J’ai pu voir pas mal de scan :
# zgrep "MJ12bot" /var/log/apache2/access.*.gz | sed 's/:/ /g' | awk '{print $2 " " $11}' | sort -n | uniq
95.91.75.28 /index.php?r=user/auth/login
95.91.75.28 /index.php?r=user/password-recovery
95.91.75.28 /robots.txt
95.91.75.28 /user/auth/login
144.76.137.254 /dashboard
144.76.137.254 /index.php?r=dashboard/dashboard
144.76.137.254 /robots.txt
144.76.137.254 /user/auth/login
144.76.137.254 /user/password-recovery
192.151.157.210 /
192.151.157.210 /robots.txt
192.151.157.210 /user/auth/login
J’ai donc supprimé les IP:
# iptables -A INPUT -s 144.76.137.254 -j DROP # iptables -A INPUT -s 192.151.157.210 -j DRO # iptables -A INPUT -s 95.91.75.28 -j DROP # iptables -A INPUT -s 5.9.138.189 -j DROP # /usr/sbin/iptables-save > /etc/iptables/rules.v4
A suivre.
| IP Address | Country | Region | City |
|---|---|---|---|
| 144.76.137.254 | Germany  |
Bayern | Nuremberg |
| ISP | Organization | Latitude | Longitude |
| Hetzner Online AG | Not Available | 49.4478 | 11.0683 |
| IP Address | Country | Region | City |
|---|---|---|---|
| 192.151.157.210 | United States of America  |
Missouri | Kansas City |
| ISP | Organization | Latitude | Longitude |
| Jacob Beneke | Not Available | 39.1478 | -94.5689 |
| IP Address | Country | Region | City |
|---|---|---|---|
| 95.91.75.28 | Germany |
Thuringen | Muhlhausen |
| ISP | Organization | Latitude | Longitude |
| Vodafone Deutschland GmbH | Not Available | 51.2090 | 10.4528 |