Re: Authentification failure
Bonjour,
J’observe cela depuis plusieurs années. au départ les bot chinois qui
sont très actifs puis d'autres.
Chez GuppY (CMS) nous avons préconisé l'utilisation de blocage de plages
IP dans le .htaccess à la racine des sites hébergés en mutualisé et nous
utilisons iptables sur nos serveurs
Exemple pour les htaccess à la racine des sites :
<Files *>
<RequireAll>
Require all granted
# Cambodia (KH)
Require not ip 114.134.184.0/21
# Chinese (CN) IP addresses follow (split into two lines on 7/6/17 to
avoid possible Server 500 due to excess line length):
Require not ip 1.24.0.0/13 1.48.0.0/15 1.50.0.0/16 1.56.0.0/13
1.68.0.0/14 1.80.0.0/13 1.92.0.0/14 1.180.0.0/14 1.188.0.0/14
1.192.0.0/13 1.202.0.0/15 1.204.0.0/14 14.16.0.0/12 14.104.0.0/13
14.112.0.0/12 14.134.0.0/15 14.144.0.0/12 14.204.0.0/15 14.208.0.0/12
23.80.54.0/24 23.104.141.0/24 23.105.14.0/24 23.226.208.0/24 27.8.0.0/13
27.16.0.0/12 27.36.0.0/14 27.40.0.0/13 27.50.128.0/17 27.54.192.0/18
27.106.128.0/18 27.115.0.0/17 27.148.0.0/14 27.152.0.0/13 27.184.0.0/13
27.192.0.0/11 27.224.0.0/14 36.1.0.0/16 36.4.0.0/14 36.26.0.0/16
36.32.0.0/14 36.36.0.0/16 36.40.0.0/13 36.48.0.0/15 36.56.0.0/13
36.96.0.0/11 36.128.0.0/11 36.248.0.0/14 39.64.0.0/11 39.128.0.0/10
42.4.0.0/14 42.48.0.0/15 42.52.0.0/14 42.56.0.0/14 42.84.0.0/14
42.88.0.0/13 42.96.128.0/17 42.100.0.0/14 42.120.0.0/14 42.156.0.0/16
42.176.0.0/13 42.185.0.0/16 42.202.0.0/15 42.224.0.0/12 42.242.0.0/15
42.248.0.0/15 43.255.0.0/20 43.255.16.0/22 43.255.48.0/22 43.255.60.0/22
43.255.64.0/20 43.255.96.0/20 43.255.144.0/22 43.255.168.0/22
43.255.176.0/22 43.255.184.0/22 43.255.192.0/22 43.255.200.0/21
43.255.208.0/21 43.255.224.0/21 43.255.232.0/22 43.255.244.0/22
47.88.0.0/14 47.92.0.0/14 49.5.0.0/16 49.64.0.0/11 49.112.0.0/13
54.222.0.0/15 58.16.0.0/14 58.20.0.0/16 58.21.0.0/16 58.22.0.0/15
58.34.0.0/16 58.37.0.0/16 58.38.0.0/16 58.40.0.0/16 58.42.0.0/16
58.44.0.0/14 58.48.0.0/13 58.56.0.0/14 58.60.0.0/14 58.68.128.0/17
58.82.0.0/15 58.100.0.0/15 58.116.0.0/14 58.128.0.0/13 58.208.0.0/12
58.240.0.0/13 58.248.0.0/13 59.32.0.0/12 59.48.0.0/14 59.52.0.0/14
59.56.0.0/13 59.72.0.0/16 59.108.0.0/15 59.172.0.0/14 60.0.0.0/12
60.11.0.0/16 60.12.0.0/14 60.16.0.0/13 60.24.0.0/13 60.160.0.0/11
60.194.0.0/15 60.205.0.0/16 60.208.0.0/12 60.253.128.0/17 61.4.64.0/20
61.4.80.0/22 61.4.176.0/20 61.48.0.0/13 61.128.0.0/10 61.135.0.0/16
61.136.0.0/18 61.139.0.0/16 61.145.73.208/28 61.147.0.0/16 61.150.0.0/16
61.152.0.0/16 61.154.0.0/16 61.160.0.0/16 61.162.0.0/15 61.164.0.0/16
61.172.0.0/15 61.175.0.0/16 61.177.0.0/16 61.179.0.0/16 61.183.0.0/16
61.184.0.0/16 61.185.219.232/29 61.187.0.0/16 61.188.0.0/16
61.232.0.0/14 61.236.0.0/15 61.240.0.0/14
Etc
__________________________________________________________________________
pour iptables :
iptables -I INPUT 1 -s 212.83.144.0/20 -j DROP
iptables -I INPUT 1 -s 118.200.0.0/16 -j DROP
iptables -I INPUT 1 -s 207.46.0.0/16 -j DROP
iptables -I INPUT 1 -s 54.254.0.0/16 -j DROP
iptables -I INPUT 1 -s 91.224.160.0/23 -j DROP
iptables -I INPUT 1 -s 175.100.144.0/20 -j DROP
iptables -I INPUT 1 -s 134.212.0.0/15 -j DROP
iptables -I INPUT 1 -s 134.214.0.0/16 -j DROP
iptables -I INPUT 1 -s 190.255.176.88/29 -j DROP
iptables -I INPUT 1 -s 118.70.176.0/20 -j DROP
iptables -I INPUT 1 -s 195.154.0.0/17 -j DROP
iptables -I INPUT 1 -s 91.200.12.0/22 -j DROP
iptables-save -c > /etc/iptables-save
Etc
Amicalement,
Jean alias JeandePeyrat
https://www.freeguppy.org/
https://asso.freeguppy.org/
https://www.anacr-correze.fr/
https://Beaucoup d'autres !
Le 05/06/2019 à 08:32, steve a écrit :
Salut à tous,
Depuis une dizaine de jours, j'observe une augmentation massive de scans
sur ma machine.
sshd:
Authentication Failures:
unknown (115.159.235.17): 100 Time(s)
unknown (153.37.192.4): 99 Time(s)
unknown (183.103.146.208): 99 Time(s)
unknown (190.0.159.69): 99 Time(s)
unknown (106.13.103.204): 98 Time(s)
unknown (109.86.200.141): 98 Time(s)
unknown (94.23.62.187): 98 Time(s)
unknown (45.127.106.51): 96 Time(s)
unknown (103.202.132.175): 95 Time(s)
unknown (217.182.95.16): 95 Time(s)
unknown (47.74.150.153): 95 Time(s)
unknown (220.168.86.37): 87 Time(s)
unknown (122.155.223.31): 73 Time(s)
unknown (190.111.239.48): 70 Time(s)
unknown (188.166.31.205): 56 Time(s)
unknown (47.254.158.221): 48 Time(s)
unknown (51.15.117.94): 47 Time(s)
unknown (142.93.237.233): 34 Time(s)
unknown (223.83.155.77): 16 Time(s)
unknown (41.77.145.34): 13 Time(s)
unknown (118.24.99.163): 12 Time(s)
unknown (46.190.57.82): 9 Time(s)
unknown (89.79.197.61): 9 Time(s)
unknown (115.159.30.108): 8 Time(s)
backup (188.166.31.205): 2 Time(s)
root (104.236.102.16): 2 Time(s)
root (223.17.237.138): 2 Time(s)
unknown (128.199.221.18): 2 Time(s)
backup (103.202.132.175): 1 Time(s)
backup (47.254.158.221): 1 Time(s)
backup (47.74.150.153): 1 Time(s)
daemon (45.127.106.51): 1 Time(s)
backup (188.166.31.205): 2 Time(s)
root (104.236.102.16): 2 Time(s)
root (223.17.237.138): 2 Time(s)
unknown (128.199.221.18): 2 Time(s)
backup (103.202.132.175): 1 Time(s)
backup (47.254.158.221): 1 Time(s)
backup (47.74.150.153): 1 Time(s)
daemon (45.127.106.51): 1 Time(s)
games (103.202.132.175): 1 Time(s)
games (188.166.31.205): 1 Time(s)
games (94.23.62.187): 1 Time(s)
gnats (159.65.144.233): 1 Time(s)
gnats (190.111.239.48): 1 Time(s)
gnats (45.127.106.51): 1 Time(s)
hplip (103.202.132.175): 1 Time(s)
irc (106.13.103.204): 1 Time(s)
irc (217.182.95.16): 1 Time(s)
irc (41.77.145.34): 1 Time(s)
irc (47.74.150.153): 1 Time(s)
list (47.254.158.221): 1 Time(s)
lp (217.182.95.16): 1 Time(s)
mail (103.202.132.175): 1 Time(s)
man (115.159.30.108): 1 Time(s)
man (153.37.192.4): 1 Time(s)
man (47.74.150.153): 1 Time(s)
mysql (109.86.200.141): 1 Time(s)
mysql (153.37.192.4): 1 Time(s)
mysql (190.111.239.48): 1 Time(s)
mysql (202.88.241.107): 1 Time(s)
mysql (45.127.106.51): 1 Time(s)
mysql (51.15.117.94): 1 Time(s)
mysql (81.133.216.92): 1 Time(s)
mysql (94.23.62.187): 1 Time(s)
news (190.0.159.69): 1 Time(s)
news (47.74.150.153): 1 Time(s)
nobody (118.25.221.166): 1 Time(s)
nobody (217.182.95.16): 1 Time(s)
plex (217.182.95.16): 1 Time(s)
proxy (103.202.132.175): 1 Time(s)
proxy (47.74.150.153): 1 Time(s)
root (104.248.211.180): 1 Time(s)
root (105.235.116.254): 1 Time(s)
Invalid Users:
Unknown Account: 1610 Time(s)
Je me demandais si vous observiez la même chose.
Merci
Steve
---
L'absence de virus dans ce courrier électronique a été vérifiée par le logiciel antivirus Avast.
https://www.avast.com/antivirus
Reply to: