Quels sont les pays des IP de mon fichier /etc/iptables/rules.v4 ?

195 x served & 3 x viewed

C’est la mise à jours de l’article : https://www.cyber-neurones.org/2021/10/quels-sont-les-pays-des-ip-de-mon-fichier-etc-iptables-rules-v4-3/

J’ai plus d’IP filtrée :

# cat /etc/iptables/rules.v4 | grep "j DROP" | grep "INPUT" | wc -l
442
# cat /etc/iptables/rules.v4 | grep "j DROP" | grep "INPUT" | awk '{print $4}' | sed 's/\// /g' | awk '{print $1}' | xargs -n 1 geoiplookup { } | sort | uniq -c | sort -n | sed -r 's/ GeoIP Country Edition://g'
      1 AL, Albania
      1 AR, Argentina
      1 AT, Austria
      1 BZ, Belize
      1 CZ, Czech Republic
      1 ES, Spain
      1 GR, Greece
      1 HK, Hong Kong
      1 HU, Hungary
      1 IE, Ireland
      1 MD, Moldova, Republic of
      1 PE, Peru
      1 PH, Philippines
      1 PS, Palestinian Territory
      1 RO, Romania
      1 TT, Trinidad and Tobago
      1 UG, Uganda
      2 DK, Denmark
      2 IR, Iran, Islamic Republic of
      2 MY, Malaysia
      2 RS, Serbia
      3 ID, Indonesia
      3 IT, Italy
      3 JP, Japan
      3 MX, Mexico
      3 SG, Singapore
      3 TW, Taiwan
      3 VN, Vietnam
      4 BA, Bosnia and Herzegovina
      4 BR, Brazil
      4 TR, Turkey
      5 EG, Egypt
      5 SE, Sweden
      6 GB, United Kingdom
      8 FR, France
      8 SC, Seychelles
      9 KR, Korea, Republic of
     10 CA, Canada
     11 NL, Netherlands
     12 DE, Germany
     13 IN, India
     17 RU, Russian Federation
     29 IP Address not found
     74 CN, China
    177 US, United States

Liste des IP qui exploitent la faille : editBlackAndWhiteList : Chine & Corée du Nord

206 x served & 9 x viewed

Voici la liste des IP ;

39.79.94.197 - admin [03/Jun/2022:12:13:29 +0200] "POST /editBlackAndWhiteList HTTP/1.1" 302 239 "-" "Mozila/5.0"
119.119.99.238 - admin [03/Jun/2022:14:36:51 +0200] "POST /editBlackAndWhiteList HTTP/1.1" 302 241 "-" "Mozila/5.0"
120.237.210.179 - admin [03/Jun/2022:14:56:25 +0200] "POST /editBlackAndWhiteList HTTP/1.1" 302 239 "-" "Mozila/5.0"
113.116.170.23 - admin [02/Jun/2022:06:50:53 +0200] "POST /editBlackAndWhiteList HTTP/1.1" 302 239 "-" "Mozila/5.0"
58.145.68.217 - admin [02/Jun/2022:09:37:28 +0200] "POST /editBlackAndWhiteList HTTP/1.1" 302 241 "-" "Mozila/5.0"
220.79.44.139 - admin [02/Jun/2022:12:53:38 +0200] "POST /editBlackAndWhiteList HTTP/1.1" 302 241 "-" "Mozila/5.0"

J’ai donc bloqué toutes ses IP :

# iptables -A INPUT -s 39.79.94.197 -j DROP
# iptables -A INPUT -s 119.119.99.238 -j DROP
# iptables -A INPUT -s 120.237.210.179 -j DROP
# iptables -A INPUT -s 113.116.170.23 -j DROP
# iptables -A INPUT -s 58.145.68.217 -j DROP
# iptables -A INPUT -s 220.79.44.139 -j DROP
# /usr/sbin/iptables-save > /etc/iptables/rules.v4

Quelques localisation ;

IP Address Country Region City
39.79.94.197 China Shandong Dongying
ISP Organization Latitude Longitude
China Unicom Shandong Province Network Not Available
IP Address Country Region City
119.119.99.238 China Liaoning Shenyang
ISP Organization Latitude Longitude
China Unicom Liaoning Province Network Not Available 41.7922 123.4328
IP Address Country Region City
120.237.210.179 China Guangdong Huizhou
ISP Organization Latitude Longitude
China Mobile Communications Corporation Not Available 23.0833 114.4000
IP Address Country Region City
113.116.170.23 China Guangdong Shenzhen
ISP Organization Latitude Longitude
ChinaNet Guangdong Province Network Not Available 22.5455 114.0683
IP Address Country Region City
58.145.68.217 Korea (Republic of) Gyeonggi-do Mansan
ISP Organization Latitude Longitude
SK Broadband Co Ltd Not Available 37.6795 127.1108
IP Address Country Region City
220.79.44.139 Korea (Republic of) Gyeonggi-do Seongnam
ISP Organization Latitude Longitude
KT Corporation Not Available 37.4201 127.1267

Scan de dossier par l’IP : 82.180.149.210

179 x served & 0 x viewed

IP Address Country Region City
82.180.149.210 Netherlands Noord-Holland Amsterdam
ISP Organization Latitude Longitude
Packethub S.A. Not Available 52.3785 4.9000

Voici la liste des dossiers testés :

# grep "82.180.149.210" /var/log/apache2/access.humhub.log | grep " 302 " | awk '{print $7}'
/
/
/git/
/git
/src/
/src
/config
/source/
/source
/sources/
/git/.git/config
/git/config
/src/.git/config
/src/config
/sources
/admin/
/source/.git/config
/admin
/source/config
/sources/.git/config
/sources/config
/admin/.git/config
/admin/config
/api
/rest/.git/config
/rest/config
/backend/.git/config
/rest/
/backend/config
/svc/.git/config
/svc/config
/service/.git/config
/service/config
/services/.git/config
/services/config
/app/.git/config
/app/config
/data/.git/config
/data/config
/rest
/bak/.git/config
/backend/
/bak/config
/backend
/svc/
/svc
/backup/.git/config
/backup/config
/test/.git/config
/test/config
/temp/.git/config
/temp/config
/tmp/.git/config
/tmp/config
/lib/.git/config
/lib/config
/libs/.git/config
/service/
/service
/services/
/services
/app/
/libs/config
/app
/cfg/.git/config
/data/
/data
/bak/
/bak
/backup/
/backup
/test/
/test
/cfg/config
/conf/.git/config
/conf/config
/config/.git/config
/config/config
/inc/.git/config
/inc/config
/include/.git/config
/include/config
/includes/.git/config
/includes/config
/temp/
/temp
/tmp/
/tmp
/lib/
/lib
/libs/
/libs
/cfg/
/cfg
/conf/
/conf
/config/
/config
/inc/
/inc
/include/
/include
/includes/
/includes
/upload/
/upload
/uploads/
/uploads/
/download/
/download
/downloads/
/downloads
/files/
/files
/log/
/log
/logs/
/logs
/cron/
/cron
/wallet/
/wallet
/wallets/
/wallets

J’ai donc bloqué l’IP.

# iptables -A INPUT -s 82.180.149.210 -j DROP
# /usr/sbin/iptables-save > /etc/iptables/rules.v4

Python/BRISQUE : Voir la « qualité » des photos NEXTCLOUD avec un script

67 x served & 1 x viewed

C’est pas vraiment top, dès qu’il y a de l’herbe j’ai la valeur > 100. C’était donc une fausse bonne idée …

Voici le script que j’ai fait :

#!/usr/bin/env python3.6
from libsvm import svmutil
from brisque import *
import sys
import os.path
import glob

brisq = BRISQUE()

for filename in glob.iglob('./Nextcloud/Photos/**', recursive=True):
     if (filename.endswith('.jpg')):
         temp=brisq.get_score(filename)
         if (temp > 100):
             print(filename)
             print(temp)

Par exemple : BRISQUE = 107.82606599602599 pour cette photo :