Bleibt der wirklich draussen, wenn ich folgende Rule absetze?
Code: Select all
iptables -A INPUT -t filter -p all -s 61.96.181.128/255.0.0.0 -j REJECT
Code: Select all
iptables -A INPUT -t filter -p all -s 61.96.181.128/255.0.0.0 -j REJECT
Code: Select all
iptables -A INPUT -t filter -p all -s 61.96.181.0/255.0.0.0 -j REJECT
Ja, genau das ist das Problemtuxyso wrote: wird er auch von einer anderen IP angreifen.
ich würde mich eher mal wieder dieser frage zuwenden.tuxyso wrote: Was tut denn dieser Angreifer ganz konkret so schlimmes? Dann wäre es vielleicht besser, das Problem an der Wurzel zu bekämpfen, sprich Spam Filter und sichere Firewall Rules, die es Hackern schwierig machen.
Zum einen das, zu den Vorschlägen des "an den Pranger" stellens : habt ihr schon mal daran gedacht, dass der Rechner, von dem die "Angriffe" ausgehen vielleicht auch geknackt sein könnte ?P.S.: paar logauszüge vielleicht damit man weiß was du genau meinst ?
Code: Select all
inetnum: 61.96.181.128 - 61.96.181.191
netname: DREAMX-LLINE-MFTRAINING-KR
descr: MFTRAINING
descr: 201, Hwasan building, 31-12, Jamwon-dong, Seocho-gu
descr: SEOUL
descr: 137-030
country: KR
admin-c: JM13-KR
tech-c: JM14-KR
remarks: This IP address space has been allocated to KRNIC.
remarks: For more information, using KRNIC Whois Database
remarks: whois -h whois.nic.or.kr
mnt-by: MNT-KRNIC-AP
remarks: This information has been partially mirrored by APNIC from
remarks: KRNIC. To obtain more specific information, please use the
remarks: KRNIC whois server at whois.krnic.net.
changed: hostmaster@nic.or.kr 20030714
source: KRNIC
Code: Select all
[Tue Jul 29 00:15:37 2003] [error] [client 61.96.181.132] Invalid URI in request GET /../../../../etc/hosts HTTP/1.0
[Tue Jul 29 00:15:37 2003] [error] [client 61.96.181.132] File does not exist: /var/www/confixx/html/.access
[error] [client 61.96.181.132] File does not exist: /var/www/confixx/html/.passwd
[Tue Jul 29 00:15:41 2003] [error] [client 61.96.181.132] File does not exist: /bin/public_html
[Tue Jul 29 00:15:41 2003] [error] [client 61.96.181.132] File does not exist: /var/www/confixx/html/~ftp
[Tue Jul 29 00:15:42 2003] [error] [client 61.96.181.132] File does not exist: /var/www/confixx/html/~guest
[Tue Jul 29 00:15:42 2003] [error] [client 61.96.181.132] File does not exist: /var/www/confixx/html/~log
[Tue Jul 29 00:15:42 2003] [error] [client 61.96.181.132] File does not exist: /var/www/confixx/html/~logs
[Tue Jul 29 00:15:43 2003] [error] [client 61.96.181.132] File does not exist: /var/spool/lpd/public_html
[Tue Jul 29 00:15:43 2003] [error] [client 61.96.181.132] File does not exist: /var/www/confixx/html/~named
[Tue Jul 29 00:15:45 2003] [error] [client 61.96.181.132] File does not exist: /root/public_html
[Tue Jul 29 00:15:45 2003] [error] [client 61.96.181.132] File does not exist: /var/www/confixx/html/~test
[Tue Jul 29 00:15:45 2003] [error] [client 61.96.181.132] File does not exist: /var/www/confixx/html/~tmp
[Tue Jul 29 00:15:46 2003] [error] [client 61.96.181.132] File does not exist: /var/www/confixx/html/bb-dnbd/bb-hist.sh
[Tue Jul 29 00:15:46 2003] [error] [client 61.96.181.132] File does not exist: /var/www/confixx/html/bin
[Tue Jul 29 00:15:48 2003] [error] [client 61.96.181.132] File does not exist: /var/www/confixx/html/bin/jscripts/GneteFuncs.js
[Tue Jul 29 00:15:48 2003] [error] [client 61.96.181.132] File does not exist: /var/www/confixx/html/ccbill/secure/ccbill.log
[Tue Jul 29 00:15:49 2003] [error] [client 61.96.181.132] script not found or unable to stat: /var/www/confixx/html/cgi-bin/add_ftp.cgi
[Tue Jul 29 00:15:49 2003] [error] [client 61.96.181.132] script not found or unable to stat: /var/www/confixx/html/cgi-bin/Admin_files
[Tue Jul 29 00:15:49 2003] [error] [client 61.96.181.132] script not found or unable to stat: /var/www/confixx/html/cgi-bin/adp
[Tue Jul 29 00:15:51 2003] [error] [client 61.96.181.132] script not found or unable to stat: /var/www/confixx/html/cgi-bin/adpassword.txt
[Tue Jul 29 00:15:51 2003] [error] [client 61.96.181.132] script not found or unable to stat: /var/www/confixx/html/cgi-bin/ads.setup
[Tue Jul 29 00:15:52 2003] [error] [client 61.96.181.132] script not found or unable to stat: /var/www/confixx/html/cgi-bin/aglimpse
[Tue Jul 29 00:15:54 2003] [error] [client 61.96.181.132] File does not exist: /var/www/confixx/html/Cgi-Bin/aglimpse.cgi
Code: Select all
61.96.181.132 - - [29/Jul/2003:00:15:54 +0200] "GET /Cgi-Bin/alibaba.pl HTTP/1.0" 404 291 "-" "-"
61.96.181.132 - - [29/Jul/2003:00:15:54 +0200] "GET /cgi-bin/alibaba.pl HTTP/1.0" 404 291 "-" "-"
61.96.181.132 - - [29/Jul/2003:00:15:55 +0200] "GET /cgi-bin/alibaba.pl\dir HTTP/1.0" 404 295 "-" "-"
61.96.181.132 - - [29/Jul/2003:00:15:56 +0200] "GET /cgi-bin/allmanage.pl HTTP/1.0" 404 293 "-" "-"
61.96.181.132 - - [29/Jul/2003:00:15:56 +0200] "GET /cgi-bin/allmanage/adp HTTP/1.0" 404 294 "-" "-"
61.96.181.132 - - [29/Jul/2003:00:15:56 +0200] "GET /cgi-bin/allmanage/k HTTP/1.0" 404 292 "-" "-"
61.96.181.132 - - [29/Jul/2003:00:15:57 +0200] "GET /cgi-bin/allmanage/settings.cfg HTTP/1.0" 404 303 "-" "-"
61.96.181.132 - - [29/Jul/2003:00:15:57 +0200] "GET /cgi-bin/allmanage/userfile.dat HTTP/1.0" 404 303 "-" "-"
61.96.181.132 - - [29/Jul/2003:00:15:57 +0200] "GET /cgi-bin/allmanageup.pl HTTP/1.0" 404 295 "-" "-"
61.96.181.132 - - [29/Jul/2003:00:15:58 +0200] "GET /cgi-bin/AnyBoard.cgi HTTP/1.0" 404 293 "-" "-"
61.96.181.132 - - [29/Jul/2003:00:15:58 +0200] "GET /cgi-bin/anyboard.cgi HTTP/1.0" 404 293 "-" "-"
61.96.181.132 - - [29/Jul/2003:00:15:59 +0200] "GET /cgi-bin/AnyForm HTTP/1.0" 404 288 "-" "-"
61.96.181.132 - - [29/Jul/2003:00:15:59 +0200] "GET /cgi-bin/AnyForm.cgi HTTP/1.0" 404 292 "-" "-"
61.96.181.132 - - [29/Jul/2003:00:16:00 +0200] "GET /cgi-bin/AnyForm2 HTTP/1.0" 404 289 "-" "-"
61.96.181.132 - - [29/Jul/2003:00:16:00 +0200] "GET /cgi-bin/archie HTTP/1.0" 404 287 "-" "-"
61.96.181.132 - - [29/Jul/2003:00:16:00 +0200] "GET /cgi-bin/architext_query.pl HTTP/1.0" 404 299 "-" "-"
61.96.181.132 - - [29/Jul/2003:00:16:00 +0200] "GET /cgi-bin/ash HTTP/1.0" 404 284 "-" "-"
61.96.181.132 - - [29/Jul/2003:00:16:01 +0200] "GET /cgi-bin/AT-admin.cgi HTTP/1.0" 404 293 "-" "-"
61.96.181.132 - - [29/Jul/2003:00:16:01 +0200] "GET /cgi-bin/AT-generate.cgi HTTP/1.0" 404 296 "-" "-"
61.96.181.132 - - [29/Jul/2003:00:16:01 +0200] "GET /cgi-bin/authorize/dbmfiles/users HTTP/1.0" 404 305 "-" "-"
61.96.181.132 - - [29/Jul/2003:00:16:01 +0200] "GET /cgi-bin/ax.cgi HTTP/1.0" 404 287 "-" "-"
Code: Select all
#!/bin/sh
iptables -A INPUT -t filter -p all -s 61.96.181.0/255.0.0.0 -j REJECT
Ã?h... du sag mal, Chris, du hast noch nicht so viele Erfahrungen mit KRNIC und Abuse-Handling, oder?Außerdem wäre es äußerst selbstlos, sich vielleicht doch mal an den zuständigen Provider (wo auch immer der sitzt) zu wenden, da du wahrscheinlich nicht der einzige bist, der "attackiert" wird, und andere das vielleicht erst gar nicht merken ...
Ich gestehe : Nö ...Ã?h... du sag mal, Chris, du hast noch nicht so viele Erfahrungen mit KRNIC und Abuse-Handling, oder?