J’ai donc fait un script :
# zgrep ".well-known" /var/log/apache2/error.humhub.log.*gz | sed 's/:/ /g' | awk '{print $14}' | sort -n | uniq | awk '{print "iptables -A INPUT -s " $1 " -j DROP "}' iptables -A INPUT -s 80.82.77.139 -j DROP iptables -A INPUT -s 80.82.77.33 -j DROP iptables -A INPUT -s 125.64.94.138 -j DROP iptables -A INPUT -s 185.142.236.35 -j DROP iptables -A INPUT -s 185.142.236.40 -j DROP iptables -A INPUT -s 185.142.236.43 -j DROP # zgrep ".well-known" /var/log/apache2/error.humhub.log.*gz | sed 's/:/ /g' | awk '{print $14}' | sort -n | uniq | awk '{print "iptables -A INPUT -s " $1 " -j DROP "}' > script_filter_scan_well-know.bash # echo "iptables-save > /etc/iptables/rules.v4" >> script_filter_scan_well-know.bash # chmod +x script_filter_scan_well-know.bash # ./script_filter_scan_well-know.bash
Et voila 6 nouvelles IP qui sont filtrés … quasiment tout venant des Pays-Bas …. Misère.