No description
| iptables-CCbot.txt | ||
| README.md | ||
CCBot : Scan ...
Ancienne méthode :
J'ai une visite de "CCBot" via un nombre d'IP importante.
# zgrep "CCBot" /var/log/apache2/access.*gz | sed 's/:/ /g' | awk '{print $2}' | sort | uniq | wc -l
4917
L'idée est de bloquer les IP ... la provenance :
# zgrep "CCBot" /var/log/apache2/access.*gz | sed 's/:/ /g' | awk '{print $2}' | sort | uniq | xargs -n 1 geoiplookup { } | sort | uniq -c | sort -n | sed -r 's/ GeoIP Country Edition://g'
1 AE, United Arab Emirates
1 BW, Botswana
1 BY, Belarus
1 CN, China
1 CY, Cyprus
1 EE, Estonia
1 ET, Ethiopia
1 FR, France
1 GB, United Kingdom
1 HK, Hong Kong
1 HU, Hungary
1 IE, Ireland
1 IR, Iran, Islamic Republic of
1 JM, Jamaica
1 JO, Jordan
1 KG, Kyrgyzstan
1 KH, Cambodia
1 KR, Korea, Republic of
1 LB, Lebanon
1 LK, Sri Lanka
1 LT, Lithuania
1 MK, Macedonia
1 NI, Nicaragua
1 OM, Oman
1 PR, Puerto Rico
1 PS, Palestinian Territory
1 RO, Romania
1 SI, Slovenia
1 SN, Senegal
1 TT, Trinidad and Tobago
2 AU, Australia
2 BZ, Belize
2 DE, Germany
2 DZ, Algeria
2 NO, Norway
2 NP, Nepal
2 RS, Serbia
3 AL, Albania
3 BA, Bosnia and Herzegovina
3 BG, Bulgaria
3 GA, Gabon
3 IL, Israel
3 SE, Sweden
3 SV, El Salvador
4 AZ, Azerbaijan
4 BH, Bahrain
4 CZ, Czech Republic
4 GT, Guatemala
4 JP, Japan
4 KZ, Kazakhstan
5 BO, Bolivia
5 KW, Kuwait
5 PA, Panama
6 KE, Kenya
6 PK, Pakistan
6 UZ, Uzbekistan
7 HN, Honduras
7 IQ, Iraq
7 TN, Tunisia
7 VE, Venezuela
12 IN, India
13 DO, Dominican Republic
13 MA, Morocco
16 EG, Egypt
16 UY, Uruguay
21 PE, Peru
21 UA, Ukraine
24 BD, Bangladesh
26 PY, Paraguay
28 ZA, South Africa
29 CL, Chile
35 CR, Costa Rica
48 MX, Mexico
52 RU, Russian Federation
60 CO, Colombia
69 ID, Indonesia
95 US, United States
106 EC, Ecuador
120 IP Address not found
291 AR, Argentina
1210 VN, Vietnam
2462 BR, Brazil
Bref seulement une en France ... donc pas grave si je bloque la liste entière.
zgrep "CCBot" /var/log/apache2/access.*gz | sed 's/:/ /g' | awk '{print $2}' | sort | uniq | awk '{print "IN DROP -i net0 -source " $1 " -p tcp -log notice # CCBot"}' > iptables-CCbot.txt
Nouvelle méthode :
# grep "CCBot" /etc/pve/firewall/cluster.fw > iptables-CCbot.txt
# wc -l iptables-CCbot.txt
9023 iptables-CCbot.txt
# cat iptables-CCbot.txt | awk '{print $4}' | sort | uniq | xargs -n 1 geoiplookup { } | sort | uniq -c | sort -n | sed -r 's/ GeoIP Country Edition://g'
1 AM, Armenia
1 AT, Austria
1 BN, Brunei Darussalam
1 CI, Cote D'Ivoire
1 CY, Cyprus
1 EE, Estonia
1 ES, Spain
1 ET, Ethiopia
1 FI, Finland
1 GE, Georgia
1 HR, Croatia
1 IE, Ireland
1 JM, Jamaica
1 KH, Cambodia
1 LB, Lebanon
1 MD, Moldova, Republic of
1 MK, Macedonia
1 MU, Mauritius
1 NG, Nigeria
1 NI, Nicaragua
1 OM, Oman
1 QA, Qatar
1 SI, Slovenia
1 SN, Senegal
1 TT, Trinidad and Tobago
1 ZW, Zimbabwe
2 AE, United Arab Emirates
2 BY, Belarus
2 CZ, Czech Republic
2 HU, Hungary
2 IR, Iran, Islamic Republic of
2 KG, Kyrgyzstan
2 PA, Panama
2 PR, Puerto Rico
2 PS, Palestinian Territory
2 RO, Romania
2 SE, Sweden
2 SK, Slovakia
3 AL, Albania
3 BW, Botswana
3 CR, Costa Rica
3 GA, Gabon
3 IL, Israel
3 JO, Jordan
3 LK, Sri Lanka
3 SV, El Salvador
4 BA, Bosnia and Herzegovina
5 BH, Bahrain
5 NP, Nepal
7 AZ, Azerbaijan
7 DZ, Algeria
7 HN, Honduras
7 KW, Kuwait
7 RS, Serbia
8 BG, Bulgaria
8 BO, Bolivia
9 GT, Guatemala
10 KE, Kenya
10 KZ, Kazakhstan
16 PK, Pakistan
18 IN, India
18 TN, Tunisia
20 UZ, Uzbekistan
21 DO, Dominican Republic
22 US, United States
25 EG, Egypt
25 MA, Morocco
27 VE, Venezuela
29 IQ, Iraq
30 UY, Uruguay
36 UA, Ukraine
44 SG, Singapore
46 CL, Chile
49 PE, Peru
52 ZA, South Africa
69 MX, Mexico
70 PY, Paraguay
75 BD, Bangladesh
80 RU, Russian Federation
94 CO, Colombia
175 ID, Indonesia
178 EC, Ecuador
444 AR, Argentina
1900 VN, Vietnam
4034 BR, Brazil