[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Attaques en tout genre

Je n'en ai pas beaucoup, 2 ou 3 chaque jour de mon côté.

Mais j'ai déjà pas mal fait le ménage ces temps derniers et
j'ai interdit pas mal d'adresses (de serveurs virtuels, en fait).

J'ai un rapport de 349 tentatives en échec (503) ce matin.

Le 18 déc. 13 à 10:24, andre_debian@numericable.fr a écrit :


Voici un récent rapport de "logwatch" de mon serveur :

"A total of 19 sites probed the server
    105.142.131.214
    105.146.3.191
    189.148.172.161
    198.74.231.14
    211.144.152.250
    218.87.32.245
    41.251.83.32
    62.23.193.34
    64.140.102.20
    78.250.60.157
    80.254.150.43
    80.254.158.60
    81.243.196.220
    81.64.252.125
    82.127.43.110
    88.171.25.53
    90.3.158.225
    90.35.56.101
    90.84.146.247"

Et ce message plus inquiétant :
" A total of 1 possible successful probes were detected (the following URLs 
 contain strings that match one or more of a listing of strings that
 indicate a possible exploit) :  null HTTP Response 302"

André

On Tuesday 17 December 2013 21:48:00 steve wrote:

Le 16-12-2013, à 22:14:20 +0100, André Debian a écrit :

On Monday 16 December 2013 21:41:09 nb wrote:

J'ai à peu près la même chose, avec les mêmes ip source.

/var/log/apache2/error.log:[Sun Dec 15 13:05:38.268946 2013]
[cgi:error] [pid 19838] [client 195.130.72.189:34087] malformed header 
from script 'php': Bad header: <b>Security Alert!</b> The PHP


ça doit être un script PHP <header .... > qui fait pas l'affaire ...


Et ça vient de partout :

/var/log/apache2# grep client error.log | grep Bad | awk '{print
$2,$3,$7,$8}' Dec 15 [client 46.182.111.182]
Dec 15 [client 46.182.111.182]
Dec 15 [client 200.217.64.150]
Dec 15 [client 200.217.64.150]
Dec 15 [client 46.28.107.211]
Dec 15 [client 46.28.107.211]
Dec 15 [client 195.246.16.33]
Dec 15 [client 195.246.16.33]
Dec 15 [client 199.181.113.126]
Dec 15 [client 199.181.113.126]
Dec 15 [client 107.20.169.255]
Dec 15 [client 107.20.169.255]
Dec 15 [client 31.210.106.39]
Dec 15 [client 89.136.120.205]
Dec 15 [client 89.136.120.205]
Dec 15 [client 31.210.106.39]
Dec 15 [client 112.125.125.113]
Dec 15 [client 112.125.125.113]
Dec 15 [client 212.86.21.238]
Dec 15 [client 212.86.21.238]
Dec 16 [client 31.210.106.39]
Dec 16 [client 54.235.249.209]
Dec 16 [client 54.235.249.209]
Dec 16 [client 195.62.168.113]
Dec 16 [client 195.62.168.113]
Dec 16 [client 201.216.248.178]
Dec 16 [client 201.216.248.179]
Dec 16 [client 107.20.180.238]
Dec 16 [client 107.20.180.238]
Dec 16 [client 31.210.106.39]
Dec 16 [client 89.136.120.205]
Dec 16 [client 31.210.106.39]
Dec 16 [client 72.167.113.216]
Dec 16 [client 72.167.113.216]
Dec 16 [client 31.210.106.39]
Dec 16 [client 65.77.64.30]
Dec 16 [client 65.77.64.30]
Dec 16 [client 82.94.238.2]
Dec 16 [client 82.94.238.2]
Dec 16 [client 82.94.238.2]
Dec 16 [client 82.94.238.2]
Dec 16 [client 182.48.191.174]
Dec 16 [client 182.48.191.174]
Dec 16 [client 82.100.48.6]
Dec 16 [client 82.100.48.6]
Dec 16 [client 31.210.106.39]
Dec 16 [client 89.136.120.205]
Dec 16 [client 72.167.113.216]
Dec 16 [client 72.167.113.216]
Dec 16 [client 31.210.106.39]
Dec 16 [client 31.210.106.39]
Dec 16 [client 89.136.120.205]
Dec 16 [client 75.101.183.156]
Dec 16 [client 75.101.183.156]
Dec 16 [client 192.151.144.234]
Dec 16 [client 72.167.113.216]
Dec 16 [client 72.167.113.216]
Dec 16 [client 31.210.106.39]
Dec 16 [client 46.10.158.43]
Dec 16 [client 46.10.158.43]
Dec 16 [client 192.151.144.234]
Dec 16 [client 31.210.106.39]
Dec 17 [client 192.151.144.234]
Dec 17 [client 64.251.23.220]
Dec 17 [client 64.251.23.220]
Dec 17 [client 50.56.234.109]
Dec 17 [client 50.56.234.109]
Dec 17 [client 87.252.248.44]
Dec 17 [client 87.252.248.44]
Dec 17 [client 195.145.53.226]
Dec 17 [client 195.145.53.226]
Dec 17 [client 77.247.215.168]
Dec 17 [client 77.247.215.168]
Dec 17 [client 187.53.208.44]
Dec 17 [client 187.53.208.44]
Dec 17 [client 203.202.248.130]
Dec 17 [client 203.202.248.130]
Dec 17 [client 50.17.216.179]
Dec 17 [client 50.17.216.179]
Dec 17 [client 103.5.5.27]
Dec 17 [client 103.5.5.27]
Dec 17 [client 62.63.52.41]
Dec 17 [client 62.63.52.41]
Dec 17 [client 58.210.133.244]
Dec 17 [client 58.210.133.244]
Dec 17 [client 112.199.87.92]
Dec 17 [client 112.199.87.92]
Dec 17 [client 50.19.80.107]
Dec 17 [client 50.19.80.107]
Dec 17 [client 89.136.120.205]
Dec 17 [client 31.210.106.39]
Dec 17 [client 72.167.113.216]
Dec 17 [client 72.167.113.216]
Dec 17 [client 92.63.96.106]
Dec 17 [client 92.63.96.106]
Dec 17 [client 203.172.161.8]
Dec 17 [client 203.172.161.8]
Dec 17 [client 31.210.106.39]
Dec 17 [client 89.136.120.205]


--
Lisez la FAQ de la liste avant de poser une question :
http://wiki.debian.org/fr/FrenchLists
Pour vous DESABONNER, envoyez un message avec comme objet "unsubscribe" 
vers debian-user-french-REQUEST@lists.debian.org
En cas de soucis, contactez EN ANGLAIS listmaster@lists.debian.org
Archive: http://lists.debian.org/ [🔎] 201312181024.50064.andre_debian@numericable.fr
Reply to: