These are the main Ips from which the attacks originate, we should compare them to get closer to the matter. If possible all posts here then we can spear them in the next update right from the start.

"IP","Domain","Country","Region","City","ISP","ASN","Lat","Long","CNAME"
"106.12.215.244","","China","","","Beijing Baidu Netcom Science and Technology Co., Ltd.","38365","34,7725","113,7266",""
"111.229.78.120","","China","","","Shenzhen Tencent Computer Systems Company Limited","45090","34,7725","113,7266",""
"112.35.62.225","","China","","","Guangdong Mobile Communication Co.Ltd.","9808","34,7725","113,7266",""
"14.142.143.138","14.142.143.138.static-Mumbai.vsnl.net.in","India","Madhya Pradesh","Indore","TATA Communications formerly VSNL is Leading ISP","4755","22,7163","75,8316",""
"152.136.141.254","","China","","","Shenzhen Tencent Computer Systems Company Limited","45090","34,7725","113,7266",""
"186.215.235.9","186.215.235.9.static.gvt.net.br","Brazil","Rio de Janeiro","Rio de Janeiro","TELEFONICA BRASIL S.A","18881","-22,9201","-43,3307",""
"222.186.180.130","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"222.186.31.127","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"49.235.87.213","","China","","","Shenzhen Tencent Computer Systems Company Limited","45090","34,7725","113,7266",""
"222.186.30.35","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"144.172.79.5","","United States","","","Boomer LTD","62203","37,751","-97,822",""
"222.186.15.62","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"182.252.133.70","","South Korea","","","purplestones","38661","37,5112","126,9741",""
"109.244.101.169","","China","","","Shenzhen Tencent Computer Systems Company Limited","45090","34,7725","113,7266",""
"61.177.172.102","","China","Shanghai","Shanghai","Chinanet","4134","31,0449","121,4012",""
"139.215.217.181","181.217.215.139.adsl-pool.jlccptt.net.cn","China","Jilin","Changchun","CHINA UNICOM China169 Backbone","4837","43,88","125,3228",""
"106.53.19.186","","China","","","Shenzhen Tencent Computer Systems Company Limited","45090","34,7725","113,7266",""
"106.124.141.108","","China","","","CHINATELECOM Xinjiang Wulumuqi MAN network","137695","34,7725","113,7266",""
"222.186.30.57","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"109.115.187.31","","Italy","Monza Brianza","Desio","Vodafone Italia S.p.A.","30722","45,614","9,1976",""
"222.186.180.142","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"222.186.42.7","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"222.186.190.14","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"119.18.194.168","","China","","","IDC, China Telecommunications Corporation","23724","34,7725","113,7266",""
"36.111.171.108","","China","","","Cloud Computing Corporation","58519","34,7725","113,7266",""
"218.92.0.220","","China","Jiangsu","Xinpu","Chinanet","4134","34,5997","119,1594",""
"222.186.42.136","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"222.186.31.83","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"112.17.184.171","","China","Zhejiang","Hangzhou","China Mobile communications corporation","56041","30,294","120,1619",""
"193.70.12.219","ns3061461.ip-193-70-12.eu","France","","","OVH SAS","16276","48,8582","2,3387",""
"93.146.233.226","net-93-146-233-226.cust.vodafonedsl.it","Italy","Milan","Milan","Vodafone Italia S.p.A.","30722","45,4707","9,1889",""
"218.92.0.215","","China","Jiangsu","Xinpu","Chinanet","4134","34,5997","119,1594",""
"94.172.225.26","94-172-225-26.dynamic.chello.pl","Poland","Mazovia","Warsaw","Liberty Global B.V.","6830","52,2088","21,0053",""
"222.186.30.112","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"222.186.42.155","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"218.92.0.219","","China","Jiangsu","Xinpu","Chinanet","4134","34,5997","119,1594",""
"222.186.30.76","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"111.229.176.206","","China","","","Shenzhen Tencent Computer Systems Company Limited","45090","34,7725","113,7266",""
"218.92.0.221","","China","Jiangsu","Xinpu","Chinanet","4134","34,5997","119,1594",""
"216.83.45.162","","United States","","","BGPNET Global ASN","64050","37,751","-97,822",""
"218.92.0.223","","China","Jiangsu","Xinpu","Chinanet","4134","34,5997","119,1594",""
"222.186.42.137","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"222.186.15.115","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"218.255.86.106","static.reserve.wtt.net.hk","Hong Kong","Tuen Mun","Tuen Mun","HKBN Enterprise Solutions HK Limited","9381","22,4","113,9833",""
"115.78.4.219","","Vietnam","Ho Chi Minh","Ho Chi Minh City","Viettel Group","7552","10,8142","106,6438",""
"222.186.31.166","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"181.30.99.114","114-99-30-181.fibertel.com.ar","Argentina","Buenos Aires F.D.","Buenos Aires","Telecom Argentina S.A.","10481","-34,6021","-58,3845",""
"117.50.8.61","","China","","","China Unicom Beijing Province Network","4808","34,7725","113,7266",""
"186.147.129.110","static-ip-186147129110.cable.net.co","Colombia","Departamento del Valle del Cauca","Santiago de Cali","Telmex Colombia S.A.","10620","3,4384","-76,5232",""
"222.186.30.167","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"51.178.55.92","92.ip-51-178-55.eu","France","","","OVH SAS","16276","48,8582","2,3387",""
"124.30.44.214","firewallgoa.unichemlabs.com","India","","","Sify Limited","9583","20,0063","77,006",""
"220.78.28.68","","South Korea","Gyeonggi-do","Seongnam-si","Korea Telecom","4766","37,4388","127,1396",""
"144.172.79.7","","United States","","","Boomer LTD","62203","37,751","-97,822",""
"58.246.94.230","","China","Shanghai","Shanghai","China Unicom Shanghai network","17621","31,0449","121,4012",""
"218.92.0.216","","China","Jiangsu","Xinpu","Chinanet","4134","34,5997","119,1594",""
"37.49.224.39","","Estonia","","","Vitox Telecom","199264","59","26",""
"85.209.0.103","","Russia","","","Chernyshov Aleksandr Aleksandrovich","202984","55,7386","37,6068",""
"50.70.229.239","S0106105611a4b7a2.wp.shawcable.net","Canada","Manitoba","Winnipeg","SHAW","6327","49,9192","-97,1263",""
"112.35.57.139","","China","","","Guangdong Mobile Communication Co.Ltd.","9808","34,7725","113,7266",""
"82.118.236.186","","Bulgaria","Sofia-Capital","Sofia","Belcloud LTD","44901","42,683","23,3175",""
"118.89.69.159","","China","","","Shenzhen Tencent Computer Systems Company Limited","45090","34,7725","113,7266",""
"144.172.73.41","","United States","","","Boomer LTD","62203","37,751","-97,822",""
"168.197.31.14","","Brazil","Para","Abaetetuba","silva souza comercio e servico de informatica ltda","264985","-1,7357","-48,9429",""
"219.250.188.165","","South Korea","Seoul","Seoul","SK Broadband Co Ltd","9318","37,5985","126,9783",""
"222.186.52.39","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"222.186.30.218","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"106.75.13.192","","China","","","China Unicom Beijing Province Network","4808","34,7725","113,7266",""
"45.162.216.10","","Brazil","Ceara","Fortaleza","MR7 TELECOM LTDA - ME","268528","-3,7196","-38,5257",""
"144.172.79.8","","United States","","","Boomer LTD","62203","37,751","-97,822",""
"150.129.67.50","","India","West Bengal","Kolkata","Alliance Broadband Services Pvt. Ltd.","23860","22,5655","88,3653",""
"120.201.125.204","","China","","","China Mobile communications corporation","56044","34,7725","113,7266",""
"119.45.114.87","","China","","","Shenzhen Tencent Computer Systems Company Limited","45090","34,7725","113,7266",""
"223.167.13.128","","China","Shanghai","Shanghai","China Unicom Shanghai network","17621","31,0449","121,4012",""
"49.234.83.240","","China","","","Shenzhen Tencent Computer Systems Company Limited","45090","34,7725","113,7266",""
"114.67.102.106","","China","","","China Telecom (Group)","4812","34,7725","113,7266",""
"122.51.66.219","","China","","","Shenzhen Tencent Computer Systems Company Limited","45090","34,7725","113,7266",""
"207.244.247.192","vmi418530.contaboserver.net","United States","Missouri","St Louis","CONTABO","40021","38,6364","-90,1985",""
"128.199.100.254","","Singapore","","","DIGITALOCEAN-ASN","14061","1,314","103,6839",""
"222.186.15.158","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"144.172.73.40","","United States","","","Boomer LTD","62203","37,751","-97,822",""
"49.234.122.94","","China","","","Shenzhen Tencent Computer Systems Company Limited","45090","34,7725","113,7266",""
"106.124.135.232","","China","","","CHINATELECOM Xinjiang Wulumuqi MAN network","137695","34,7725","113,7266",""
"84.124.204.154","84.124.204.154.dyn.user.ono.com","Spain","Balearic Islands","Palma","Vodafone Ono, S.A.","6739","39,5661","2,6484",""
"154.204.27.249","","Hong Kong","","","ICIDC NETWORK","136800","22,25","114,1667",""
"205.185.115.40",".","United States","California","San Jose","PONYNET","53667","37,3387","-121,8914",""
"180.250.248.169","","Indonesia","East Java","Kediri","PT Telekomunikasi Indonesia","7713","-7,8175","112,019",""
"51.75.171.171","vps-e6d1b82f.vps.ovh.net","United Kingdom","Kingston upon Thames","Surbiton","OVH SAS","16276","51,3878","-0,2945",""
"207.244.247.251","vmi419283.contaboserver.net","United States","Missouri","St Louis","CONTABO","40021","38,6364","-90,1985",""
"37.49.224.65","cf.rootvpn.us","Estonia","","","Vitox Telecom","199264","59","26",""
"121.204.185.106","106.185.204.121.broad.xm.fj.dynamic.163data.com.cn","China","","","Fuzhou","133774","34,7725","113,7266",""
"205.185.123.139","gonazamenal.com","United States","California","San Jose","PONYNET","53667","37,3387","-121,8914",""
"218.94.156.130","","China","Jiangsu","Nanjing","Chinanet","4134","32,0617","118,7778",""
"159.65.158.30","","India","Karnataka","Bengaluru","DIGITALOCEAN-ASN","14061","12,9721","77,5933",""
"1.204.116.48","","China","Guizhou","Guiyang","Chinanet","4134","26,5833","106,7167",""
"107.170.104.125","www.jambcbttest.com","United States","New York","New York","DIGITALOCEAN-ASN","14061","40,7308","-73,9975",""
"203.195.235.135","","China","","","Shenzhen Tencent Computer Systems Company Limited","45090","34,7725","113,7266",""
"49.235.141.203","","China","","","Shenzhen Tencent Computer Systems Company Limited","45090","34,7725","113,7266",""
"114.67.113.78","","China","","","China Telecom (Group)","4812","34,7725","113,7266",""
"106.13.82.54","","China","","","Beijing Baidu Netcom Science and Technology Co., Ltd.","38365","34,7725","113,7266",""
With the ASN we can then stop these spinners

    aaPanel_Jose Can you please tell us which IPS have to be whitelisted for aaPanel to work properly, this is very important to me because we are currently writing a module for aaPanel which will lock out the entire ip range and this for all functions and modules.

      So for first aid we prepared and exported our firewall rule, which everyone can easily import via the sys firewall:

      [{"id": 101, "types": "drop", "address": "106.13.82.54", "brief": "", "addtime": "2020-07-17 18:19:13"}, {"id": 100, "types": "drop", "address": "114.67.113.78", "brief": "", "addtime": "2020-07-17 18:18:59"}, {"id": 99, "types": "drop", "address": "49.235.141.203", "brief": "", "addtime": "2020-07-17 18:18:44"}, {"id": 98, "types": "drop", "address": "203.195.235.135", "brief": "", "addtime": "2020-07-17 18:18:30"}, {"id": 97, "types": "drop", "address": "107.170.104.125", "brief": "", "addtime": "2020-07-17 18:18:14"}, {"id": 96, "types": "drop", "address": "1.204.116.48", "brief": "", "addtime": "2020-07-17 18:17:59"}, {"id": 95, "types": "drop", "address": "159.65.158.30", "brief": "", "addtime": "2020-07-17 18:17:45"}, {"id": 94, "types": "drop", "address": "218.94.156.130", "brief": "", "addtime": "2020-07-17 18:17:31"}, {"id": 93, "types": "drop", "address": "205.185.123.139", "brief": "", "addtime": "2020-07-17 18:17:17"}, {"id": 92, "types": "drop", "address": "121.204.185.106", "brief": "", "addtime": "2020-07-17 18:17:02"}, {"id": 91, "types": "drop", "address": "37.49.224.65", "brief": "", "addtime": "2020-07-17 18:16:49"}, {"id": 90, "types": "drop", "address": "207.244.247.251", "brief": "", "addtime": "2020-07-17 18:15:24"}, {"id": 89, "types": "drop", "address": "51.75.171.171", "brief": "", "addtime": "2020-07-17 18:15:10"}, {"id": 88, "types": "drop", "address": "180.250.248.169", "brief": "", "addtime": "2020-07-17 18:14:55"}, {"id": 87, "types": "drop", "address": "205.185.115.40", "brief": "", "addtime": "2020-07-17 18:14:42"}, {"id": 86, "types": "drop", "address": "154.204.27.249", "brief": "", "addtime": "2020-07-17 18:14:28"}, {"id": 85, "types": "drop", "address": "84.124.204.154", "brief": "", "addtime": "2020-07-17 18:14:14"}, {"id": 84, "types": "drop", "address": "106.124.135.232", "brief": "", "addtime": "2020-07-17 18:14:00"}, {"id": 83, "types": "drop", "address": "49.234.122.94", "brief": "", "addtime": "2020-07-17 18:13:46"}, {"id": 82, "types": "drop", "address": "144.172.73.40", "brief": "", "addtime": "2020-07-17 18:13:30"}, {"id": 81, "types": "drop", "address": "222.186.15.158", "brief": "", "addtime": "2020-07-17 18:13:17"}, {"id": 80, "types": "drop", "address": "128.199.100.254", "brief": "", "addtime": "2020-07-17 18:13:01"}, {"id": 79, "types": "drop", "address": "207.244.247.192", "brief": "", "addtime": "2020-07-17 18:12:47"}, {"id": 78, "types": "drop", "address": "122.51.66.219", "brief": "", "addtime": "2020-07-17 18:12:33"}, {"id": 77, "types": "drop", "address": "114.67.102.106", "brief": "", "addtime": "2020-07-17 18:12:18"}, {"id": 76, "types": "drop", "address": "49.234.83.240", "brief": "", "addtime": "2020-07-17 18:12:03"}, {"id": 75, "types": "drop", "address": "223.167.13.128", "brief": "", "addtime": "2020-07-17 18:11:47"}, {"id": 74, "types": "drop", "address": "119.45.114.87", "brief": "", "addtime": "2020-07-17 18:11:32"}, {"id": 73, "types": "drop", "address": "120.201.125.204", "brief": "", "addtime": "2020-07-17 18:11:19"}, {"id": 72, "types": "drop", "address": "150.129.67.50", "brief": "", "addtime": "2020-07-17 18:11:05"}, {"id": 71, "types": "drop", "address": "144.172.79.8", "brief": "", "addtime": "2020-07-17 18:10:51"}, {"id": 70, "types": "drop", "address": "45.162.216.10", "brief": "", "addtime": "2020-07-17 18:10:36"}, {"id": 69, "types": "drop", "address": "106.75.13.192", "brief": "", "addtime": "2020-07-17 18:10:20"}, {"id": 68, "types": "drop", "address": "222.186.30.218", "brief": "", "addtime": "2020-07-17 18:10:06"}, {"id": 67, "types": "drop", "address": "222.186.52.39", "brief": "", "addtime": "2020-07-17 18:09:52"}, {"id": 66, "types": "drop", "address": "219.250.188.165", "brief": "", "addtime": "2020-07-17 18:09:38"}, {"id": 65, "types": "drop", "address": "168.197.31.14", "brief": "", "addtime": "2020-07-17 18:09:24"}, {"id": 64, "types": "drop", "address": "144.172.73.41", "brief": "", "addtime": "2020-07-17 18:09:10"}, {"id": 63, "types": "drop", "address": "118.89.69.159", "brief": "", "addtime": "2020-07-17 18:08:55"}, {"id": 62, "types": "drop", "address": "82.118.236.186", "brief": "", "addtime": "2020-07-17 18:08:42"}, {"id": 61, "types": "drop", "address": "112.35.57.139", "brief": "", "addtime": "2020-07-17 18:08:28"}, {"id": 60, "types": "drop", "address": "50.70.229.239", "brief": "", "addtime": "2020-07-17 18:08:13"}, {"id": 59, "types": "drop", "address": "85.209.0.103", "brief": "", "addtime": "2020-07-17 18:07:58"}, {"id": 58, "types": "drop", "address": "37.49.224.39", "brief": "", "addtime": "2020-07-17 18:07:40"}, {"id": 57, "types": "drop", "address": "218.92.0.216", "brief": "", "addtime": "2020-07-17 18:07:25"}, {"id": 56, "types": "drop", "address": "58.246.94.230", "brief": "", "addtime": "2020-07-17 18:07:10"}, {"id": 55, "types": "drop", "address": "144.172.79.7", "brief": "", "addtime": "2020-07-17 18:06:56"}, {"id": 54, "types": "drop", "address": "220.78.28.68", "brief": "", "addtime": "2020-07-17 18:06:42"}, {"id": 53, "types": "drop", "address": "124.30.44.214", "brief": "", "addtime": "2020-07-17 18:06:28"}, {"id": 52, "types": "drop", "address": "51.178.55.92", "brief": "", "addtime": "2020-07-17 18:06:14"}, {"id": 51, "types": "drop", "address": "222.186.30.167", "brief": "", "addtime": "2020-07-17 18:05:15"}, {"id": 50, "types": "drop", "address": "186.147.129.110", "brief": "", "addtime": "2020-07-17 18:05:02"}, {"id": 49, "types": "drop", "address": "117.50.8.61", "brief": "", "addtime": "2020-07-17 18:02:00"}, {"id": 48, "types": "drop", "address": "181.30.99.114", "brief": "", "addtime": "2020-07-17 18:01:35"}, {"id": 47, "types": "drop", "address": "222.186.31.166", "brief": "", "addtime": "2020-07-17 18:01:20"}, {"id": 46, "types": "drop", "address": "115.78.4.219", "brief": "", "addtime": "2020-07-17 17:59:43"}, {"id": 45, "types": "drop", "address": "218.255.86.106", "brief": "", "addtime": "2020-07-17 17:59:27"}, {"id": 44, "types": "drop", "address": "222.186.15.115", "brief": "", "addtime": "2020-07-17 17:59:13"}, {"id": 43, "types": "drop", "address": "222.186.42.137", "brief": "", "addtime": "2020-07-17 17:59:00"}, {"id": 42, "types": "drop", "address": "218.92.0.223", "brief": "", "addtime": "2020-07-17 17:58:46"}, {"id": 41, "types": "drop", "address": "216.83.45.162", "brief": "", "addtime": "2020-07-17 17:58:32"}, {"id": 40, "types": "drop", "address": "218.92.0.221", "brief": "", "addtime": "2020-07-17 17:58:18"}, {"id": 39, "types": "drop", "address": "111.229.176.206", "brief": "", "addtime": "2020-07-17 17:53:37"}, {"id": 38, "types": "drop", "address": "222.186.30.76", "brief": "", "addtime": "2020-07-17 17:53:24"}, {"id": 37, "types": "drop", "address": "218.92.0.219", "brief": "", "addtime": "2020-07-17 17:53:05"}, {"id": 36, "types": "drop", "address": "222.186.42.155", "brief": "", "addtime": "2020-07-17 17:52:51"}, {"id": 35, "types": "drop", "address": "222.186.30.112", "brief": "", "addtime": "2020-07-17 17:52:02"}, {"id": 34, "types": "drop", "address": "94.172.225.26", "brief": "", "addtime": "2020-07-17 17:51:49"}, {"id": 33, "types": "drop", "address": "218.92.0.215", "brief": "", "addtime": "2020-07-17 17:51:33"}, {"id": 32, "types": "drop", "address": "93.146.233.226", "brief": "", "addtime": "2020-07-17 17:51:19"}, {"id": 31, "types": "drop", "address": "193.70.12.219", "brief": "", "addtime": "2020-07-17 17:51:05"}, {"id": 30, "types": "drop", "address": "112.17.184.171", "brief": "", "addtime": "2020-07-17 17:50:51"}, {"id": 29, "types": "drop", "address": "222.186.31.83", "brief": "", "addtime": "2020-07-17 17:50:37"}, {"id": 28, "types": "drop", "address": "222.186.42.136", "brief": "", "addtime": "2020-07-17 17:50:22"}, {"id": 27, "types": "drop", "address": "218.92.0.220", "brief": "", "addtime": "2020-07-17 17:50:08"}, {"id": 26, "types": "drop", "address": "36.111.171.108", "brief": "", "addtime": "2020-07-17 17:49:55"}, {"id": 25, "types": "drop", "address": "119.18.194.168", "brief": "", "addtime": "2020-07-17 17:49:42"}, {"id": 24, "types": "drop", "address": "222.186.190.14", "brief": "", "addtime": "2020-07-17 17:49:28"}, {"id": 23, "types": "drop", "address": "222.186.42.7", "brief": "", "addtime": "2020-07-17 17:49:13"}, {"id": 22, "types": "drop", "address": "222.186.180.142", "brief": "", "addtime": "2020-07-17 17:48:59"}, {"id": 21, "types": "drop", "address": "109.115.187.31", "brief": "", "addtime": "2020-07-17 17:48:45"}, {"id": 20, "types": "drop", "address": "222.186.30.57", "brief": "", "addtime": "2020-07-17 17:47:16"}, {"id": 19, "types": "drop", "address": "106.124.141.108", "brief": "", "addtime": "2020-07-17 17:47:02"}, {"id": 18, "types": "drop", "address": "139.215.217.181", "brief": "", "addtime": "2020-07-17 17:44:14"}, {"id": 17, "types": "drop", "address": "61.177.172.102", "brief": "", "addtime": "2020-07-17 17:44:01"}, {"id": 16, "types": "drop", "address": "109.244.101.169", "brief": "", "addtime": "2020-07-17 17:43:46"}, {"id": 15, "types": "drop", "address": "182.252.133.70", "brief": "", "addtime": "2020-07-17 17:43:33"}, {"id": 14, "types": "drop", "address": "222.186.15.62", "brief": "", "addtime": "2020-07-17 17:43:18"}, {"id": 13, "types": "drop", "address": "144.172.79.5", "brief": "", "addtime": "2020-07-17 17:43:04"}, {"id": 12, "types": "drop", "address": "222.186.30.35", "brief": "", "addtime": "2020-07-17 17:42:49"}, {"id": 11, "types": "drop", "address": "222.186.31.127", "brief": "", "addtime": "2020-07-17 17:38:46"}, {"id": 10, "types": "drop", "address": "222.186.180.130", "brief": "", "addtime": "2020-07-17 17:38:31"}, {"id": 9, "types": "drop", "address": "186.215.235.9", "brief": "", "addtime": "2020-07-17 17:38:18"}, {"id": 8, "types": "drop", "address": "152.136.141.254", "brief": "", "addtime": "2020-07-17 17:38:03"}, {"id": 7, "types": "drop", "address": "14.142.143.138", "brief": "", "addtime": "2020-07-17 17:37:48"}, {"id": 6, "types": "drop", "address": "112.35.62.225", "brief": "", "addtime": "2020-07-17 17:37:33"}, {"id": 5, "types": "drop", "address": "111.229.78.120", "brief": "", "addtime": "2020-07-17 17:37:18"}, {"id": 4, "types": "drop", "address": "106.12.215.244", "brief": "", "addtime": "2020-07-17 17:36:57"}, {"id": 3, "types": "drop", "address": "23.129.64.0/24", "brief": "hacking", "addtime": "2020-07-11 11:42:22"}, {"id": 2, "types": "drop", "address": "89.248.168.0-89.248.168.255", "brief": "Hacking", "addtime": "2020-07-10 12:50:58"}, {"id": 1, "types": "drop", "address": "212.70.149.0-212.70.149.255", "brief": "212.70.149.0-212.70.149.255", "addtime": "2020-07-09 18:06:25"}]

      So for first aid we prepared and exported our firewall rule, which everyone can easily import via the sys firewall

      Copy content as and save as ip.json
      and import

        aaPanel_Jose Hey man,

        Not the default panel port, ssh port is still standard but ssh pass is very strong.

          TheWormsUnited I have had all of these IPs for years, probably 5 years at this point now, we have around 500 of them. These same IPs were running a different panel, no issues. So we have some issues with the panel here. Hopefully the next update will solve these.

            CQT Yep, we are seeing many of those same IPs. So, more proof it's panel issues. So good we are all working on this together. :-)

              CQT This just fixes one issue though, on the server side, from a provider side (OVH) these are still coming at the IP. We need to find the source more so then block the bad guys.

                I / We and my employees are in the process of working something out, but it still takes a little time.

                As we can see, the firewall and geoip must still be worked on, before aapanel is installed, a proxy must be set up to run the installation. so the ips can no longer be stretched.

                Furthermore, not all countries blockages are accepted by the sys-firewall, there are some problems that have to be fixed beforehand.

                @aaPanel_Jose:

                Suggestion! Connect the sys firewall and geoip under one tab. Write Config in such a way that both get the DB from one source (folder) and can access it at the same time. Furthermore, the IP and the entire IP range are queried, which can then be blocked using a button, but which the user can decide for himself whether only the individual IP (Geoip is blocked or the entire network of the IP operator). Then integrate the NGINX firewall into the whole. Because on the one hand it is very confusing, and I also think that everything does not work together so harmoniously.

                A good approach can be found here: https://gist.github.com/Pandry/21fc0e30abbfd0579ec69c491b99a446

                as I said, just an approach!

                In addition, the purchased DB from https://www.ipdeny.com/ are outdated and have not been maintained since 2014.

                  CQT
                  I checked the installation script, it just visits a url on aapanel, then aapanel gets the client ip and records it

                  I tried to enable HTTPS for the requested URL. Can you help me see if there are any attacks after normal installation?

                  In addition, you only need to allow server access, *.aapanel.com *.bt.cn, all functions of the panel can work

                      aaPanel_Jose What are we still getting from *.bt.cn? There is no way to move that stuff off of them and onto somewhere else?

                          gacott
                          The domain name of our software download node is download.bt.cn, and there are other nodes in

                          /www/server/panel/data/node.json

                          • CQT replied to this.

                              aaPanel_Jose hello two minutes after the installation the attacks started, not with the ips from node.json, but from the same network operator. We left out the proxy and firewall to see if anything changes and nothing changes. So we can assume that the download requests at the node will be used to track and record the IPS. you have to make sure that the node from bt.cn can no longer be used, we are already trying to load the stuff from the node, but are currently facing problems with it, we had to host the whole thing ourselves, so one clean installation would be possible! So everything that is necessary from the node must be cleaned on another server and first. otherwise aaPanel cannot become what you / your want to achieve. It would also be an absolute risk since all server clients would be contaminated by customers.

                                  aaPanel_Jose the api to the node is a problem, as long as you cannot pull the download without the api, you are dependent on the node and as long as the ips can be tracked.

                                  the user who creates here via the db: INSERT INTO users (id, username,password, login_ip,login_time, phone,email) VALUES
                                  (1, 'admin', '21232f297a57a5a743894a0e4a801fc3', '192.168.0.10', '2016-12-10 15:12:56', 0, '287962566@qq.com');

                                  Many of the attacks come from the same, namely from Guangdong Communication Co.Ltd. ASN 9808

                                  All attacks are conducted via our own proxy servers or others, but ultimately from the regions of BT.CN and Shenzhen Tencent Computer Systems Company Limited ASN 45090

                                  backlinks like libList.conf :: "help": "http://www.bt.cn/bbs",
                                  it is very helpful to prepare such attacks, because they alone provide enough information about which ip the panel is installed on.

                                      CQT Great info, this is what I was getting at and thought something like this was going on. IMO, if we (as a community) want to see this become a successful panel, we need to disengage this from bt. Also, yeah I think this very well may be how they are getting in.

                                      CQT the user who creates here via the db: INSERT INTO users (id, username,password, login_ip,login_time, phone,email) VALUES
                                      (1, 'admin', '21232f297a57a5a743894a0e4a801fc3', '192.168.0.10', '2016-12-10 15:12:56', 0, '[287962566@qq.com](mailto:287962566@qq.com)');

                                            still waiting for response! I have use aapanel on several VPS and everything is OK! Aso I use the Chinese Version BT Panel. ..

                                            Baidu is NO1 SE company in China so I think someone is using their IP as bridge to attacke

                                            or maybe it's Baidu's spider ? try to ban the Baidu's spider in the robots.txt

                                              waikey It would be a SUPER aggressive spider. Blocking in robots.txt will do nothing, these are attacks on ports.

                                                waikey We don't want to come to China and data protection now, it doesn't matter which company comes from. China has never been a country that values data protection. That's why I don't put everyone under general suspicion, but I trust state-owned companies like my ex-wife. Not directly related to aaPanel, but to NO1 SE. Everyone knows that everything and that is spied on and I also know a little bit about the politics of China. According to this sentence, I would be a dead man in China.

                                                    aapanel_user WTF are you talking about? I'm trying to help make a better panel, HERE! Why are you talking about forking it? Is there something wrong about contributing to this project? Do I have to fork and start my own to contribute?