Re: Authentification failure

Wed, 05 Jun 2019 01:12:03 -0700 

Bonjour,
J’observe cela depuis plusieurs années. au départ les bot chinois qui sont très actifs puis d'autres. 


Chez GuppY (CMS) nous avons préconisé l'utilisation de blocage de plages 
IP dans le .htaccess à la racine des sites hébergés en mutualisé et nous 
utilisons iptables sur nos serveurs


Exemple pour les htaccess à la racine des sites :

<Files *>
  <RequireAll>
    Require all granted

# Cambodia (KH)
Require not ip 114.134.184.0/21

# Chinese (CN) IP addresses follow (split into two lines on 7/6/17 to 
avoid possible Server 500 due to excess line length):
Require not ip 1.24.0.0/13 1.48.0.0/15 1.50.0.0/16 1.56.0.0/13 
1.68.0.0/14 1.80.0.0/13 1.92.0.0/14 1.180.0.0/14 1.188.0.0/14 
1.192.0.0/13 1.202.0.0/15 1.204.0.0/14 14.16.0.0/12 14.104.0.0/13 
14.112.0.0/12 14.134.0.0/15 14.144.0.0/12 14.204.0.0/15 14.208.0.0/12 
23.80.54.0/24 23.104.141.0/24 23.105.14.0/24 23.226.208.0/24 27.8.0.0/13 
27.16.0.0/12 27.36.0.0/14 27.40.0.0/13 27.50.128.0/17 27.54.192.0/18 
27.106.128.0/18 27.115.0.0/17 27.148.0.0/14 27.152.0.0/13 27.184.0.0/13 
27.192.0.0/11 27.224.0.0/14 36.1.0.0/16 36.4.0.0/14 36.26.0.0/16 
36.32.0.0/14 36.36.0.0/16 36.40.0.0/13 36.48.0.0/15 36.56.0.0/13 
36.96.0.0/11 36.128.0.0/11 36.248.0.0/14 39.64.0.0/11 39.128.0.0/10 
42.4.0.0/14 42.48.0.0/15 42.52.0.0/14 42.56.0.0/14 42.84.0.0/14 
42.88.0.0/13 42.96.128.0/17 42.100.0.0/14 42.120.0.0/14 42.156.0.0/16 
42.176.0.0/13 42.185.0.0/16 42.202.0.0/15 42.224.0.0/12 42.242.0.0/15 
42.248.0.0/15 43.255.0.0/20 43.255.16.0/22 43.255.48.0/22 43.255.60.0/22 
43.255.64.0/20 43.255.96.0/20 43.255.144.0/22 43.255.168.0/22 
43.255.176.0/22 43.255.184.0/22 43.255.192.0/22 43.255.200.0/21 
43.255.208.0/21 43.255.224.0/21 43.255.232.0/22 43.255.244.0/22 
47.88.0.0/14 47.92.0.0/14 49.5.0.0/16 49.64.0.0/11 49.112.0.0/13 
54.222.0.0/15 58.16.0.0/14 58.20.0.0/16 58.21.0.0/16 58.22.0.0/15 
58.34.0.0/16 58.37.0.0/16 58.38.0.0/16 58.40.0.0/16 58.42.0.0/16 
58.44.0.0/14 58.48.0.0/13 58.56.0.0/14 58.60.0.0/14 58.68.128.0/17 
58.82.0.0/15 58.100.0.0/15 58.116.0.0/14 58.128.0.0/13 58.208.0.0/12 
58.240.0.0/13 58.248.0.0/13 59.32.0.0/12 59.48.0.0/14 59.52.0.0/14 
59.56.0.0/13 59.72.0.0/16 59.108.0.0/15 59.172.0.0/14 60.0.0.0/12 
60.11.0.0/16 60.12.0.0/14 60.16.0.0/13 60.24.0.0/13 60.160.0.0/11 
60.194.0.0/15 60.205.0.0/16 60.208.0.0/12 60.253.128.0/17 61.4.64.0/20 
61.4.80.0/22 61.4.176.0/20 61.48.0.0/13 61.128.0.0/10 61.135.0.0/16 
61.136.0.0/18 61.139.0.0/16 61.145.73.208/28 61.147.0.0/16 61.150.0.0/16 
61.152.0.0/16 61.154.0.0/16 61.160.0.0/16 61.162.0.0/15 61.164.0.0/16 
61.172.0.0/15 61.175.0.0/16 61.177.0.0/16 61.179.0.0/16 61.183.0.0/16 
61.184.0.0/16 61.185.219.232/29 61.187.0.0/16 61.188.0.0/16 
61.232.0.0/14 61.236.0.0/15 61.240.0.0/14


Etc

__________________________________________________________________________

pour iptables :

iptables -I INPUT 1 -s 212.83.144.0/20 -j DROP
iptables -I INPUT 1 -s 118.200.0.0/16 -j DROP
iptables -I INPUT 1 -s 207.46.0.0/16 -j DROP
iptables -I INPUT 1 -s 54.254.0.0/16 -j DROP
iptables -I INPUT 1 -s 91.224.160.0/23 -j DROP
iptables -I INPUT 1 -s 175.100.144.0/20 -j DROP
iptables -I INPUT 1 -s 134.212.0.0/15 -j DROP
iptables -I INPUT 1 -s 134.214.0.0/16 -j DROP
iptables -I INPUT 1 -s 190.255.176.88/29 -j DROP
iptables -I INPUT 1 -s 118.70.176.0/20 -j DROP
iptables -I INPUT 1 -s 195.154.0.0/17 -j DROP
iptables -I INPUT 1 -s 91.200.12.0/22 -j DROP
iptables-save -c > /etc/iptables-save

Etc


Amicalement,
Jean alias JeandePeyrat
https://www.freeguppy.org/
https://asso.freeguppy.org/
https://www.anacr-correze.fr/
https://Beaucoup d'autres !

Le 05/06/2019 à 08:32, steve a écrit :

Salut à tous,

Depuis une dizaine de jours, j'observe une augmentation massive de scans
sur ma machine.

sshd:
   Authentication Failures:
      unknown (115.159.235.17): 100 Time(s)
      unknown (153.37.192.4): 99 Time(s)
      unknown (183.103.146.208): 99 Time(s)
      unknown (190.0.159.69): 99 Time(s)
      unknown (106.13.103.204): 98 Time(s)
      unknown (109.86.200.141): 98 Time(s)
      unknown (94.23.62.187): 98 Time(s)
      unknown (45.127.106.51): 96 Time(s)
      unknown (103.202.132.175): 95 Time(s)
      unknown (217.182.95.16): 95 Time(s)
      unknown (47.74.150.153): 95 Time(s)
      unknown (220.168.86.37): 87 Time(s)
      unknown (122.155.223.31): 73 Time(s)
      unknown (190.111.239.48): 70 Time(s)
      unknown (188.166.31.205): 56 Time(s)
      unknown (47.254.158.221): 48 Time(s)
      unknown (51.15.117.94): 47 Time(s)
      unknown (142.93.237.233): 34 Time(s)
      unknown (223.83.155.77): 16 Time(s)
      unknown (41.77.145.34): 13 Time(s)
      unknown (118.24.99.163): 12 Time(s)
      unknown (46.190.57.82): 9 Time(s)
      unknown (89.79.197.61): 9 Time(s)
      unknown (115.159.30.108): 8 Time(s)
      backup (188.166.31.205): 2 Time(s)
      root (104.236.102.16): 2 Time(s)
      root (223.17.237.138): 2 Time(s)
      unknown (128.199.221.18): 2 Time(s)
      backup (103.202.132.175): 1 Time(s)
      backup (47.254.158.221): 1 Time(s)
      backup (47.74.150.153): 1 Time(s)
      daemon (45.127.106.51): 1 Time(s)
      backup (188.166.31.205): 2 Time(s)
      root (104.236.102.16): 2 Time(s)
      root (223.17.237.138): 2 Time(s)
      unknown (128.199.221.18): 2 Time(s)
      backup (103.202.132.175): 1 Time(s)
      backup (47.254.158.221): 1 Time(s)
      backup (47.74.150.153): 1 Time(s)
      daemon (45.127.106.51): 1 Time(s)
      games (103.202.132.175): 1 Time(s)
      games (188.166.31.205): 1 Time(s)
      games (94.23.62.187): 1 Time(s)
      gnats (159.65.144.233): 1 Time(s)
      gnats (190.111.239.48): 1 Time(s)
      gnats (45.127.106.51): 1 Time(s)
      hplip (103.202.132.175): 1 Time(s)
      irc (106.13.103.204): 1 Time(s)
      irc (217.182.95.16): 1 Time(s)
      irc (41.77.145.34): 1 Time(s)
      irc (47.74.150.153): 1 Time(s)
      list (47.254.158.221): 1 Time(s)
      lp (217.182.95.16): 1 Time(s)
      mail (103.202.132.175): 1 Time(s)
      man (115.159.30.108): 1 Time(s)
      man (153.37.192.4): 1 Time(s)
      man (47.74.150.153): 1 Time(s)
      mysql (109.86.200.141): 1 Time(s)
      mysql (153.37.192.4): 1 Time(s)
      mysql (190.111.239.48): 1 Time(s)
      mysql (202.88.241.107): 1 Time(s)
      mysql (45.127.106.51): 1 Time(s)
      mysql (51.15.117.94): 1 Time(s)
      mysql (81.133.216.92): 1 Time(s)
      mysql (94.23.62.187): 1 Time(s)
      news (190.0.159.69): 1 Time(s)
      news (47.74.150.153): 1 Time(s)
      nobody (118.25.221.166): 1 Time(s)
      nobody (217.182.95.16): 1 Time(s)
      plex (217.182.95.16): 1 Time(s)
      proxy (103.202.132.175): 1 Time(s)
      proxy (47.74.150.153): 1 Time(s)
      root (104.248.211.180): 1 Time(s)
      root (105.235.116.254): 1 Time(s)
      Invalid Users:
      Unknown Account: 1610 Time(s)


Je me demandais si vous observiez la même chose.

Merci

Steve




---
L'absence de virus dans ce courrier électronique a été vérifiée par le logiciel 
antivirus Avast.
https://www.avast.com/antivirus
























					Répondre à