Scan de CCbot
-
Cela devient gros … je vais devoir faire de la compression.
# wc -l /etc/pve/firewall/cluster.fw 10014 /etc/pve/firewall/cluster.fw -
Je vais compresser via ses IPs:
# cat /etc/pve/firewall/cluster.fw | awk '{print $4}' | grep -v "^$" | grep -v "/" | sort -n | sed 's/\./ /g' | awk '{print $1 "." $2 "." $3 ".0/24"}' | sort -n | uniq -c | sort -n | tail -20 5 14.191.123.0/24 5 14.191.137.0/24 5 14.191.210.0/24 5 177.52.82.0/24 5 177.86.20.0/24 5 177.87.33.0/24 5 187.19.233.0/24 5 187.73.24.0/24 5 190.102.47.0/24 5 195.178.110.0/24 5 201.162.73.0/24 5 216.98.214.0/24 5 78.153.140.0/24 6 14.191.95.0/24 6 18.97.9.0/24 7 14.191.196.0/24 7 185.177.72.0/24 7 189.84.180.0/24 9 23.178.112.0/24 11 186.158.200.0/24 -
Et voila :
# cat /etc/pve/firewall/cluster.fw | awk '{print $4}' | grep -v "^$" | grep -v "/" | sort -n | sed 's/\./ /g' | awk '{print $1 "." $2 "." $3 ".0/24"}' | sort -n | uniq -c | sort -n | awk '{print "IN DROP -source " $2 " -p tcp -log notice # CCBot compress"}' | tail -20 IN DROP -source 14.191.123.0/24 -p tcp -log notice # CCBot compress IN DROP -source 14.191.137.0/24 -p tcp -log notice # CCBot compress IN DROP -source 14.191.210.0/24 -p tcp -log notice # CCBot compress IN DROP -source 177.52.82.0/24 -p tcp -log notice # CCBot compress IN DROP -source 177.86.20.0/24 -p tcp -log notice # CCBot compress IN DROP -source 177.87.33.0/24 -p tcp -log notice # CCBot compress IN DROP -source 187.19.233.0/24 -p tcp -log notice # CCBot compress IN DROP -source 187.73.24.0/24 -p tcp -log notice # CCBot compress IN DROP -source 190.102.47.0/24 -p tcp -log notice # CCBot compress IN DROP -source 195.178.110.0/24 -p tcp -log notice # CCBot compress IN DROP -source 201.162.73.0/24 -p tcp -log notice # CCBot compress IN DROP -source 216.98.214.0/24 -p tcp -log notice # CCBot compress IN DROP -source 78.153.140.0/24 -p tcp -log notice # CCBot compress IN DROP -source 14.191.95.0/24 -p tcp -log notice # CCBot compress IN DROP -source 18.97.9.0/24 -p tcp -log notice # CCBot compress IN DROP -source 14.191.196.0/24 -p tcp -log notice # CCBot compress IN DROP -source 185.177.72.0/24 -p tcp -log notice # CCBot compress IN DROP -source 189.84.180.0/24 -p tcp -log notice # CCBot compress IN DROP -source 186.158.200.0/24 -p tcp -log notice # CCBot compress -
La compression n’est pas énorme :
# wc -l /etc/pve/firewall/cluster.fw 8785 /etc/pve/firewall/cluster.fw -
-
Nouveau ajout de CCBot :
# wc -l /etc/pve/firewall/cluster.fw 9251 /etc/pve/firewall/cluster.fw # wc -l /etc/pve/firewall/cluster.fw 9952 /etc/pve/firewall/cluster.fw -
Je vais devoir faire encore une compression :
# grep "# CCBot" /etc/pve/firewall/cluster.fw | awk '{print $4}' | grep -v "^$" | grep -v "/" | sort -n | sed 's/\./ /g' | awk '{print $1 "." $2 "." $3 ".0/24"}' | sort -n | uniq -c | sort -n | awk '{print "IN DROP -source " $2 " -p tcp -log notice # CCBot compress"}' | tail -10 IN DROP -source 177.131.178.0/24 -p tcp -log notice # CCBot compress IN DROP -source 177.152.87.0/24 -p tcp -log notice # CCBot compress IN DROP -source 177.54.199.0/24 -p tcp -log notice # CCBot compress IN DROP -source 181.91.86.0/24 -p tcp -log notice # CCBot compress IN DROP -source 187.180.212.0/24 -p tcp -log notice # CCBot compress IN DROP -source 14.191.161.0/24 -p tcp -log notice # CCBot compress IN DROP -source 14.191.163.0/24 -p tcp -log notice # CCBot compress IN DROP -source 14.191.230.0/24 -p tcp -log notice # CCBot compress IN DROP -source 14.191.25.0/24 -p tcp -log notice # CCBot compress IN DROP -source 14.191.92.0/24 -p tcp -log notice # CCBot compress -
Je suis tellement gonflé que je vais mettre :
IN DROP -source 14.191.0.0/16 -p tcp -log notice # CCBot compress Vietnam -
En gros :
# grep "# CCBot" /etc/pve/firewall/cluster.fw | awk '{print $4}' | grep -v "^$" | grep -v "/" | sort -n | sed 's/\./ /g' | awk '{print $1 "." $2 ".0.0"}' | sort -n | uniq -c | sort -n | tail 41 179.125.0.0 42 177.37.0.0 54 113.172.0.0 55 123.21.0.0 67 14.186.0.0 67 14.187.0.0 73 113.173.0.0 73 14.169.0.0 83 123.20.0.0 221 14.191.0.0 -
Finalement je vais mettre :
IN DROP -source 14.169.0.0/16 -p tcp -log notice # CCBot compress Vietnam IN DROP -source 123.20.0.0/16 -p tcp -log notice # CCBot compress Vietnam IN DROP -source 14.191.0.0/16 -p tcp -log notice # CCBot compress Vietnam -
Je pense qu’il faut bloquer tous le Vietnam :
IN DROP -source 113.172.0.0/16 -p tcp -log notice # CCBot compress Vietnam IN DROP -source 123.21.0.0/16 -p tcp -log notice # CCBot compress Vietnam IN DROP -source 14.186.0.0/16 -p tcp -log notice # CCBot compress Vietnam IN DROP -source 14.187.0.0/16 -p tcp -log notice # CCBot compress Vietnam IN DROP -source 113.173.0.0/16 -p tcp -log notice # CCBot compress Vietnam IN DROP -source 14.169.0.0/16 -p tcp -log notice # CCBot compress Vietnam IN DROP -source 123.20.0.0/16 -p tcp -log notice # CCBot compress Vietnam IN DROP -source 14.191.0.0/16 -p tcp -log notice # CCBot compress Vietnam -
Première fois que j’ai une liste aussi courte …
IN DROP -source 14.244.113.213 -p tcp -log notice # CCBot IN DROP -source 36.76.141.212 -p tcp -log notice # CCBot IN DROP -source 39.194.5.127 -p tcp -log notice # CCBot IN DROP -source 45.182.243.249 -p tcp -log notice # CCBot IN DROP -source 45.239.229.164 -p tcp -log notice # CCBot IN DROP -source 117.5.147.154 -p tcp -log notice # CCBot IN DROP -source 123.16.246.87 -p tcp -log notice # CCBot IN DROP -source 125.167.51.134 -p tcp -log notice # CCBot IN DROP -source 138.117.55.41 -p tcp -log notice # CCBot IN DROP -source 138.59.239.70 -p tcp -log notice # CCBot IN DROP -source 152.174.97.241 -p tcp -log notice # CCBot IN DROP -source 170.150.132.229 -p tcp -log notice # CCBot IN DROP -source 170.246.81.226 -p tcp -log notice # CCBot IN DROP -source 177.129.25.77 -p tcp -log notice # CCBot IN DROP -source 177.184.101.224 -p tcp -log notice # CCBot IN DROP -source 177.189.108.89 -p tcp -log notice # CCBot IN DROP -source 177.220.186.160 -p tcp -log notice # CCBot IN DROP -source 179.125.149.52 -p tcp -log notice # CCBot IN DROP -source 181.209.78.10 -p tcp -log notice # CCBot IN DROP -source 181.46.185.101 -p tcp -log notice # CCBot IN DROP -source 186.248.207.130 -p tcp -log notice # CCBot IN DROP -source 200.100.17.102 -p tcp -log notice # CCBot IN DROP -source 200.236.234.166 -p tcp -log notice # CCBot IN DROP -source 201.13.60.69 -p tcp -log notice # CCBot IN DROP -source 201.50.138.239 -p tcp -log notice # CCBot IN DROP -source 202.59.194.99 -p tcp -log notice # CCBot -
Je viens de l’ajouter à ma liste …
je vais aussi ajouter :
IN DROP -source 14.188.0.0/16 -p tcp -log notice # CCBot compress Vietnam IN DROP -source 1.54.0.0/16 -p tcp -log notice # CCBot compress Vietnam IN DROP -source 36.76.0.0/16 -p tcp -log notice # CCBot compress Indonesie IN DROP -source 45.182.0.0/16 -p tcp -log notice # CCBot compress Bresil -
Aie … uniquement 3 aujourd’hui :
# grep '"CCBot"' /var/log/apache2/acces*log | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq | awk '{print "IN REJECT -source " $1 " -p tcp -log notice # CCBot"}' IN REJECT -source 114.130.186.201 -p tcp -log notice # CCBot IN REJECT -source 177.234.217.135 -p tcp -log notice # CCBot IN REJECT -source 190.97.224.56 -p tcp -log notice # CCBot -
On dirait que le blocage de 3% des IPs à porté ses fruits :
-
Le prix sur les architectures de CCbot est énorme :
Bonjour ! Vous semblez intéressé par cette conversation, mais vous n’avez pas encore de compte.
Marre de refaire défiler les mêmes messages ? Créez un compte pour retrouver votre position, recevoir des notifications des nouvelles réponses, sauvegarder vos favoris et voter pour les messages que vous appréciez.
Grâce à votre participation, ce message peut devenir encore meilleur 💗
S'inscrire Se connecter