70.2 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 20:17:34 207.180.198.9 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 20:26:15 167.99.40.21 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 20:27:36 221.222.213.37 54149 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 20:32:31 27.254.204.196 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 20:35:18 217.147.85.78 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 20:37:43 128.199.84.41 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 20:45:38 155.93.118.14 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 20:46:09 145.239.128.53 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 20:46:57 145.239.128.53 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 20:48:26 173.249.31.123 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 20:49:29 138.68.26.56 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 20:50:01 51.89.251.136 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 20:51:19 80.241.220.101 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 20:51:30 173.249.2.122 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 21:00:45 202.142.49.222 43813 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 21:04:39 91.123.204.139 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 21:11:37 54.37.70.200 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 21:16:30 173.249.53.247 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 21:17:34 46.229.214.251 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 21:33:49 51.75.24.151 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 21:38:16 138.197.216.120 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 21:46:10 159.65.187.1 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 21:48:05 37.187.18.168 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 21:49:01 82.148.68.100 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 21:49:22 192.99.7.152 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 21:49:45 128.199.221.30 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 21:53:21 163.172.47.200 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 21:55:56 159.65.187.159 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 22:04:33 78.109.29.17 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 22:22:12 80.211.227.118 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 22:22:49 165.22.43.33 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 22:36:31 54.36.63.4 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 22:39:42 114.245.90.200 37662 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 23:09:38 51.68.226.118 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 23:11:56 73.198.145.231 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 23:19:00 159.65.190.151 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 23:27:27 128.199.150.109 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 23:30:07 178.238.238.221 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 23:32:13 139.99.186.165 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 23:36:43 37.59.63.219 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 23:42:19 111.193.222.56 46030 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 23:43:22 104.248.63.201 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 23:48:20 46.105.123.189 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 23:56:43 178.33.122.173 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-04 23:58:12 206.189.124.122 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 00:10:20 206.189.237.232 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 00:28:49 167.250.48.1 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 00:35:38 104.248.163.158 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 00:38:26 146.196.55.181 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 00:45:36 91.194.90.159 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 00:48:53 94.23.147.35 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 01:00:25 173.249.11.37 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 01:10:17 178.57.127.122 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 01:11:46 23.254.209.226 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 01:20:43 213.136.87.57 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 01:32:48 83.212.86.243 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 01:46:30 159.65.11.106 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 01:55:23 46.43.3.65 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 02:00:11 66.70.190.63 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 02:08:02 177.22.191.253 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 02:14:09 128.199.91.141 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 02:28:11 173.249.2.109 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 02:36:35 50.73.116.41 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 02:42:46 174.138.7.207 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 03:17:25 81.4.102.30 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 03:19:18 67.207.92.112 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 03:21:41 193.200.241.132 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 03:22:16 193.200.241.132 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 03:35:32 138.68.247.104 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 03:38:13 203.80.15.36 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 03:43:30 94.137.82.33 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 03:51:58 209.97.190.223 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 04:05:25 173.249.21.119 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 04:09:57 165.227.4.106 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 04:16:31 54.39.96.48 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 04:19:46 103.82.242.75 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 04:36:49 103.193.90.210 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 04:41:26 173.249.28.191 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 04:45:22 93.64.39.53 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 04:55:57 82.251.104.61 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 05:06:02 173.249.1.197 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 05:11:48 213.126.51.238 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 05:17:36 217.112.83.19 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 05:21:11 173.249.60.176 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 05:27:09 173.249.12.113 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 06:04:53 173.249.2.213 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 07:07:47 122.155.11.55 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 07:08:35 54.38.207.237 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 07:14:52 200.2.162.34 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 07:26:21 163.172.10.53 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 07:33:43 194.182.72.52 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 07:50:35 170.238.36.66 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 08:11:37 54.39.123.246 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 08:54:40 165.227.6.135 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 09:30:35 206.189.148.115 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 09:47:39 173.249.57.206 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 10:07:55 192.241.163.192 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 10:19:12 52.232.188.182 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 10:19:21 89.36.211.92 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 10:27:07 182.71.202.22 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 11:48:00 190.215.79.45 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 11:52:21 173.249.16.234 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 11:54:13 142.93.187.70 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 12:11:54 50.73.116.43 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 12:12:26 165.227.40.222 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound - 2019-11-05 12:55:18 178.172.161.221 61000 80 HTTP/1.0 GET / masscan/1.0+(https://github.com/robertdavidgraham/masscan) - - - 404 492 103 0 - NotFound -

[NXTwoThou]

Dupe of https://github.com/robertdavidgraham/masscan/issues/367 and https://github.com/robertdavidgraham/masscan/issues/296

[Qix-]

There's nothing that can be done about this. Stop posting about it. This isn't anyone's fault but your own.

EDIT Downvote me all you want. The point I'm making is that there is literally nothing that can be done about this. The maintainers have zero options to stop your web server from being hit. If you're posting about it here, you are misunderstanding the web, the internet, and how your own web server works. You're misunderstanding security and privacy on the internet almost entirely.

Posting here will do absolutely nothing guaranteed.

[Qix-]

@robertdavidgraham would you like an extra maintainer on this project so I can clean up the issues for you? 😅

[borosilicate]

Ya my raspberry pi has this going on too. http://an-otter-mess.com/log.html (https://github.com/robertdavidgraham/masscan)" 51.38.185.246 - - [07/Nov/2019:10:36:57 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 79.143.186.114 - - [07/Nov/2019:10:37:03 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 159.89.16.121 - - [07/Nov/2019:10:45:38 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 118.97.74.4 - - [07/Nov/2019:10:47:36 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 41.211.104.45 - - [07/Nov/2019:10:52:42 -0500] "GET / HTTP/1.1" 200 1161 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64)

[borosilicate]

cat /var/log/nginx/access.log | grep masscan 146.185.142.70 - - [07/Nov/2019:06:35:15 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 165.227.6.135 - - [07/Nov/2019:06:54:32 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 138.59.74.144 - - [07/Nov/2019:07:04:48 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 91.121.106.6 - - [07/Nov/2019:07:19:44 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 173.249.33.187 - - [07/Nov/2019:07:22:01 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 188.138.41.213 - - [07/Nov/2019:07:52:58 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 173.249.28.191 - - [07/Nov/2019:08:32:29 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 103.121.57.6 - - [07/Nov/2019:08:57:02 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 167.250.48.1 - - [07/Nov/2019:09:03:01 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 91.123.204.139 - - [07/Nov/2019:09:41:12 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 207.180.222.40 - - [07/Nov/2019:09:52:04 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 193.164.132.204 - - [07/Nov/2019:10:12:31 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 5.189.179.2 - - [07/Nov/2019:10:27:35 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 51.38.185.246 - - [07/Nov/2019:10:36:57 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 79.143.186.114 - - [07/Nov/2019:10:37:03 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 159.89.16.121 - - [07/Nov/2019:10:45:38 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 118.97.74.4 - - [07/Nov/2019:10:47:36 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 167.99.40.21 - - [07/Nov/2019:10:56:06 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 51.255.203.109 - - [07/Nov/2019:10:56:07 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 165.22.43.33 - - [07/Nov/2019:11:01:40 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 159.65.187.159 - - [07/Nov/2019:11:23:28 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 207.180.220.8 - - [07/Nov/2019:11:51:33 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 173.212.244.229 - - [07/Nov/2019:12:01:25 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 94.23.208.18 - - [07/Nov/2019:12:08:21 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 5.189.189.207 - - [07/Nov/2019:12:19:52 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 178.33.122.173 - - [07/Nov/2019:12:30:47 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 185.180.196.71 - - [07/Nov/2019:12:41:02 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 195.154.164.44 - - [07/Nov/2019:12:52:20 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 5.196.65.217 - - [07/Nov/2019:13:18:59 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 173.249.36.111 - - [07/Nov/2019:13:32:44 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 91.121.70.155 - - [07/Nov/2019:16:13:05 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" 173.212.246.14 - - [07/Nov/2019:16:17:00 -0500] "GET / HTTP/1.0" 200 612 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" cat /var/log/nginx/access.log | grep masscan | grep -oE "\b([0-9]{1,3}.){3}[0-9]{1,3}\b" > ban_ips.txt Know what i'm saying!

[Qix-]

Know what i'm saying!

Yes. And anyone can do this. Don't expose your application to the internet if you don't want people to connect to it. Masscan is a tool, just like nmap or curl or ping.

[borosilicate]

@Qix- Masscan is a tool, Massscan maybe a tool 👍. I definitely agree it is the server owners responsibility to block access not the developers of tools like Curl, NMAP, and Masscan.

Know what i'm saying!

Don't expose your application to the internet if you don't want people to connect to it. Massscan

[Qix-]

So then why are you bringing it up here?

[xiaotianlu]

yiqunzhazha

[borosilicate]

^I think we can mark this as closed^

[adamlucia]

As a good person, maybe you should remove the tool so it can't be used for malicious activity.

[Qix-]

@adamlucia No. That's not how academia, open source, or really the world works. Removing this doesn't change a thing about how raw sockets work. Anyone with reading ability could re-code this.

[Qix-]

@adamlucia You've obviously never heard of Kali Linux, lol. Go complain somewhere else.

Also, this has nothing to do with the gun control debate. Take your American politics elsewhere, they don't belong on Github.

[LtSich]

I have write a fail2ban filter for that... Now I drop for 24H any IP with the masscan header...

Just do the same..

[zedoyle]

The open internet isn't an even slightly governed space. It's a wild ecosystem. Wear long pants and get your booster shots before you go.

[d3x0r]

Adding IP bans doesn't help very much, there are a LOT of TOR endpoints.

• scanner doesn't support redirect.

[granbom]

I handle connections to ip numbers only and port 80 in nginx like this: server { listen 80 default_server; listen [::]:80 default_server; servername ; return 444; } As a lot of you know, 444 is an nginx way of just dropping the connection.

[hwvs]

Adding IP bans doesn't help very much, there are a LOT of TOR endpoints.

* scanner doesn't support redirect.

Just ban by ASN then. Also it's very easy to ban exit nodes.

If you're running Apache you can also add this to your config/.htaccess file

\<IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTP_USER_AGENT} ^(masscan) [NC] RewriteRule .* - [F,L] \</IfModule>

[BloodBound696]

Jesus Christ this stuff is going over my head, I just want to turn my IOS into a pen testing device and I gotta deal with this? How powerful is this tool, are people just exposed to everybody? Not only I'm tbh lost but actually worried.

[Qix-]

are people just exposed to everybody

Yes, that's how the WAN works. This is what firewalls are for.

[BloodBound696]

On Thu, Apr 23, 2020 at 1:17 PM Qix notifications@github.com wrote:

are people just exposed to everybody

Yes, that's how the WAN works. This is what firewalls are for.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/robertdavidgraham/masscan/issues/457#issuecomment-618528199

now maybe you can explain to me, What is this tool really used for Ethically and Unethically cause it's like someone Trusted THE WORLD to use this, with good intention and there is every color of the rainbow of hats out there and let's say I wana test this and then, somehow some guy in who knows where is trying to screw me from my info/data being exposed or IP I guess idk

[wporquet]

If you put something on the internet, everyone potentially has access to it. Information wants to be free. Have you heard of censys.io?

This tool, like many good tools, is double-edged. You can use it as a scalpel to detect and cure or as a sword to threaten and maim.

Maybe the developer should put a usual warning/disclaimer in the README paraphrasing Stan Kelly-Bootle's quotation, "UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things." Because likewise, I don't believe this tool was designed to stop you from being stupid things.

Merely my $0.02. I don't develop this software, I just use it in my work and like to keep track of the progress of this project.

[BloodBound696]

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/robertdavidgraham/masscan/issues/457#issuecomment-618636627, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHZ5UO7Q6U7ZTVHMHUGQBL3ROCNXXANCNFSM4JJA3UCQ .

First off I want to say thank you for your in depth response, I appreciate that. I can totally see that yeah it can be used for good, bad, it can be used intelligently or stupidly, like any tool I guess. It just blows my mind how people were gettin random connections because of its functions. I agree that this is a cool project, I'm prolly gonna follow it as well. Hopefully in a future update it comes integrated with code to only allow specific connections to connect (or something like that) or in a way a kind of virtual fly swatter for unwanted snooping. Once again thank you for your thoughtful reply.

[Qix-]

Guys, this tool cannot do damage to your servers unless your open ports are very sensitive to unexpected connections (they shouldn't be).

Stop talking about philosophy here; it's not the place. Much of the code found on GitHub can be used maliciously or ethically; it's all up to the user of the code. MassScan is no different in that regard.

[BloodBound696]

All I'm specifically saying is, unlike other tools it seems like its not a one way street, where people are not just using it client side and thats the end of it. Your info is just there like a sitting duck when using it, or have it idle i guess? (i dont understand fully how the tool works) anyway so its like you hope the next guy over is not a cheeky meanie and starts snooping on your ip and ports and however its working.

On Thu, Apr 23, 2020 at 6:51 PM Qix notifications@github.com wrote:

Guys, this tool cannot do damage to your servers unless your open ports are very sensitive to unexpected connections (they shouldn't be).

Stop talking about philosophy here; it's not the place. Much of the code found on GitHub can be used maliciously or ethically; it's all up to the user of the code. MassScan is no different in that regard.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/robertdavidgraham/masscan/issues/457#issuecomment-618711253, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHZ5UO66Z2VEYR72AJMSFNDRODA7BANCNFSM4JJA3UCQ .

[Qix-]

@BloodBound696 I think you seriously misunderstand what this program does.

[EazyServer]

@bridgetsarah

I agree with the opinion saying this is a tool and if abused by others it's not the maintainer's fault!

On top of it's usage, it brought my attention to how a small code size, such as this tool, can scan entire internet on port 80:443 in 24hrs! I would Imagine gov agencies in the US and China does similar things to our servers, laptops and worse our mobiles everyday!

Better to be aware of such tools and learn how to protect yourself rather than relying on other's mercy to not reach you!

Anyways, I learned from this tool to add the following to .htaccess to block masscan

RewriteCond %{HTTP_USER_AGENT} ^.*(masscan).*$ [NC] RewriteRule .* - [F,L]

[MartinDevillers]

For those of you planning on blocking this based on the masscan user-agent, please realize that the user-agent can easily be changed by any hacker who knows what (s)he's doing. Yes, you can potentially honeypot some IP-addresses with this and report them, but again, any hacker who knows what (s)he's doing will not be running this tool from their own network. You'll either end up chasing some scriptkiddie or someone's compromised PC.

If you don't want people walking through your wide open front door: close it and put a lock on it.