Blocage du jours
-
Belarus : https://scanitex.com/en/resources/ip-ranges/by
# wc -l /etc/pve/firewall/cluster.fw 28022 /etc/pve/firewall/cluster.fw # du -sh /etc/pve/firewall/cluster.fw 66K /etc/pve/firewall/cluster.fw -
Corée du Nord : https://scanitex.com/en/resources/ip-ranges/kp
Pakistan : https://scanitex.com/en/resources/ip-ranges/pk -
-
Je pensais avoir bloqué Singapore mais non …
https://ipinfo.io/AS14061/159.223.64.0/20- 172.202.0.0/16
# grep "wp-login.php" /var/log/apache2/access.*.log | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -10 2 20.116.59.164 2 35.229.206.236 2 46.224.234.158 2 51.195.105.137 2 64.22.104.200 2 64.226.120.21 2 66.102.135.126 5 172.202.92.73 6 148.251.171.211 1155 159.223.77.226 # grep "wp-login.php" /var/log/apache2/access.*.log.1 | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -10 20 51.178.41.230 20 82.196.25.136 20 95.216.117.13 22 57.128.47.115 24 50.6.207.27 24 78.159.107.235 24 82.165.73.78 24 84.247.129.9 28 150.60.181.111 32 31.24.155.180 -
# grep "wp-login.php" /var/log/apache2/access.*.log.1 | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -10 4 95.216.117.13 8 192.185.4.148 8 216.17.1.172 8 46.224.234.158 8 64.22.104.200 8 82.196.25.136 10 172.202.92.73 12 148.251.171.211 12 20.116.59.164 2310 159.223.77.226 -
# grep "wp-login.php" /var/log/apache2/access.*.log.1 | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -10 12 95.216.117.13 16 213.189.58.137 16 50.6.192.190 16 92.249.63.60 18 141.95.202.18 20 172.236.172.195 24 95.216.3.239 28 46.224.234.158 28 72.167.150.128 1714 161.33.16.68 # grep "wp-login.php" /var/log/apache2/access.*.log | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -10 6 88.198.91.116 8 45.32.67.165 8 5.45.96.74 8 84.247.181.196 8 95.211.96.182 10 46.224.234.158 11 204.217.129.131 14 51.91.98.45 14 94.76.235.103 505 152.42.182.172 -
# grep "/xmlrpc.php" /var/log/apache2/access.*.log | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -10 1 136.107.189.187 1 192.241.173.26 1 20.195.180.233 1 2.58.56.163 1 34.182.168.114 1 86.38.98.47 3445 39.98.173.163 -
# grep "wp-login.php" /var/log/apache2/access.*.log | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -10 4 64.227.176.39 4 79.116.52.1 5 162.240.12.204 6 101.99.79.250 6 140.245.32.185 6 192.250.239.173 6 192.250.239.252 6 31.24.44.107 12 103.95.119.103 857 138.2.41.108 -
# grep "wp-login.php" /var/log/apache2/access.*.log | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -10 3 162.240.228.207 3 62.146.228.149 3 84.246.215.129 3 91.98.140.41 4 216.251.35.204 4 46.36.36.119 4 62.77.224.67 8 72.167.50.103 9 38.49.217.60 1054 102.220.160.154 # grep "xmlrpc.php" /var/log/apache2/access.*.log | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -10 1 194.5.82.93 1 194.5.82.94 1 34.178.7.245 1 34.61.201.74 1 45.92.1.243 4 34.6.71.112 121 82.102.18.190 122 143.244.57.123 2880 136.119.117.153 -
M247 LTD Paris Infrastructure => 82.102.18.0/24
https://ipinfo.io/82.102.18.190 -
# grep "xmlrpc.php" /var/log/apache2/access.*.log | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -10 4 34.178.114.95 4 34.91.17.240 1613 35.237.191.185 2491 208.76.40.197 # grep "wp-login.php" /var/log/apache2/access.*.log | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -10 2 31.134.0.15 2 45.133.113.39 2 62.146.228.149 2 77.83.1.115 2 94.154.127.88 3 206.232.0.131 4 195.3.220.7 4 72.167.50.103 11 191.102.132.209 831 208.76.40.197 -
Deux ranges de Google …
- 34.52.128.0/17
- 34.21.128.0/17
# cat /var/log/apache2/error.notes-ssl.log | awk '{print $11}' | sed 's/:/ /g' | awk '{print $1}' | sort -n |uniq -c 151 34.21.238.40 5 34.29.8.182 383 34.52.240.244 1 34.88.199.190 1 35.192.224.81 -
Encore des attaques de Google …
Blocage de 34.6.0.0/16 et 136.107.128.0/17.# grep "xmlrpc.php" /var/log/apache2/access.*.log | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -10 2 20.3.183.228 4 34.6.41.208 4 34.7.211.197 4 34.90.161.15 74 35.222.153.104 87 34.90.48.51 121 136.112.158.96 121 34.150.145.129 2149 136.107.233.1 5031 34.6.0.214 -
# grep "wp-login.php" /var/log/apache2/access.*.log | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -10 4 89.251.0.173 4 89.251.0.178 4 89.251.0.183 4 91.98.140.41 5 84.246.215.129 6 192.250.239.252 9 66.29.156.133 10 168.63.79.147 14 209.42.20.53 1707 129.212.238.200 -
# grep "xmlrpc.php" /var/log/apache2/access.*.log | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -10 3 74.208.212.238 4 34.90.161.15 6 62.164.177.223 26 62.164.177.224 54 62.164.177.222 110 35.202.159.4 121 136.112.204.59 404 34.21.18.152 1141 35.205.209.104 3446 219.152.63.187 -
J’ai ouvert un ticket chez Google … Ticket Reference ID: YRC5QRVIEEOXATF2QPMTLWG2JE .
A suivre. -
# grep "xmlrpc.php" /var/log/apache2/access.*.log | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -10 1 194.5.48.130 1 203.25.124.15 1 203.25.124.203 1 203.25.124.222 1 212.32.76.59 2 108.137.8.107 2 36.212.183.29 2 84.17.43.213 4 34.141.187.11 4500 162.243.212.182 -
Aie …
# grep "xmlrpc.php" /var/log/apache2/access.*.log.1 | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -10 4 194.5.48.130 4 36.212.183.29 4 84.17.43.213 8 34.141.187.11 8 34.158.89.172 8 34.32.236.161 242 136.113.189.75 242 34.121.222.169 242 34.31.215.6 9000 162.243.212.182 -
Taille actuelle :
# du -sh /etc/pve/firewall/cluster.fw 72K /etc/pve/firewall/cluster.fw # wc -l /etc/pve/firewall/cluster.fw 30886 /etc/pve/firewall/cluster.fw -
Encore attaque via Google .
# zgrep "xmlrpc.php" /var/log/apache2/access.*.log | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -10 1 194.5.48.104 1 194.5.48.109 1 194.5.48.159 1 194.5.48.162 1 219.136.244.21 1 219.136.244.38 2 192.42.116.15 3 194.5.48.118 3 194.5.48.132 3396 34.158.164.29
Bonjour ! Vous semblez intéressé par cette conversation, mais vous n’avez pas encore de compte.
Marre de refaire défiler les mêmes messages ? Créez un compte pour retrouver votre position, recevoir des notifications des nouvelles réponses, sauvegarder vos favoris et voter pour les messages que vous appréciez.
Grâce à votre participation, ce message peut devenir encore meilleur 💗
S'inscrire Se connecter