C’est la mise à jours de l’article : https://www.cyber-neurones.org/2021/10/quels-sont-les-pays-des-ip-de-mon-fichier-etc-iptables-rules-v4-3/

J’ai plus d’IP filtrée :

# cat /etc/iptables/rules.v4 | grep "j DROP" | grep "INPUT" | wc -l
442
# cat /etc/iptables/rules.v4 | grep "j DROP" | grep "INPUT" | awk '{print $4}' | sed 's/\// /g' | awk '{print $1}' | xargs -n 1 geoiplookup { } | sort | uniq -c | sort -n | sed -r 's/ GeoIP Country Edition://g'
      1 AL, Albania
      1 AR, Argentina
      1 AT, Austria
      1 BZ, Belize
      1 CZ, Czech Republic
      1 ES, Spain
      1 GR, Greece
      1 HK, Hong Kong
      1 HU, Hungary
      1 IE, Ireland
      1 MD, Moldova, Republic of
      1 PE, Peru
      1 PH, Philippines
      1 PS, Palestinian Territory
      1 RO, Romania
      1 TT, Trinidad and Tobago
      1 UG, Uganda
      2 DK, Denmark
      2 IR, Iran, Islamic Republic of
      2 MY, Malaysia
      2 RS, Serbia
      3 ID, Indonesia
      3 IT, Italy
      3 JP, Japan
      3 MX, Mexico
      3 SG, Singapore
      3 TW, Taiwan
      3 VN, Vietnam
      4 BA, Bosnia and Herzegovina
      4 BR, Brazil
      4 TR, Turkey
      5 EG, Egypt
      5 SE, Sweden
      6 GB, United Kingdom
      8 FR, France
      8 SC, Seychelles
      9 KR, Korea, Republic of
     10 CA, Canada
     11 NL, Netherlands
     12 DE, Germany
     13 IN, India
     17 RU, Russian Federation
     29 IP Address not found
     74 CN, China
    177 US, United States

Voici la liste des IP ;

39.79.94.197 - admin [03/Jun/2022:12:13:29 +0200] "POST /editBlackAndWhiteList HTTP/1.1" 302 239 "-" "Mozila/5.0"
119.119.99.238 - admin [03/Jun/2022:14:36:51 +0200] "POST /editBlackAndWhiteList HTTP/1.1" 302 241 "-" "Mozila/5.0"
120.237.210.179 - admin [03/Jun/2022:14:56:25 +0200] "POST /editBlackAndWhiteList HTTP/1.1" 302 239 "-" "Mozila/5.0"
113.116.170.23 - admin [02/Jun/2022:06:50:53 +0200] "POST /editBlackAndWhiteList HTTP/1.1" 302 239 "-" "Mozila/5.0"
58.145.68.217 - admin [02/Jun/2022:09:37:28 +0200] "POST /editBlackAndWhiteList HTTP/1.1" 302 241 "-" "Mozila/5.0"
220.79.44.139 - admin [02/Jun/2022:12:53:38 +0200] "POST /editBlackAndWhiteList HTTP/1.1" 302 241 "-" "Mozila/5.0"

J’ai donc bloqué toutes ses IP :

# iptables -A INPUT -s 39.79.94.197 -j DROP
# iptables -A INPUT -s 119.119.99.238 -j DROP
# iptables -A INPUT -s 120.237.210.179 -j DROP
# iptables -A INPUT -s 113.116.170.23 -j DROP
# iptables -A INPUT -s 58.145.68.217 -j DROP
# iptables -A INPUT -s 220.79.44.139 -j DROP
# /usr/sbin/iptables-save > /etc/iptables/rules.v4

Quelques localisation ;

IP Address	Country	Region	City
39.79.94.197	China	Shandong	Dongying
ISP	Organization	Latitude	Longitude
China Unicom Shandong Province Network	Not Available

IP Address	Country	Region	City
119.119.99.238	China	Liaoning	Shenyang
ISP	Organization	Latitude	Longitude
China Unicom Liaoning Province Network	Not Available	41.7922	123.4328

IP Address	Country	Region	City
120.237.210.179	China	Guangdong	Huizhou
ISP	Organization	Latitude	Longitude
China Mobile Communications Corporation	Not Available	23.0833	114.4000

IP Address	Country	Region	City
113.116.170.23	China	Guangdong	Shenzhen
ISP	Organization	Latitude	Longitude
ChinaNet Guangdong Province Network	Not Available	22.5455	114.0683

IP Address	Country	Region	City
58.145.68.217	Korea (Republic of)	Gyeonggi-do	Mansan
ISP	Organization	Latitude	Longitude
SK Broadband Co Ltd	Not Available	37.6795	127.1108

IP Address	Country	Region	City
220.79.44.139	Korea (Republic of)	Gyeonggi-do	Seongnam
ISP	Organization	Latitude	Longitude
KT Corporation	Not Available	37.4201	127.1267

IP Address	Country	Region	City
82.180.149.210	Netherlands	Noord-Holland	Amsterdam
ISP	Organization	Latitude	Longitude
Packethub S.A.	Not Available	52.3785	4.9000

Voici la liste des dossiers testés :

# grep "82.180.149.210" /var/log/apache2/access.humhub.log | grep " 302 " | awk '{print $7}'
/
/
/git/
/git
/src/
/src
/config
/source/
/source
/sources/
/git/.git/config
/git/config
/src/.git/config
/src/config
/sources
/admin/
/source/.git/config
/admin
/source/config
/sources/.git/config
/sources/config
/admin/.git/config
/admin/config
/api
/rest/.git/config
/rest/config
/backend/.git/config
/rest/
/backend/config
/svc/.git/config
/svc/config
/service/.git/config
/service/config
/services/.git/config
/services/config
/app/.git/config
/app/config
/data/.git/config
/data/config
/rest
/bak/.git/config
/backend/
/bak/config
/backend
/svc/
/svc
/backup/.git/config
/backup/config
/test/.git/config
/test/config
/temp/.git/config
/temp/config
/tmp/.git/config
/tmp/config
/lib/.git/config
/lib/config
/libs/.git/config
/service/
/service
/services/
/services
/app/
/libs/config
/app
/cfg/.git/config
/data/
/data
/bak/
/bak
/backup/
/backup
/test/
/test
/cfg/config
/conf/.git/config
/conf/config
/config/.git/config
/config/config
/inc/.git/config
/inc/config
/include/.git/config
/include/config
/includes/.git/config
/includes/config
/temp/
/temp
/tmp/
/tmp
/lib/
/lib
/libs/
/libs
/cfg/
/cfg
/conf/
/conf
/config/
/config
/inc/
/inc
/include/
/include
/includes/
/includes
/upload/
/upload
/uploads/
/uploads/
/download/
/download
/downloads/
/downloads
/files/
/files
/log/
/log
/logs/
/logs
/cron/
/cron
/wallet/
/wallet
/wallets/
/wallets

J’ai donc bloqué l’IP.

# iptables -A INPUT -s 82.180.149.210 -j DROP
# /usr/sbin/iptables-save > /etc/iptables/rules.v4