Blocage du jours
-
# grep "wp-login.php" /var/log/apache2/access.*.log | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -10 4 64.227.176.39 4 79.116.52.1 5 162.240.12.204 6 101.99.79.250 6 140.245.32.185 6 192.250.239.173 6 192.250.239.252 6 31.24.44.107 12 103.95.119.103 857 138.2.41.108 -
# grep "wp-login.php" /var/log/apache2/access.*.log | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -10 3 162.240.228.207 3 62.146.228.149 3 84.246.215.129 3 91.98.140.41 4 216.251.35.204 4 46.36.36.119 4 62.77.224.67 8 72.167.50.103 9 38.49.217.60 1054 102.220.160.154 # grep "xmlrpc.php" /var/log/apache2/access.*.log | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -10 1 194.5.82.93 1 194.5.82.94 1 34.178.7.245 1 34.61.201.74 1 45.92.1.243 4 34.6.71.112 121 82.102.18.190 122 143.244.57.123 2880 136.119.117.153 -
M247 LTD Paris Infrastructure => 82.102.18.0/24
https://ipinfo.io/82.102.18.190 -
# grep "xmlrpc.php" /var/log/apache2/access.*.log | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -10 4 34.178.114.95 4 34.91.17.240 1613 35.237.191.185 2491 208.76.40.197 # grep "wp-login.php" /var/log/apache2/access.*.log | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -10 2 31.134.0.15 2 45.133.113.39 2 62.146.228.149 2 77.83.1.115 2 94.154.127.88 3 206.232.0.131 4 195.3.220.7 4 72.167.50.103 11 191.102.132.209 831 208.76.40.197 -
Deux ranges de Google …
- 34.52.128.0/17
- 34.21.128.0/17
# cat /var/log/apache2/error.notes-ssl.log | awk '{print $11}' | sed 's/:/ /g' | awk '{print $1}' | sort -n |uniq -c 151 34.21.238.40 5 34.29.8.182 383 34.52.240.244 1 34.88.199.190 1 35.192.224.81 -
Encore des attaques de Google …
Blocage de 34.6.0.0/16 et 136.107.128.0/17.# grep "xmlrpc.php" /var/log/apache2/access.*.log | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -10 2 20.3.183.228 4 34.6.41.208 4 34.7.211.197 4 34.90.161.15 74 35.222.153.104 87 34.90.48.51 121 136.112.158.96 121 34.150.145.129 2149 136.107.233.1 5031 34.6.0.214 -
# grep "wp-login.php" /var/log/apache2/access.*.log | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -10 4 89.251.0.173 4 89.251.0.178 4 89.251.0.183 4 91.98.140.41 5 84.246.215.129 6 192.250.239.252 9 66.29.156.133 10 168.63.79.147 14 209.42.20.53 1707 129.212.238.200 -
# grep "xmlrpc.php" /var/log/apache2/access.*.log | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -10 3 74.208.212.238 4 34.90.161.15 6 62.164.177.223 26 62.164.177.224 54 62.164.177.222 110 35.202.159.4 121 136.112.204.59 404 34.21.18.152 1141 35.205.209.104 3446 219.152.63.187 -
J’ai ouvert un ticket chez Google … Ticket Reference ID: YRC5QRVIEEOXATF2QPMTLWG2JE .
A suivre. -
# grep "xmlrpc.php" /var/log/apache2/access.*.log | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -10 1 194.5.48.130 1 203.25.124.15 1 203.25.124.203 1 203.25.124.222 1 212.32.76.59 2 108.137.8.107 2 36.212.183.29 2 84.17.43.213 4 34.141.187.11 4500 162.243.212.182 -
Aie …
# grep "xmlrpc.php" /var/log/apache2/access.*.log.1 | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -10 4 194.5.48.130 4 36.212.183.29 4 84.17.43.213 8 34.141.187.11 8 34.158.89.172 8 34.32.236.161 242 136.113.189.75 242 34.121.222.169 242 34.31.215.6 9000 162.243.212.182 -
Taille actuelle :
# du -sh /etc/pve/firewall/cluster.fw 72K /etc/pve/firewall/cluster.fw # wc -l /etc/pve/firewall/cluster.fw 30886 /etc/pve/firewall/cluster.fw -
Encore attaque via Google .
# zgrep "xmlrpc.php" /var/log/apache2/access.*.log | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -10 1 194.5.48.104 1 194.5.48.109 1 194.5.48.159 1 194.5.48.162 1 219.136.244.21 1 219.136.244.38 2 192.42.116.15 3 194.5.48.118 3 194.5.48.132 3396 34.158.164.29 -
Comme toujours Google LLC : https://ipinfo.io/8.231.242.192?lookup_source=search-bar
# zgrep "xmlrpc.php" /var/log/apache2/access.*.log | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -10 1 146.70.40.70 1 159.223.43.16 1 194.5.48.114 1 194.5.48.138 2 194.5.48.180 2726 8.231.242.192 -
Comme toujours Google LLC : https://ipinfo.io/34.158.164.29?lookup_source=search-bar
# zgrep "xmlrpc.php" /var/log/apache2/access.*.log.1 | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -10 2 194.5.48.167 2 194.5.48.170 2 194.5.48.173 2 219.136.244.21 2 219.136.244.38 4 192.42.116.15 6 194.5.48.118 6 194.5.48.132 8 34.141.187.11 6792 34.158.164.29 -
Aspiration de mon GIT par 39.100.0.0/14 … Hangzhou Alibaba Advertising Co.,Ltd.
Utilisaton de 1235 IP différentes afin de ne pas être bloqué.
Du beau travail … -
2# zgrep "xmlrpc.php" /var/log/apache2/access.*.log | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -10 1 194.5.48.147 1 194.5.48.152 1 194.5.48.155 1 84.17.60.236 1 95.91.239.129 4 34.141.193.233 4 34.32.178.242 4 34.34.43.119 2314 136.111.202.87 16265 152.42.253.231Blocage de 152.42.240.0/20 : Digital Ocean.
Blocage de 136.111.0.0/16 : Google LLC. -
91.92.40.173 | Hopel, AS197170, VPN Not Detected
Get Details for IP 91.92.40.173: Hosted by TechTies Inc., located in Hopel, AS197170. View ranges, ASN info, and related IPs.
(ipinfo.io)
Blocage de 91.92.40.0/24
# grep "wp-login.php" /var/log/apache2/access.*.log | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -10 2 207.246.106.68 2 213.128.70.19 2 217.160.212.27 2 45.198.224.5 2 68.183.22.192 3 188.240.191.168 4 104.37.86.14 4 162.254.36.150 5 103.13.112.90 1288 91.92.40.173 -
157.245.57.78 | Singapore, AS14061, VPN Not Detected
Get Details for IP 157.245.57.78: Hosted by DigitalOcean, LLC, located in Singapore, AS14061. View ranges, ASN info, and related IPs.
(ipinfo.io)
# zgrep "xmlrpc.php" /var/log/apache2/access.*.log | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq -c | sort -n | tail -10 405 45.91.22.64 408 45.91.22.77 413 45.91.22.95 418 45.91.22.62 420 45.91.22.68 420 45.91.22.97 422 45.91.22.59 426 45.91.22.75 431 45.91.22.65 15224 157.245.57.78
Bonjour ! Vous semblez intéressé par cette conversation, mais vous n’avez pas encore de compte.
Marre de refaire défiler les mêmes messages ? Créez un compte pour retrouver votre position, recevoir des notifications des nouvelles réponses, sauvegarder vos favoris et voter pour les messages que vous appréciez.
Grâce à votre participation, ce message peut devenir encore meilleur 💗
S'inscrire Se connecter