SPAM
Publié : ven. 8 août 2014 12:08
3 par spamhaus XBL
0 par spamhaus SBL
1 par spamhaus PBL
tu met zen directement ou chaque liste séparée ?
0 par spamhaus SBL
1 par spamhaus PBL
tu met zen directement ou chaque liste séparée ?
quand on pense a la BP bouffée sur les connexions WAN vers le FAI et tout le traffic routé pour rien sur internet
Code : Tout sélectionner
194-208-190-144.tele.net - - [21/Jul/2014:12:11:29 +0200] "POST /cgi-bin/php5?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%22%79%65%73%22+%2D%64+%63%67%69%2E%66%69%78%5F%70%61%74%68%69%6E%66%6F%3D%31+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E HTTP/1.1" [#FF0E00]404[/#FF0E00] 325 "-" [#0EFF00]"I'm a mu mu mu ?"[/#0EFF00]
194-208-190-144.tele.net - - [21/Jul/2014:12:11:29 +0200] "POST /cgi-bin/php-cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%22%79%65%73%22+%2D%64+%63%67%69%2E%66%69%78%5F%70%61%74%68%69%6E%66%6F%3D%31+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E HTTP/1.1" [#FF0E00]404[/#FF0E00] 328 "-" "I'm a mu mu mu ?"
194-208-190-144.tele.net - - [21/Jul/2014:12:11:29 +0200] "POST /cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%22%79%65%73%22+%2D%64+%63%67%69%2E%66%69%78%5F%70%61%74%68%69%6E%66%6F%3D%31+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E HTTP/1.1" [#FF0E00]404[/#FF0E00] 324 "-" "I'm a mu mu mu ?"
194-208-190-144.tele.net - - [21/Jul/2014:12:11:30 +0200] "POST /cgi-bin/php.cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%22%79%65%73%22+%2D%64+%63%67%69%2E%66%69%78%5F%70%61%74%68%69%6E%66%6F%3D%31+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E HTTP/1.1" [#FF0E00]404[/#FF0E00] 328 "-" "I'm a mu mu mu ?"
194-208-190-144.tele.net - - [21/Jul/2014:12:11:30 +0200] "POST /cgi-bin/php4?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%22%79%65%73%22+%2D%64+%63%67%69%2E%66%69%78%5F%70%61%74%68%69%6E%66%6F%3D%31+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E HTTP/1.1" [#FF0E00]404[/#FF0E00] 325 "-" "I'm a mu mu mu ?"
194-208-190-144.tele.net - - [21/Jul/2014:12:11:30 +0200] "POST /cgi-bin/php5-cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%22%79%65%73%22+%2D%64+%63%67%69%2E%66%69%78%5F%70%61%74%68%69%6E%66%6F%3D%31+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E HTTP/1.1" [#FF0E00]404[/#FF0E00] 329 "-" "I'm a mu mu mu ?"
194-208-190-144.tele.net - - [21/Jul/2014:12:11:30 +0200] "POST /cgi-bin/php4-cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%22%79%65%73%22+%2D%64+%63%67%69%2E%66%69%78%5F%70%61%74%68%69%6E%66%6F%3D%31+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E HTTP/1.1" [#FF0E00]404[/#FF0E00] 329 "-" "I'm a mu mu mu ?"
194-208-190-144.tele.net - - [21/Jul/2014:12:11:30 +0200] "POST /cgi-bin/php5.cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%22%79%65%73%22+%2D%64+%63%67%69%2E%66%69%78%5F%70%61%74%68%69%6E%66%6F%3D%31+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E HTTP/1.1" [#FF0E00]404[/#FF0E00] 329 "-" "I'm a mu mu mu ?"
194-208-190-144.tele.net - - [21/Jul/2014:12:11:30 +0200] "POST /cgi-bin/php4.cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%22%79%65%73%22+%2D%64+%63%67%69%2E%66%69%78%5F%70%61%74%68%69%6E%66%6F%3D%31+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E HTTP/1.1" [#FF0E00]404[/#FF0E00] 329 "-" "I'm a mu mu mu ?"
194-208-190-144.tele.net - - [21/Jul/2014:12:11:30 +0200] "POST /cgi-bin/php52.cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%22%79%65%73%22+%2D%64+%63%67%69%2E%66%69%78%5F%70%61%74%68%69%6E%66%6F%3D%31+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E HTTP/1.1" [#FF0E00]404[/#FF0E00] 330 "-" "I'm a mu mu mu ?"
194-208-190-144.tele.net - - [21/Jul/2014:12:11:33 +0200] "POST /cgi-bin/php53.cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%22%79%65%73%22+%2D%64+%63%67%69%2E%66%69%78%5F%70%61%74%68%69%6E%66%6F%3D%31+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E HTTP/1.1" [#FF0E00]404[/#FF0E00] 330 "-" "I'm a mu mu mu ?"
194-208-190-144.tele.net - - [21/Jul/2014:12:11:33 +0200] "POST /cgi-bin/?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%22%79%65%73%22+%2D%64+%63%67%69%2E%66%69%78%5F%70%61%74%68%69%6E%66%6F%3D%31+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E HTTP/1.1" [#FF0E00]403[/#FF0E00] 325 "-" "I'm a mu mu mu ?"
194-208-190-144.tele.net - - [21/Jul/2014:12:11:36 +0200] "POST /cgi-sys/php-cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%22%79%65%73%22+%2D%64+%63%67%69%2E%66%69%78%5F%70%61%74%68%69%6E%66%6F%3D%31+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E HTTP/1.1" [#FF0E00]404[/#FF0E00] 328 "-" "I'm a mu mu mu ?"
194-208-190-144.tele.net - - [21/Jul/2014:12:11:37 +0200] "POST /?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%22%79%65%73%22+%2D%64+%63%67%69%2E%66%69%78%5F%70%61%74%68%69%6E%66%6F%3D%31+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E HTTP/1.1" 200 53 "-" "I'm a mu mu mu ?"
194-208-190-144.tele.net - - [21/Jul/2014:12:11:40 +0200] "POST /cgi-bin/php5.cgi-20120725_by_SAKUR?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%22%79%65%73%22+%2D%64+%63%67%69%2E%66%69%78%5F%70%61%74%68%69%6E%66%6F%3D%31+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E HTTP/1.1" [#FF0E00]404[/#FF0E00] 347 "-" "I'm a mu mu mu ?"
194-208-190-144.tele.net - - [21/Jul/2014:12:11:40 +0200] "POST /cgi-bin/info.php?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%22%79%65%73%22+%2D%64+%63%67%69%2E%66%69%78%5F%70%61%74%68%69%6E%66%6F%3D%31+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E HTTP/1.1" [#FF0E00]404[/#FF0E00] 329 "-" "I'm a mu mu mu ?"
research-scanner-142c5a17.internetscanningproject.org - - [21/Jul/2014:13:38:28 +0200] "GET / HTTP/1.0" 200 53 "-" "research-scanner/1.0 (www.internetscanningproject.org)"
85.114.150.52 - - [26/Jul/2014:00:25:58 +0200] "GET // HTTP/1.1" 200 53 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
85.114.150.52 - - [26/Jul/2014:00:26:03 +0200] "GET //horde/ HTTP/1.1" 404 319 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
85.114.150.52 - - [26/Jul/2014:00:26:08 +0200] "GET //imp/ HTTP/1.1" 404 317 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
85.114.150.52 - - [26/Jul/2014:00:26:12 +0200] "GET //horde/imp/ HTTP/1.1" 404 323 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
85.114.150.52 - - [26/Jul/2014:00:26:17 +0200] "GET //webmail/ HTTP/1.1" 200 237 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
85.114.150.52 - - [26/Jul/2014:00:26:22 +0200] "GET //mail/ HTTP/1.1" 200 237 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
85.114.150.52 - - [26/Jul/2014:00:26:26 +0200] "GET //email/ HTTP/1.1" 404 319 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
85.114.150.52 - - [26/Jul/2014:00:26:31 +0200] "GET //horde-webmail/ HTTP/1.1" 404 327 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
85.114.150.52 - - [26/Jul/2014:00:26:36 +0200] "GET //horde/mimp/ HTTP/1.1" 404 324 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
85.114.150.52 - - [26/Jul/2014:00:26:40 +0200] "GET //mimp/ HTTP/1.1" 404 318 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
research-scanner-142c5a17.internetscanningproject.org - - [26/Jul/2014:01:19:55 +0200] "GET / HTTP/1.0" 200 53 "-" "research-scanner/1.0 (www.internetscanningproject.org)"
ip28.hichina.com - - [30/Jul/2014:10:56:45 +0200] "GET http://hotel.qunar.com/render/hoteldiv.jsp?&__jscallback=XQScript_4 HTTP/1.1" 404 336 "http://hotel.qunar.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36"
1-163-198-179.dynamic.hinet.net - - [30/Jul/2014:11:32:51 +0200] "CONNECT mx0.mail2000.com.tw:25 HTTP/1.0" 405 358 "-" "-"
80.82.64.215 - - [30/Jul/2014:14:14:59 +0200] "GET // HTTP/1.1" 200 53 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
80.82.64.215 - - [30/Jul/2014:14:15:04 +0200] "GET //install/ HTTP/1.1" 404 321 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
80.82.64.215 - - [30/Jul/2014:14:15:08 +0200] "GET //webcalendar/install/ HTTP/1.1" 404 333 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
80.82.64.215 - - [30/Jul/2014:14:15:13 +0200] "GET //calendar/install/ HTTP/1.1" 404 330 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
80.82.64.215 - - [30/Jul/2014:14:15:17 +0200] "GET //WebCalendar/install/ HTTP/1.1" 404 333 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
80.82.64.215 - - [30/Jul/2014:14:15:22 +0200] "GET //Calendar/install/ HTTP/1.1" 404 330 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
80.82.64.215 - - [30/Jul/2014:14:15:27 +0200] "GET //web/install/ HTTP/1.1" 404 325 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
80.82.64.215 - - [30/Jul/2014:14:15:31 +0200] "GET //wc/install/ HTTP/1.1" 404 324 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
80.82.64.215 - - [30/Jul/2014:14:15:36 +0200] "GET //w6/install/ HTTP/1.1" 404 324 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
80.82.64.215 - - [30/Jul/2014:14:15:41 +0200] "GET //webc/install/ HTTP/1.1" 404 326 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
80.82.64.215 - - [30/Jul/2014:14:15:45 +0200] "GET //wcalendar/install/ HTTP/1.1" 404 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
80.82.64.215 - - [30/Jul/2014:14:15:50 +0200] "GET / HTTP/1.1" 200 53 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
200-50-124-253.static.tie.cl - - [04/Aug/2014:21:44:59 +0200] "\x80w\x01\x03\x01" 501 340 "-" "-"
200-50-124-253.static.tie.cl - - [04/Aug/2014:21:45:00 +0200] "GET /HNAP1/ HTTP/1.1" 404 319 "http://89.82.81.60/" "Mozilla/5.0 (compatible; Konqueror/2.2.2; Linux 2.4.14-xfs; X11; i686)"
cpe-98-27-146-48.neo.res.rr.com - - [05/Aug/2014:02:38:25 +0200] "\x80w\x01\x03\x01" 501 340 "-" "-"
cpe-98-27-146-48.neo.res.rr.com - - [05/Aug/2014:02:38:25 +0200] "GET /HNAP1/ HTTP/1.1" 404 319 "http://89.82.81.60/" "Mozilla/5.0 (compatible; SnapPreviewBot; en-US; rv:1.8.0.9) Gecko/20061206 Firefox/1.5.0.9"
93.174.95.55 - - [05/Aug/2014:05:03:40 +0200] "HEAD / HTTP/1.0" 200 - "-" "-"
ec2-54-77-55-105.eu-west-1.compute.amazonaws.com - - [05/Aug/2014:06:20:47 +0200] "GET / HTTP/1.1" 200 53 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.2)"
min31-2-82-226-20-186.fbx.proxad.net - - [05/Aug/2014:07:49:39 +0200]
112.124.57.86 - - [07/Aug/2014:10:55:21 +0200] "GET http://hotel.qunar.com/render/hoteldiv.jsp?&__jscallback=XQScript_4 HTTP/1.1" 404 336 "http://hotel.qunar.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36"
census3.shodan.io - - [07/Aug/2014:11:31:42 +0200] "GET / HTTP/1.1" 200 53 "-" "-"
wsip-70-168-119-3.ks.ks.cox.net - - [07/Aug/2014:21:39:34 +0200] "\x80w\x01\x03\x01" 501 340 "-" "-"
wsip-70-168-119-3.ks.ks.cox.net - - [07/Aug/2014:21:39:34 +0200] "GET /HNAP1/ HTTP/1.1" 404 319 "http://89.82.81.60/" "Mozilla/2.0 (compatible; MSIE 3.0B; Win32)"
moi il s'agit d'un Apache sur Windows :/ça s'adresse aux utilisateurs de RDP (terminal server), IIS (toutes version,
tu modifie le script qui au lieu de parser les logs du FTP va parser les logs de ton apache0/ obiwan kenobi ????
ça s'adresse aux utilisateurs de RDP (terminal server), IIS (toutes version, il suffit de lui faire ecrire des logs au bon format)
sur le principe vous pouvez adapter pour aller piocher dans les logs de n'importe quelle appli pour recuperer les IP indesirables
...
7/ personalisation
comme je le disais au début, vous pouvez personnaliser pour récupérer des logs de n'importe quoi d'autre, du moment que vous avez moyen d'avoir l'IP.
sur le même principe que pour les logs du FTP, il faut ajouter dans le fichier listIP.txt toutes les occurrences des IP qui font des erreurs. le script va ensuite parcourir ce fichier pour compter combien de fois les IP apparaissent et va déterminer ou non si on la blackliste.
a ajouter juste après la partie FTP, avant comptage
ho mince, je n'étais pas frais après la journée de travail dsl et encore merci.et ??? faut TOUT lire
3/ le script
[cpp]@echo off
[#ff0000]q:
cd \[/#ff0000]
set PATH=[#ff0000]"D:\_ utils\utils serveur\unixutils\"[/#ff0000];%PATH%
echo recuperartion de l'eventlog avec ce qui nous interesse (event ID 529 securité pour RDP)
[#ff0000]"D:\_ utils\utils serveur\pstools\psloglist"[/#ff0000] -i 529 -s security > logonfailure.txt
echo on récupere la liste des IP ou ces evenements apparaissent (RDP toujours)
sed "s/ /,/g" logonfailure.txt | grep "Logon Type: 10" | cut -d"," -f23 | cut -d" " -f4 > listIP.txt
echo on recupere les IP provoquant des erreurs 530 dans les logs ftp
grep "PASS - 530" [#ff0000]"Q:\WEB - FTP\log\MSFTPSVC1\ex%DATE:~8,2%%DATE:~3,2%%DATE:~0,2%.log[/#ff0000]" | cut -d" " [#ff0000]-f2[/#ff0000] >> listIP.txt
del /Q listIP2.txt
echo On compte combien de fois on voit chaque IP
for /F %%i in ('sort -u listIP.txt ^| grep -v "0.0.0.0"') do (
grep %%i listIP.txt | wc -l | xargs echo %%i >> listIP2.txt
)
echo on teste si ça apparait plus de X fois si oui, on test si deja présent et on ajoute a la blacklist
set [#00ff00]Limit=10[/#00ff00]
for /F "tokens=1,2,3 delims=; " %%i in (listIP2.txt) do (
echo IP %%i Occurences %%j Limite %Limit%
if %%j GTR %Limit% (
echo %%i depasse la limite
netsh ipsec static show filterlist name="New IP Filter List" level=verbose | grep %%i | wc -l > tmp.txt
for /F %%n in (tmp.txt) do (
if %%n EQU 1 (
echo existe deja, on ne fait rien
) ELSE (
echo n'existe pas encore, on ajoute
netsh ipsec static add filter filterlist="New IP Filter List" srcaddr=me dstaddr=%%i protocol=ANY mirrored=YES srcmask=255.255.255.255 dstmask=255.255.255.255
)
)
) ELSE (echo %%i ne depasse pas la limite)
echo .
)
DEL /Q tmp.txt[/cpp]
Code : Tout sélectionner
root@mail:/home/xxx# fail2ban-client status ssh
Status for the jail: ssh
|- filter
| |- File list: /var/log/auth.log
| |- Currently failed: 11
| `- Total failed: 1002
`- action
|- Currently banned: 77
| `- IP list: 116.10.191.195 61.174.51.198 116.10.191.174 60.173.8.117 60.173.8.66 116.10.191.198 122.225.103.125 116.10.191.188 222.186.50.61 116.10.191.186 222.186.51.150 222.186.50.229 116.10.191.224 202.109.143.53 62.149.5.16 116.10.191.220 116.10.191.182 202.109.143.111 61.174.51.231 202.109.143.20 61.174.51.204 61.153.105.107 116.10.191.214 61.174.51.206 116.10.191.204 222.186.55.215 212.129.42.215 212.83.133.170 85.17.30.160 61.174.51.232 61.174.51.227 61.174.51.200 123.255.250.5 1.93.30.186 119.147.251.150 222.163.192.149 115.238.236.93 116.10.191.170 62.210.131.208 116.10.191.168 177.139.163.248 116.10.191.172 116.10.191.236 124.207.128.14 1.93.29.78 116.10.191.203 61.174.51.217 61.174.51.221 61.174.51.202 116.10.191.208 60.173.12.77 61.174.51.209 144.0.0.34 189.203.240.64 189.203.240.82 60.173.26.134 116.10.191.187 116.10.191.183 116.10.191.179 116.10.191.225 61.174.51.216 61.133.211.118 116.10.191.180 61.174.50.163 1.93.29.79 148.251.129.177 128.6.226.98 116.10.191.162 5.61.8.9 222.163.192.154 116.10.191.235 108.49.207.30 116.10.191.165 61.174.51.211 180.97.28.240 61.174.51.214 116.10.191.229
`- Total banned: 129
root@mail:/home/xxx#
faut mettre un système qui les reset tout les X mois, vu comment les adresses IP tournent en ce moment...c'est du ban temporaire ou définitif? car sinon ca va exploser
Code : Tout sélectionner
root@mail:/home/xxx# fail2ban-client status ssh
Status for the jail: ssh
|- filter
| |- File list: /var/log/auth.log
| |- Currently failed: 8
| `- Total failed: 2904
`- action
|- Currently banned: 102
| `- IP list: 61.174.51.226 116.10.191.216 122.225.109.204 61.174.51.199 60.173.9.183 116.10.191.195 222.186.57.122 62.63.195.50 116.10.191.182 122.225.109.221 116.10.191.229 116.10.191.213 220.170.88.254 116.10.191.175 116.10.191.178 116.10.191.162 122.225.109.222 11 6.10.191.222 222.186.34.118 222.187.221.152 222.186.34.115 222.186.34.116 115.239.248.85 222.186.50.229 222.186.34.121 222.187.220.246 220. 177.198.28 117.21.225.178 115.239.248.53 222.186.34.114 111.74.238.155 222.186.34.122 123.157.150.48 115.239.248.48 115.239.248.54 202.109. 143.111 183.57.57.200 183.57.57.147 183.57.57.161 222.186.34.123 183.57.57.247 183.57.57.163 222.186.34.119 202.109.143.35 222.186.34.117 6 1.174.49.116 222.186.34.120 178.151.149.2 119.15.156.221 116.10.191.179 61.174.51.206 116.10.191.188 116.10.191.220 116.10.191.223 61.174.5 1.216 194.177.237.210 116.10.191.237 89.152.38.116 122.225.109.202 116.10.191.214 116.10.191.218 116.10.191.200 116.10.191.163 61.174.51.20 9 222.191.249.132 116.10.191.186 60.173.11.45 116.10.191.174 122.225.109.214 91.203.71.141 61.174.51.224 195.230.113.7 122.225.109.209 116. 10.191.165 116.10.191.164 122.225.109.213 222.186.24.174 116.10.191.219 122.225.109.101 61.174.51.234 122.225.109.208 61.174.51.207 61.174. 51.202 61.174.51.225 122.225.109.218 116.10.191.206 222.186.27.117 119.147.251.150 58.241.61.162 61.167.49.138 116.10.191.185 89.151.129.94 116.10.191.202 116.10.191.236 122.225.109.195 222.163.192.157 61.174.49.67 122.225.109.199 61.174.51.223 60.169.80.113 60.173.10.67 61.153 .105.74
`- Total banned: 372