Liste des IP qui essayent d’exploiter la faille Boaform « /boaform/admin/formLogin »

5 x served & 1 x viewed

Pour plus d’information : https://nvd.nist.gov/vuln/detail/CVE-2020-8958

Un exemple de logs :

222.137.98.210 - - [29/Jul/2021:03:47:33 +0200] "GET /boaform/admin/formLogin?username=ec8&psd=ec8 HTTP/1.0" 301 650 "-" "-"
114.134.24.46 - - [29/Jul/2021:06:02:40 +0200] "GET /boaform/admin/formLogin?username=ec8&psd=ec8 HTTP/1.0" 301 650 "-" "-"

La liste des IP sur mon serveur :

# zgrep "/boaform/admin/formLogin" /var/log/apache2/access.humhub.log.*gz | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq | awk '{print "/usr/sbin/iptables -A INPUT -s " $1 " -j DROP "}'
/usr/sbin/iptables -A INPUT -s 62.171.164.100 -j DROP 
/usr/sbin/iptables -A INPUT -s 93.174.89.216 -j DROP 
/usr/sbin/iptables -A INPUT -s 103.145.13.120 -j DROP 
/usr/sbin/iptables -A INPUT -s 111.59.6.79 -j DROP 
/usr/sbin/iptables -A INPUT -s 116.24.189.232 -j DROP 
/usr/sbin/iptables -A INPUT -s 125.41.13.162 -j DROP 
/usr/sbin/iptables -A INPUT -s 125.44.215.247 -j DROP 
/usr/sbin/iptables -A INPUT -s 134.122.43.75 -j DROP 
/usr/sbin/iptables -A INPUT -s 136.144.41.150 -j DROP 
/usr/sbin/iptables -A INPUT -s 143.110.208.55 -j DROP 
/usr/sbin/iptables -A INPUT -s 143.198.235.203 -j DROP 
/usr/sbin/iptables -A INPUT -s 143.198.66.250 -j DROP 
/usr/sbin/iptables -A INPUT -s 147.182.179.241 -j DROP 
/usr/sbin/iptables -A INPUT -s 147.182.179.242 -j DROP 
/usr/sbin/iptables -A INPUT -s 147.182.179.243 -j DROP 
/usr/sbin/iptables -A INPUT -s 147.182.179.244 -j DROP 
/usr/sbin/iptables -A INPUT -s 147.182.179.245 -j DROP 
/usr/sbin/iptables -A INPUT -s 165.227.42.8 -j DROP 
/usr/sbin/iptables -A INPUT -s 165.232.146.19 -j DROP 
/usr/sbin/iptables -A INPUT -s 167.99.184.39 -j DROP 
/usr/sbin/iptables -A INPUT -s 167.99.189.51 -j DROP 
/usr/sbin/iptables -A INPUT -s 205.185.115.135 -j DROP 
/usr/sbin/iptables -A INPUT -s 209.141.41.11 -j DROP 
/usr/sbin/iptables -A INPUT -s 209.141.41.98 -j DROP 
/usr/sbin/iptables -A INPUT -s 209.141.50.63 -j DROP 
/usr/sbin/iptables -A INPUT -s 209.141.54.8 -j DROP 

Actuellement j’ai 198 IP qui sont blacklistés :

# cat /etc/iptables/rules.v4 | grep "DROP" | wc -l
198

Liste des IP qui essayent d’exploiter la faille « f+bin.arm7%3b%23&remoteSubmit=Save »

8 x served & 3 x viewed

Exemple d’un logs :

42.193.186.22 - - [29/Jul/2021:10:49:58 +0200] "f+bin.arm7%3b%23&remoteSubmit=Save" 400 0 "-" "-"
42.193.186.22 - - [29/Jul/2021:10:49:58 +0200] "POST /cgi-bin/ViewLog.asp HTTP/1.1" 302 0 "-" "MtmKilledYou"

J’ai donc fait :

# zgrep "arm7" /var/log/apache2/access.humhub.log.*gz | sed 's/:/ /g' | awk '{print $2}' | sort -n | uniq | awk '{print "iptables -A INPUT -s " $1 " -j DROP "}'
iptables -A INPUT -s 42.193.186.22 -j DROP 
iptables -A INPUT -s 189.72.251.188 -j DROP 
iptables -A INPUT -s 195.47.196.114 -j DROP

J’ai donc blacklisté trois IP de plus … quand on aime …

Misère.

42.193.186.22 -> Chine
189.72.251.188 -> Brésil
195.47.196.114 -> Russie.

Le trio gagnant …. pour changer.

Misère.

WordPress : Modification de la configuration : Passage de HTTP en HTTPS

16 x served & 1 x viewed

Je viens de changer la configuration du blog, maintenant je force le HTTPS.
A suivre.

Pour la modification des URL en HTTP j’ai utilisé : https://wordpress.org/plugins/velvet-blues-update-urls/ .

Migration Rubitrack (MacOS) to Golden Cheetah (Windows) : Test KO.

36 x served & 5 x viewed

I try to do migration from Rubitrack to Golden Cheetah :

My Realse of Rubitrack : 5.3.6 :

My file rubitrack5 : 579,8 Mo. I have lot of different activities :

Test 1 : I select all and I do a export TCX :

Result : KO

Test 2 : I select all and I do a export TCX (and i check the box).

Result : KO

The size of file TCX it’s 2,4 Go

# cat Test.tcx | grep "<Activity Sport" | awk '{print $2}' | sort -n | uniq -c
7213 Sport="Other">
1106 Sport="Running">
# du -h Test.tcx
2,4G	Test.tcx
# head -2 Test.tcx 
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<TrainingCenterDatabase 
xmlns="http://www.garmin.com/xmlschemas/TrainingCenterDatabase/v2" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:schemaLocation="http://www.garmin.com/xmlschemas/TrainingCenterDatabase/v2 
http://www.garmin.com/xmlschemas/TrainingCenterDatabasev2.xsd">

1 – I think it’s not works because it’s not one file by activity.

2 – Normaly I must see ‘biking’, ‘running’, ‘hiking’, ‘walking’ and ‘swimming’  …. I see only Other & Running. If you see https://www8.garmin.com/xmlschemas/TrainingCenterDatabasev2.xsd :

<xsd:element name="Running" type="HistoryFolder_t"/>
<xsd:element name="Biking" type="HistoryFolder_t"/>
<xsd:element name="Other" type="HistoryFolder_t"/>
<xsd:element name="MultiSport" type="MultiSportFolder_t"/>
<xsd:element name="Extensions" type="Extensions_t" minOccurs="0">

I try also to import the TCX to Garmin (who develop the TCX format) : KO.

The Release of Base Camp it’s Version 4.8.11 (4.8.11).

So I think it’s bad format .… I do a post on forum : https://forum.rubitrack.com/viewtopic.php?p=12551#p12551 

I use Rubitrack since : Wed Nov 21, 2012 2:52 pm … but for me the most important on all application it’s to have a perfect import/export. My data it’s my property !  So I’m not very happy …