Archives de catégorie : Internets

NextCloud : Crash : Undefined class constant ‘MAJOR_VERSION’ in guzzlehttp

Publié le par
Répondre

Suite à l’update de NextCloud j’ai eu un crash :

Type : Error
Code : 0
Message : Undefined class constant 'MAJOR_VERSION'
Fichier : /usr/share/nginx/nextcloud/3rdparty/guzzlehttp/guzzle/src/Utils.php
Ligne : 118

Trace

#0 /usr/share/nginx/nextcloud/3rdparty/guzzlehttp/guzzle/src/functions.php(71): GuzzleHttp\Utils::defaultUserAgent()
#1 /usr/share/nginx/nextcloud/apps/files_external_gdrive/vendor/guzzlehttp/guzzle/src/Client.php(194): GuzzleHttp\default_user_agent()
#2 /usr/share/nginx/nextcloud/apps/files_external_gdrive/vendor/guzzlehttp/guzzle/src/Client.php(75): GuzzleHttp\Client->configureDefaults(Array)
#3 /usr/share/nginx/nextcloud/lib/private/Http/Client/ClientService.php(62): GuzzleHttp\Client->__construct()
#4 /usr/share/nginx/nextcloud/lib/private/OCS/DiscoveryService.php(55): OC\Http\Client\ClientService->newClient()
#5 /usr/share/nginx/nextcloud/lib/private/Server.php(1264): OC\OCS\DiscoveryService->__construct(Object(OC\Memcache\Factory), Object(OC\Http\Client\ClientService))
#6 /usr/share/nginx/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php(155): OC\Server->OC\{closure}(Object(OC\Server))
#7 /usr/share/nginx/nextcloud/3rdparty/pimple/pimple/src/Pimple/Container.php(118): OC\AppFramework\Utility\SimpleContainer->OC\AppFramework\Utility\{closure}(Object(Pimple\Container))
#8 /usr/share/nginx/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php(122): Pimple\Container->offsetGet('OCP\\OCS\\IDiscov...')
#9 /usr/share/nginx/nextcloud/lib/private/ServerContainer.php(137): OC\AppFramework\Utility\SimpleContainer->query('OCP\\OCS\\IDiscov...', false)
#10 /usr/share/nginx/nextcloud/lib/private/AppFramework/DependencyInjection/DIContainer.php(434): OC\ServerContainer->query('OCP\\OCS\\IDiscov...', true)
#11 /usr/share/nginx/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php(87): OC\AppFramework\DependencyInjection\DIContainer->query('OCP\\OCS\\IDiscov...', true)
#12 [internal function]: OC\AppFramework\Utility\SimpleContainer->OC\AppFramework\Utility\{closure}(Object(ReflectionParameter))
#13 /usr/share/nginx/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php(101): array_map(Object(Closure), Array)
#14 /usr/share/nginx/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php(109): OC\AppFramework\Utility\SimpleContainer->buildClass(Object(ReflectionClass))
#15 /usr/share/nginx/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php(126): OC\AppFramework\Utility\SimpleContainer->resolve('OCA\\FederatedFi...')
#16 /usr/share/nginx/nextcloud/lib/private/AppFramework/DependencyInjection/DIContainer.php(459): OC\AppFramework\Utility\SimpleContainer->query('OCA\\FederatedFi...')
#17 /usr/share/nginx/nextcloud/lib/private/AppFramework/DependencyInjection/DIContainer.php(431): OC\AppFramework\DependencyInjection\DIContainer->queryNoFallback('OCA\\FederatedFi...')
#18 /usr/share/nginx/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php(87): OC\AppFramework\DependencyInjection\DIContainer->query('OCA\\FederatedFi...', true)
#19 [internal function]: OC\AppFramework\Utility\SimpleContainer->OC\AppFramework\Utility\{closure}(Object(ReflectionParameter))
#20 /usr/share/nginx/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php(101): array_map(Object(Closure), Array)
#21 /usr/share/nginx/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php(109): OC\AppFramework\Utility\SimpleContainer->buildClass(Object(ReflectionClass))
#22 /usr/share/nginx/nextcloud/lib/private/AppFramework/Utility/SimpleContainer.php(126): OC\AppFramework\Utility\SimpleContainer->resolve('OCA\\FederatedFi...')
#23 /usr/share/nginx/nextcloud/lib/private/AppFramework/DependencyInjection/DIContainer.php(459): OC\AppFramework\Utility\SimpleContainer->query('OCA\\FederatedFi...')
#24 /usr/share/nginx/nextcloud/lib/private/ServerContainer.php(146): OC\AppFramework\DependencyInjection\DIContainer->queryNoFallback('OCA\\FederatedFi...')
#25 /usr/share/nginx/nextcloud/apps/provisioning_api/lib/Capabilities.php(50): OC\ServerContainer->query('OCA\\FederatedFi...')
#26 /usr/share/nginx/nextcloud/lib/private/CapabilitiesManager.php(72): OCA\Provisioning_API\Capabilities->getCapabilities()
#27 /usr/share/nginx/nextcloud/lib/private/Template/JSConfigHelper.php(183): OC\CapabilitiesManager->getCapabilities()
#28 /usr/share/nginx/nextcloud/lib/private/TemplateLayout.php(211): OC\Template\JSConfigHelper->getConfig()
#29 /usr/share/nginx/nextcloud/lib/private/legacy/OC_Template.php(183): OC\TemplateLayout->__construct('user', 'dashboard')
#30 /usr/share/nginx/nextcloud/lib/public/AppFramework/Http/TemplateResponse.php(210): OC_Template->fetchPage(Array)
#31 /usr/share/nginx/nextcloud/lib/private/AppFramework/Http/Dispatcher.php(172): OCP\AppFramework\Http\TemplateResponse->render()
#32 /usr/share/nginx/nextcloud/lib/private/AppFramework/App.php(157): OC\AppFramework\Http\Dispatcher->dispatch(Object(OCA\Dashboard\Controller\DashboardController), 'index')
#33 /usr/share/nginx/nextcloud/lib/private/Route/Router.php(302): OC\AppFramework\App::main('OCA\\Dashboard\\C...', 'index', Object(OC\AppFramework\DependencyInjection\DIContainer), Array)
#34 /usr/share/nginx/nextcloud/lib/base.php(993): OC\Route\Router->match('/apps/dashboard...')
#35 /usr/share/nginx/nextcloud/index.php(37): OC::handleRequest()
#36 {main}

Pour fixer le problème j’ai supprimé le plugins : files_external_gdrive
Le plugins utilisait une ancienne version : /usr/share/nginx/nextcloud/apps/files_external_gdrive/vendor/guzzlehttp/guzzle/src/ClientInterface.php alors qu’il fallait utiliser la nouvelle version : /usr/share/nginx/nextcloud/3rdparty/guzzlehttp/guzzle/src/ClientInterface.php

rm -rf /usr/share/nginx/nextcloud/apps/files_external_gdrive/

Le problème est donc fixé.

A suivre.

Arnaque du 0644693251 : Paiement par CARTE en cours .

Publié le par
Répondre

J’ai recu le message :

« Paiement par CARTE en cours

Montant : 722

Si vous n’êtes pas à l’oringe de ce paiement

Veuillez contacter le service ANTIFRAUDE de toute urgence au

+33.970.44.75.44

+33.644.67.91.87

(NON SURTAXE)

Sans nouvelle de votre part dans les 45 min

nous autorisons le paiement. »

Misère.

Petit résumé de tous mes articles sur mon iptable

Publié le par
Répondre

Voici la liste des artciles :

Liste des IP qui essayent d’exploiter la faille MobileIron RCE CVE-2020-15505
Liste des IP qui essayent d’exploiter la faille GPON home (script)
Quels sont les pays des IP de mon fichier /etc/iptables/rules.v4 ?
Liste des IP qui essayent de sniffer le .env (Variables d’environnements)
Liste des IP qui font des attaques de type GET /shell
Liste des IP qui font des attaques de type HNAP1 : faille des routeurs Linksys
Attaque de l’IP 45.146.164.125 : HelloThinkCMF (Russie) => Blocage de l’IP sur tous les serveurs
Liste des IP filtrées (DROP) sur mes serveurs
Grosse attaque de l’IP 123.172.67.122 (Chine) : Il faut filtrer cette IP !
Nouveau scan sur Ngnix : wp-login.php (wordpress)

Voici le résultat :

# iptables -L 
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       all  --  112.126.90.41        anywhere            
DROP       all  --  116.147.2.110        anywhere            
DROP       all  --  122.14.209.13        anywhere            
DROP       all  --  ip199.ip-158-69-13.net  anywhere            
DROP       all  --  193.112.88.67        anywhere            
DROP       all  --  sym.gdsz.cncnet.net  anywhere            
DROP       all  --  223.75.249.2         anywhere            
DROP       all  --  27.50.160.35         anywhere            
DROP       all  --  49.233.63.234        anywhere            
DROP       all  --  91.242.37.16         anywhere            
DROP       all  --  103.87.167.253       anywhere            
DROP       all  --  static.vnpt.vn       anywhere            
DROP       all  --  83-235-201-123.static.youbroadband.in  anywhere            
DROP       all  --  host-156.221.68.147-static.tedata.net  anywhere            
DROP       all  --  dynamic-adsl.viettel.vn  anywhere            
DROP       all  --  176.240.226.165      anywhere            
DROP       all  --  202.90.133.210       anywhere            
DROP       all  --  afol-ipg-1-88.africaonline.co.ug  anywhere            
DROP       all  --  175.172.174.191      anywhere            
DROP       all  --  123.132.65.176       anywhere            
DROP       all  --  103.145.13.43        anywhere            
DROP       all  --  128.153.21.175.adsl-pool.jlccptt.net.cn  anywhere            
DROP       all  --  static.189.34.63.178.clients.your-server.de  anywhere            
DROP       all  --  scanner-06.ch1.censys-scanner.com  anywhere            
DROP       all  --  ec2-34-240-212-8.eu-west-1.compute.amazonaws.com  anywhere            
DROP       all  --  scanner-09.ch1.censys-scanner.com  anywhere            
DROP       all  --  scanner-05.ch1.censys-scanner.com  anywhere            
DROP       all  --  host-197.53.220.102.tedata.net  anywhere            
DROP       all  --  134.209.87.169       anywhere            
DROP       all  --  66.151.211.226       anywhere            
DROP       all  --  61.40.0.0/16         anywhere            
DROP       all  --  atlas.bullzibiz.net  anywhere            
DROP       all  --  cocospace.com        anywhere            
DROP       all  --  81.68.159.121        anywhere            
DROP       all  --  h178-129-246-3.dyn.bashtel.ru  anywhere            
DROP       all  --  46.209.56.107        anywhere            
DROP       all  --  host-156.197.223.215-static.tedata.net  anywhere            
DROP       all  --  host-156.216.199.50-static.tedata.net  anywhere            
DROP       all  --  192.241.224.104      anywhere            
DROP       all  --  192.241.206.242      anywhere            
DROP       all  --  22-193-245-216.static.reverse.lstn.net  anywhere            
DROP       all  --  36.27.208.157        anywhere            
DROP       all  --  81.68.106.157        anywhere            
DROP       all  --  mocci.yy0aepo3j015sju  anywhere            
DROP       all  --  135.ip-54-39-22.net  anywhere            
DROP       all  --  vmi365634.contaboserver.net  anywhere            
DROP       all  --  broadwicklive-com.nh-serv.co.uk  anywhere            
DROP       all  --  103.241.205.1        anywhere            
DROP       all  --  128.199.122.54       anywhere            
DROP       all  --  li849-223.members.linode.com  anywhere            
DROP       all  --  139.59.58.116        anywhere            
DROP       all  --  159.89.109.162       anywhere            
DROP       all  --  201.143.63.92.dsl.dyn.telnor.net  anywhere            
DROP       all  --  sentora2.destinysystems.my  anywhere            
DROP       all  --  206.189.93.93        anywhere            
DROP       all  --  211.43.12.188        anywhere            
DROP       all  --  123.172.67.122       anywhere            
DROP       all  --  ec2-3-8-12-221.eu-west-2.compute.amazonaws.com  anywhere            
DROP       all  --  ec2-34-237-4-205.compute-1.amazonaws.com  anywhere            
DROP       all  --  ec2-34-230-156-67.compute-1.amazonaws.com  anywhere            
DROP       all  --  ec2-3-142-196-207.us-east-2.compute.amazonaws.com  anywhere            
DROP       all  --  unn-185-246-209-147.datapacket.com  anywhere            
DROP       all  --  ec2-18-231-94-162.sa-east-1.compute.amazonaws.com  anywhere            
DROP       all  --  cloud.ssh.ma         anywhere            
DROP       all  --  139.224.198.47       anywhere            
DROP       all  --  ec2-13-232-100-135.ap-south-1.compute.amazonaws.com  anywhere            
DROP       all  --  125.64.94.221        anywhere            
DROP       all  --  121.5.250.245        anywhere            
DROP       all  --  114.70.235.43        anywhere            
DROP       all  --  101.255.122.146      anywhere            
DROP       all  --  5.188.210.227        anywhere            
DROP       all  --  37.49.229.222        anywhere            
DROP       all  --  ec2-34-237-4-205.compute-1.amazonaws.com  anywhere            
DROP       all  --  hostingmailto246.statics.servermail.org  anywhere            
DROP       all  --  165.227.84.219       anywhere            
DROP       all  --  165.22.232.189       anywhere            
DROP       all  --  5.8.10.202           anywhere            
DROP       all  --  5.188.210.227        anywhere            
DROP       all  --  222.77.181.28        anywhere            
DROP       all  --  125.64.94.221        anywhere            
DROP       all  --  fb.83.a86c.ip4.static.sl-reverse.com  anywhere            
DROP       all  --  189.86.143.79.mail.iranianwebman.ir  anywhere            
DROP       all  --  125.64.94.214        anywhere            
DROP       all  --  li1511-13.members.linode.com  anywhere            
DROP       all  --  45.146.164.125       anywhere            
DROP       all  --  45.146.164.131       anywhere            
DROP       all  --  45.155.205.109       anywhere            
DROP       all  --  45.155.205.181       anywhere            
DROP       all  --  45.155.205.196       anywhere            
DROP       all  --  123.58.4.233         anywhere            
DROP       all  --  45.15.18.3           anywhere            
DROP       all  --  49.143.32.6          anywhere            
DROP       all  --  unn-84-17-42-11.cdn77.com  anywhere            
DROP       all  --  101.0.54.165         anywhere            
DROP       all  --  113.220.18.13        anywhere            
DROP       all  --  151.106.8.41         anywhere            
DROP       all  --  hn.kd.ny.adsl        anywhere            
DROP       all  --  103.91.80.2          anywhere            
DROP       all  --  120.52.152.3         anywhere            
DROP       all  --  45.14.149.244        anywhere            
DROP       all  --  209.141.33.232       anywhere            
DROP       all  --  S0106d017c25a1f70.ed.shawcable.net  anywhere            
DROP       all  --  114-33-156-230.HINET-IP.hinet.net  anywhere            
DROP       all  --  59.63.206.200        anywhere            
DROP       all  --  59.97.193.131        anywhere            
DROP       all  --  117.241.51.177       anywhere            
DROP       all  --  119.123.236.177      anywhere            
DROP       all  --  27.5.37.175          anywhere            
DROP       all  --  27.45.11.127         anywhere            
DROP       all  --  61.242.40.137        anywhere            
DROP       all  --  hn.kd.ny.adsl        anywhere            
DROP       all  --  2.57.122.53          anywhere            
DROP       all  --  2.57.122.53          anywhere            
DROP       all  --  ec2-3-19-213-88.us-east-2.compute.amazonaws.com  anywhere            
DROP       all  --  20.199.123.240       anywhere            
DROP       all  --  20.68.241.118        anywhere            
DROP       all  --  23.101.199.109       anywhere            
DROP       all  --  64.212.202.35.bc.googleusercontent.com  anywhere            
DROP       all  --  40.121.11.29         anywhere            
DROP       all  --  40.87.87.96          anywhere            
DROP       all  --  40.89.150.92         anywhere            
DROP       all  --  45.77.214.38.vultr.com  anywhere            
DROP       all  --  51.141.166.84        anywhere            
DROP       all  --  ip28.ip-51-210-137.eu  anywhere            
DROP       all  --  52.149.128.42        anywhere            
DROP       all  --  52.175.210.216       anywhere            
DROP       all  --  52.249.196.150       anywhere            
DROP       all  --  mail.inforza.com.pe  anywhere            
DROP       all  --  152.217.154.104.bc.googleusercontent.com  anywhere            
DROP       all  --  4.135.198.104.bc.googleusercontent.com  anywhere            
DROP       all  --  108.59.10.20         anywhere            
DROP       all  --  115.78.14.240        anywhere            
DROP       all  --  118.101.194.141      anywhere            
DROP       all  --  tor-exit.csail.mit.edu  anywhere            
DROP       all  --  134.119.189.155      anywhere            
DROP       all  --  144.202.53.77.vultr.com  anywhere            
DROP       all  --  148.64.121.254       anywhere            
DROP       all  --  149.28.84.31.vultr.com  anywhere            
DROP       all  --  do-prod-eu-central-scanner-2604-13.do.binaryedge.ninja  anywhere            
DROP       all  --  215-128-93-172.reverse-dns  anywhere            
DROP       all  --  178.128.104.205      anywhere            
DROP       all  --  fixed-189-203-106-65.totalplay.net  anywhere            
DROP       all  --  190.83.155.186       anywhere            
DROP       all  --  li2196-53.members.linode.com  anywhere            
DROP       all  --  guarded.dashskinz.com  anywhere            
DROP       all  --  194.116.73.192       anywhere            
DROP       all  --  199-117-154-162.dia.static.qwest.net  anywhere            
DROP       all  --  210.66.16.184        anywhere            
DROP       all  --  246.7.154.212.dsl.static.turk.net  anywhere            
DROP       all  --  dojo.census.shodan.io  anywhere            
DROP       all  --  sky.census.shodan.io  anywhere            
DROP       all  --  125.64.94.138        anywhere            
DROP       all  --  wine.census.shodan.io  anywhere            
DROP       all  --  blue.census.shodan.io  anywhere            
DROP       all  --  blue2.census.shodan.io  anywhere            
DROP       all  --  23-95-132-55-host.colocrossing.com  anywhere            
DROP       all  --  23-95-191-212-host.colocrossing.com  anywhere            
DROP       all  --  27.40.100.96         anywhere            
DROP       all  --  hn.kd.ny.adsl        anywhere            
DROP       all  --  hn.kd.ny.adsl        anywhere            
DROP       all  --  120-54-229-45.redevirtualnet.com.br  anywhere            
DROP       all  --  59.99.47.115         anywhere            
DROP       all  --  hn.kd.ny.adsl        anywhere            
DROP       all  --  178.175.102.79       anywhere            
DROP       all  --  180.188.249.125      anywhere            
DROP       all  --  198-23-172-233-host.colocrossing.com  anywhere            
DROP       all  --  hn.kd.jz.adsl        anywhere            
DROP       all  --  222.97.172.100       anywhere            
DROP       all  --  45.146.165.123       anywhere

Misère

Liste des IP qui essayent d’exploiter la faille MobileIron RCE CVE-2020-15505

Publié le par
Répondre

Pour plus d’information : https://perchsecurity.com/perch-news/cve-spotlight-mobileiron-rce-cve-2020-15505/

Exemple d’un logs :

45.146.165.123 - - [24/Jun/2021:03:49:36 +0200] "POST /mifs/.;/services/LogService HTTP/1.1" 302 5371 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
45.146.165.123 - - [24/Jun/2021:03:49:46 +0200] "GET /user/auth/login HTTP/1.1" 200 13385 "-/mifs/.;/services/LogService" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"

J’ai donc fait :

# zgrep "/mifs/." /var/log/apache2/access.humhub.log.*gz | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq | awk '{print "iptables -A INPUT -s " $1 " -j DROP "}'
iptables -A INPUT -s 45.146.165.123 -j DROP

Vu qu’il y avait qu’une seule IP, j’ai pas fait de script:

# iptables -A INPUT -s 45.146.165.123 -j DROP
# iptables-save > /etc/iptables/rules.v4

A suivre.