Voici la liste des artciles :
Liste des IP qui essayent d’exploiter la faille MobileIron RCE CVE-2020-15505
Liste des IP qui essayent d’exploiter la faille GPON home (script)
Quels sont les pays des IP de mon fichier /etc/iptables/rules.v4 ?
Liste des IP qui essayent de sniffer le .env (Variables d’environnements)
Liste des IP qui font des attaques de type GET /shell
Liste des IP qui font des attaques de type HNAP1 : faille des routeurs Linksys
Attaque de l’IP 45.146.164.125 : HelloThinkCMF (Russie) => Blocage de l’IP sur tous les serveurs
Liste des IP filtrées (DROP) sur mes serveurs
Grosse attaque de l’IP 123.172.67.122 (Chine) : Il faut filtrer cette IP !
Nouveau scan sur Ngnix : wp-login.php (wordpress)
Voici le résultat :
# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination DROP all -- 112.126.90.41 anywhere DROP all -- 116.147.2.110 anywhere DROP all -- 122.14.209.13 anywhere DROP all -- ip199.ip-158-69-13.net anywhere DROP all -- 193.112.88.67 anywhere DROP all -- sym.gdsz.cncnet.net anywhere DROP all -- 223.75.249.2 anywhere DROP all -- 27.50.160.35 anywhere DROP all -- 49.233.63.234 anywhere DROP all -- 91.242.37.16 anywhere DROP all -- 103.87.167.253 anywhere DROP all -- static.vnpt.vn anywhere DROP all -- 83-235-201-123.static.youbroadband.in anywhere DROP all -- host-156.221.68.147-static.tedata.net anywhere DROP all -- dynamic-adsl.viettel.vn anywhere DROP all -- 176.240.226.165 anywhere DROP all -- 202.90.133.210 anywhere DROP all -- afol-ipg-1-88.africaonline.co.ug anywhere DROP all -- 175.172.174.191 anywhere DROP all -- 123.132.65.176 anywhere DROP all -- 103.145.13.43 anywhere DROP all -- 128.153.21.175.adsl-pool.jlccptt.net.cn anywhere DROP all -- static.189.34.63.178.clients.your-server.de anywhere DROP all -- scanner-06.ch1.censys-scanner.com anywhere DROP all -- ec2-34-240-212-8.eu-west-1.compute.amazonaws.com anywhere DROP all -- scanner-09.ch1.censys-scanner.com anywhere DROP all -- scanner-05.ch1.censys-scanner.com anywhere DROP all -- host-197.53.220.102.tedata.net anywhere DROP all -- 134.209.87.169 anywhere DROP all -- 66.151.211.226 anywhere DROP all -- 61.40.0.0/16 anywhere DROP all -- atlas.bullzibiz.net anywhere DROP all -- cocospace.com anywhere DROP all -- 81.68.159.121 anywhere DROP all -- h178-129-246-3.dyn.bashtel.ru anywhere DROP all -- 46.209.56.107 anywhere DROP all -- host-156.197.223.215-static.tedata.net anywhere DROP all -- host-156.216.199.50-static.tedata.net anywhere DROP all -- 192.241.224.104 anywhere DROP all -- 192.241.206.242 anywhere DROP all -- 22-193-245-216.static.reverse.lstn.net anywhere DROP all -- 36.27.208.157 anywhere DROP all -- 81.68.106.157 anywhere DROP all -- mocci.yy0aepo3j015sju anywhere DROP all -- 135.ip-54-39-22.net anywhere DROP all -- vmi365634.contaboserver.net anywhere DROP all -- broadwicklive-com.nh-serv.co.uk anywhere DROP all -- 103.241.205.1 anywhere DROP all -- 128.199.122.54 anywhere DROP all -- li849-223.members.linode.com anywhere DROP all -- 139.59.58.116 anywhere DROP all -- 159.89.109.162 anywhere DROP all -- 201.143.63.92.dsl.dyn.telnor.net anywhere DROP all -- sentora2.destinysystems.my anywhere DROP all -- 206.189.93.93 anywhere DROP all -- 211.43.12.188 anywhere DROP all -- 123.172.67.122 anywhere DROP all -- ec2-3-8-12-221.eu-west-2.compute.amazonaws.com anywhere DROP all -- ec2-34-237-4-205.compute-1.amazonaws.com anywhere DROP all -- ec2-34-230-156-67.compute-1.amazonaws.com anywhere DROP all -- ec2-3-142-196-207.us-east-2.compute.amazonaws.com anywhere DROP all -- unn-185-246-209-147.datapacket.com anywhere DROP all -- ec2-18-231-94-162.sa-east-1.compute.amazonaws.com anywhere DROP all -- cloud.ssh.ma anywhere DROP all -- 139.224.198.47 anywhere DROP all -- ec2-13-232-100-135.ap-south-1.compute.amazonaws.com anywhere DROP all -- 125.64.94.221 anywhere DROP all -- 121.5.250.245 anywhere DROP all -- 114.70.235.43 anywhere DROP all -- 101.255.122.146 anywhere DROP all -- 5.188.210.227 anywhere DROP all -- 37.49.229.222 anywhere DROP all -- ec2-34-237-4-205.compute-1.amazonaws.com anywhere DROP all -- hostingmailto246.statics.servermail.org anywhere DROP all -- 165.227.84.219 anywhere DROP all -- 165.22.232.189 anywhere DROP all -- 5.8.10.202 anywhere DROP all -- 5.188.210.227 anywhere DROP all -- 222.77.181.28 anywhere DROP all -- 125.64.94.221 anywhere DROP all -- fb.83.a86c.ip4.static.sl-reverse.com anywhere DROP all -- 189.86.143.79.mail.iranianwebman.ir anywhere DROP all -- 125.64.94.214 anywhere DROP all -- li1511-13.members.linode.com anywhere DROP all -- 45.146.164.125 anywhere DROP all -- 45.146.164.131 anywhere DROP all -- 45.155.205.109 anywhere DROP all -- 45.155.205.181 anywhere DROP all -- 45.155.205.196 anywhere DROP all -- 123.58.4.233 anywhere DROP all -- 45.15.18.3 anywhere DROP all -- 49.143.32.6 anywhere DROP all -- unn-84-17-42-11.cdn77.com anywhere DROP all -- 101.0.54.165 anywhere DROP all -- 113.220.18.13 anywhere DROP all -- 151.106.8.41 anywhere DROP all -- hn.kd.ny.adsl anywhere DROP all -- 103.91.80.2 anywhere DROP all -- 120.52.152.3 anywhere DROP all -- 45.14.149.244 anywhere DROP all -- 209.141.33.232 anywhere DROP all -- S0106d017c25a1f70.ed.shawcable.net anywhere DROP all -- 114-33-156-230.HINET-IP.hinet.net anywhere DROP all -- 59.63.206.200 anywhere DROP all -- 59.97.193.131 anywhere DROP all -- 117.241.51.177 anywhere DROP all -- 119.123.236.177 anywhere DROP all -- 27.5.37.175 anywhere DROP all -- 27.45.11.127 anywhere DROP all -- 61.242.40.137 anywhere DROP all -- hn.kd.ny.adsl anywhere DROP all -- 2.57.122.53 anywhere DROP all -- 2.57.122.53 anywhere DROP all -- ec2-3-19-213-88.us-east-2.compute.amazonaws.com anywhere DROP all -- 20.199.123.240 anywhere DROP all -- 20.68.241.118 anywhere DROP all -- 23.101.199.109 anywhere DROP all -- 64.212.202.35.bc.googleusercontent.com anywhere DROP all -- 40.121.11.29 anywhere DROP all -- 40.87.87.96 anywhere DROP all -- 40.89.150.92 anywhere DROP all -- 45.77.214.38.vultr.com anywhere DROP all -- 51.141.166.84 anywhere DROP all -- ip28.ip-51-210-137.eu anywhere DROP all -- 52.149.128.42 anywhere DROP all -- 52.175.210.216 anywhere DROP all -- 52.249.196.150 anywhere DROP all -- mail.inforza.com.pe anywhere DROP all -- 152.217.154.104.bc.googleusercontent.com anywhere DROP all -- 4.135.198.104.bc.googleusercontent.com anywhere DROP all -- 108.59.10.20 anywhere DROP all -- 115.78.14.240 anywhere DROP all -- 118.101.194.141 anywhere DROP all -- tor-exit.csail.mit.edu anywhere DROP all -- 134.119.189.155 anywhere DROP all -- 144.202.53.77.vultr.com anywhere DROP all -- 148.64.121.254 anywhere DROP all -- 149.28.84.31.vultr.com anywhere DROP all -- do-prod-eu-central-scanner-2604-13.do.binaryedge.ninja anywhere DROP all -- 215-128-93-172.reverse-dns anywhere DROP all -- 178.128.104.205 anywhere DROP all -- fixed-189-203-106-65.totalplay.net anywhere DROP all -- 190.83.155.186 anywhere DROP all -- li2196-53.members.linode.com anywhere DROP all -- guarded.dashskinz.com anywhere DROP all -- 194.116.73.192 anywhere DROP all -- 199-117-154-162.dia.static.qwest.net anywhere DROP all -- 210.66.16.184 anywhere DROP all -- 246.7.154.212.dsl.static.turk.net anywhere DROP all -- dojo.census.shodan.io anywhere DROP all -- sky.census.shodan.io anywhere DROP all -- 125.64.94.138 anywhere DROP all -- wine.census.shodan.io anywhere DROP all -- blue.census.shodan.io anywhere DROP all -- blue2.census.shodan.io anywhere DROP all -- 23-95-132-55-host.colocrossing.com anywhere DROP all -- 23-95-191-212-host.colocrossing.com anywhere DROP all -- 27.40.100.96 anywhere DROP all -- hn.kd.ny.adsl anywhere DROP all -- hn.kd.ny.adsl anywhere DROP all -- 120-54-229-45.redevirtualnet.com.br anywhere DROP all -- 59.99.47.115 anywhere DROP all -- hn.kd.ny.adsl anywhere DROP all -- 178.175.102.79 anywhere DROP all -- 180.188.249.125 anywhere DROP all -- 198-23-172-233-host.colocrossing.com anywhere DROP all -- hn.kd.jz.adsl anywhere DROP all -- 222.97.172.100 anywhere DROP all -- 45.146.165.123 anywhere
Misère