Merci libapache2-mod-evasive!

Pause Café
#1

Merci libapache2-mod-evasive… :005

Effectivement…

[Mon Nov 07 01:29:59 2011] [error] [client 46.105.77.55] client denied by server configuration: /usr/share/phpmyadmin/main.php [Mon Nov 07 01:29:59 2011] [error] [client 46.105.77.55] File does not exist: /var/www/phpMyAdmin [Mon Nov 07 01:29:59 2011] [error] [client 46.105.77.55] File does not exist: /var/www/db [Mon Nov 07 01:29:59 2011] [error] [client 46.105.77.55] File does not exist: /var/www/web [Mon Nov 07 01:29:59 2011] [error] [client 46.105.77.55] File does not exist: /var/www/PMA [Mon Nov 07 01:29:59 2011] [error] [client 46.105.77.55] File does not exist: /var/www/dbadmin [Mon Nov 07 01:29:59 2011] [error] [client 46.105.77.55] File does not exist: /var/www/PMA2006 [Mon Nov 07 01:29:59 2011] [error] [client 46.105.77.55] File does not exist: /var/www/pma2006 [Mon Nov 07 01:29:59 2011] [error] [client 46.105.77.55] File does not exist: /var/www/sqlmanager ...

L’attaque avait commencé le 6.
Plus de 1800 tentatives en 2 jours.

Je suppose que c’est fréquent, moi ça m’a fait drôle quand j’ai découvert ça…

#2

Moi, c’est tous les jours et parfois, il y a des jours exceptionnels où ça déborde.
Tant qu’ils ne trouvent pas …
Le logwatch d’hier : y s’emmerdent en ce moment car je coupe apache la nuit.

[code]404 Not Found
//admin/phpmyadmin/scripts/setup.php: 1 Time(s)
//admin/pma/scripts/setup.php: 1 Time(s)
//admin/scripts/setup.php: 1 Time(s)
//databaseadmin/scripts/setup.php: 1 Time(s)
//db/scripts/setup.php: 1 Time(s)
//dbadmin/scripts/setup.php: 1 Time(s)
//myadmin/scripts/setup.php: 1 Time(s)
//mysql-admin/scripts/setup.php: 1 Time(s)
//mysql/scripts/setup.php: 1 Time(s)
//mysqladmin/scripts/setup.php: 1 Time(s)
//mysqlmanager/scripts/setup.php: 1 Time(s)
//php-my-admin/scripts/setup.php: 2 Time(s)
//php-myadmin/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.2.3/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.2.6/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.5.1/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.5.4/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.5.5-rc1/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.5.5/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.5.6-rc2/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.5.7-pl1/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.6.0-alpha/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.6.0-alpha2/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.6.0-beta1/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.6.0-pl1/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.6.0-rc1/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.6.0-rc2/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.6.0-rc3/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.6.1-pl2/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.6.1-pl3/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.6.1-rc2/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.6.1/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.6.2-beta1/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.6.2-pl1/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.6.2-rc1/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.6.2/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.6.3-rc1/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.6.3/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.6.4-pl2/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.6.4-pl3/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.6.4/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.7.0-beta1/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.7.0-pl1/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.7.0-pl2/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.7.0-rc1/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.8.0-rc1/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.8.0.1/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.8.0.3/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.8.1-rc1/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2.8.1/scripts/setup.php: 1 Time(s)
//phpMyAdmin-2/scripts/setup.php: 1 Time(s)
//phpadmin/scripts/setup.php: 1 Time(s)
//phpmanager/scripts/setup.php: 1 Time(s)
//phpmy-admin/scripts/setup.php: 1 Time(s)
//phpmyadmin/scripts/setup.php: 1 Time(s)
//phpmyadmin1/scripts/setup.php: 1 Time(s)
//pma2005/scripts/setup.php: 1 Time(s)
//scripts/setup.php: 1 Time(s)
//sqlmanager/scripts/setup.php: 1 Time(s)
//sqlweb/scripts/setup.php: 1 Time(s)
//typo3/phpmyadmin/scripts/setup.php: 1 Time(s)
//web/phpMyAdmin/scripts/setup.php: 1 Time(s)
//web/scripts/setup.php: 1 Time(s)
//webdb/scripts/setup.php: 1 Time(s)
//websql/scripts/setup.php: 1 Time(s)
//xampp/phpmyadmin/scripts/setup.php: 1 Time(s)
/MyAdmin/scripts/setup.php: 1 Time(s)
/garage/usermanual.pdf: 1 Time(s)
/muieblackcat: 1 Time(s)
/myadmin/scripts/setup.php: 1 Time(s)
/p: 1 Time(s)
/phpMyAdmin/scripts/setup.php: 1 Time(s)
/phpmyadmin/scripts/setup.php: 1 Time(s)
/pi: 1 Time(s)
/piwi: 1 Time(s)
/piwigo: 2 Time(s)
/piwigo/admin/icon/collapse.png: 1 Time(s)
/piwigo/admin/icon/expand.png: 1 Time(s)
/pma/scripts/setup.php: 1 Time(s)
/robots.txt: 9 Time(s)
/w00tw00t.at.blackhats.romanian.anti-sec:): 1 Time(s)
http://movietvblog.com/proxyheader.php: 1 Time(s)
http://www.max6he.com/judge.php: 1 Time(s)
http://www.seektwo.com/proxy-1.php: 1 Time(s)

---------------------- httpd End -------------[/code]

#3

Re,
L’IP qui me cherchait des noises vient de chez OVH.

Est-ce que ça vaut la peine de le signaler à abuse@ovh.net ?

#4

Tu peux toujours mais il y en aura un autre juste derrière pour prendre sa place.
Tiens par exemple, l’autre jour, y’en a un qui m’a envoyé 3000 mails depuis 2 bécanes :033

#5

[quote=“antalgeek”]Tu peux toujours mais il y en aura un autre juste derrière pour prendre sa place.
Tiens par exemple, l’autre jour, y’en a un qui m’a envoyé 3000 mails depuis 2 bécanes :033[/quote]

:005

Comme il a un reverse DNS en vrac tu peux même pas remonter jusqu’a lui… :mrgreen: :005

#6

[quote=“antalgeek”]Tu peux toujours mais il y en aura un autre juste derrière pour prendre sa place.
Tiens par exemple, l’autre jour, y’en a un qui m’a envoyé 3000 mails depuis 2 bécanes :033[/quote]
J’espère que tu as répondu à tous :005