Tekil Mesaj gösterimi - SPDNet Firewall

Konu SPDNet Firewall

20-05-2016, 03:17:01

#4

spdnet

Bunlarda botnet filtrelerimize takılanlar :

Başarı Tesadüf değildir.
Bilgi ise ucuz değildir.

Alıntı

[root@lin iplog]# cat ../log.txt
192.243.55.136
78.182.140.36
192.243.55.132
192.243.55.129
192.243.55.131
192.243.55.133
192.243.55.135
192.243.55.130
185.50.70.3
85.104.185.11
37.155.35.235
216.12.199.3
192.243.55.138
46.161.9.32
86.6.105.31
212.252.163.218
62.210.88.186
198.148.15.126
138.201.30.66
5.46.114.59
79.143.186.170
114.125.187.2
94.54.189.5
80.14.151.35
177.39.46.189
176.33.233.242
23.239.66.98
192.99.144.140

Alıntı

[root@lin iplog]# cat ../aramamotorbotlari.txt

77.88.9.10 adresi icin tespit edilen guvenilir bot durumu : 15 -
77.88.9.10 Arama motoru ip adresi
141.8.143.4 adresi icin tespit edilen guvenilir bot durumu : 15 -
141.8.143.4 Arama motoru ip adresi
5.255.251.150 adresi icin tespit edilen guvenilir bot durumu : 15 - % Abuse contact for '5.255.251.128 - 5.255.251.255' is 'abuse@yandex.ru'
5.255.251.150 Arama motoru ip adresi
5.255.251.153 adresi icin tespit edilen guvenilir bot durumu : 15 - % Abuse contact for '5.255.251.128 - 5.255.251.255' is 'abuse@yandex.ru'
5.255.251.153 Arama motoru ip adresi
5.255.251.154 adresi icin tespit edilen guvenilir bot durumu : 15 - % Abuse contact for '5.255.251.128 - 5.255.251.255' is 'abuse@yandex.ru'
5.255.251.154 Arama motoru ip adresi
141.8.142.30 adresi icin tespit edilen guvenilir bot durumu : 16 - % Abuse contact for '141.8.142.0 - 141.8.142.255' is 'abuse@yandex.ru'
141.8.142.30 Arama motoru ip adresi
66.249.69.26 adresi icin tespit edilen guvenilir bot durumu : 6 - NetName: GOOGLE
66.249.69.26 Arama motoru ip adresi
141.8.143.20 adresi icin tespit edilen guvenilir bot durumu : 15 - % Abuse contact for '141.8.143.0 - 141.8.143.127' is 'abuse@yandex.ru'
141.8.143.20 Arama motoru ip adresi
5.255.251.144 adresi icin tespit edilen guvenilir bot durumu : 15 - % Abuse contact for '5.255.251.128 - 5.255.251.255' is 'abuse@yandex.ru'
5.255.251.144 Arama motoru ip adresi
5.255.251.162 adresi icin tespit edilen guvenilir bot durumu : 15 - % Abuse contact for '5.255.251.128 - 5.255.251.255' is 'abuse@yandex.ru'
5.255.251.162 Arama motoru ip adresi
141.8.143.14 adresi icin tespit edilen guvenilir bot durumu : 15 - % Abuse contact for '141.8.143.0 - 141.8.143.127' is 'abuse@yandex.ru'
141.8.143.14 Arama motoru ip adresi
5.255.227.148 adresi icin tespit edilen guvenilir bot durumu : 16 - % Abuse contact for '5.255.227.0 - 5.255.227.255' is 'abuse@yandex.ru'
5.255.227.148 Arama motoru ip adresi
66.249.75.211 adresi icin tespit edilen guvenilir bot durumu : 6 - NetName: GOOGLE
66.249.75.211 Arama motoru ip adresi
66.249.69.37 adresi icin tespit edilen guvenilir bot durumu : 6 - NetName: GOOGLE
66.249.69.37 Arama motoru ip adresi
0.77.167.29 adresi icin tespit edilen guvenilir bot durumu : 1 - Comment: * msndcc@microsoft.com
40.77.167.29 Arama motoru ip adresi
0.77.167.8 adresi icin tespit edilen guvenilir bot durumu : 1 - Comment: * msndcc@microsoft.com
40.77.167.8 Arama motoru ip adresi
109.11.1.43 adresi icin tespit edilen guvenilir bot durumu : 4 - % Abuse contact for '109.0.0.0 - 109.31.255.255' is 'abuse@gaoland.net'
109.11.1.43 Arama motoru ip adresi
77.88.9.30 adresi icin tespit edilen guvenilir bot durumu : 15 - % Abuse contact for '77.88.9.0 - 77.88.9.127' is 'abuse@yandex.ru'

Alıntı

[root@lin iplog]# cat 23.239.66.98-1463702528.txt
23.239.66.98 - - [17/May/2016:10:02:35 +0300] "HEAD / HTTP/1.1" 403 0 "-" "-"
23.239.66.98 - - [17/May/2016:10:02:35 +0300] "HEAD /wp/ HTTP/1.1" 403 0 "-" "-"
23.239.66.98 - - [17/May/2016:10:02:36 +0300] "HEAD /wordpress/ HTTP/1.1" 403 0 "-" "-"
23.239.66.98 - - [17/May/2016:10:02:36 +0300] "HEAD /blog/ HTTP/1.1" 403 0 "-" "-"
23.239.66.98 - - [17/May/2016:10:02:36 +0300] "HEAD /test/ HTTP/1.1" 403 0 "-" "-"
23.239.66.98 - - [17/May/2016:10:02:37 +0300] "HEAD /blogs/ HTTP/1.1" 403 0 "-" "-"
23.239.66.98 - - [17/May/2016:10:02:37 +0300] "HEAD /joom/ HTTP/1.1" 403 0 "-" "-"
23.239.66.98 - - [17/May/2016:10:02:37 +0300] "HEAD /joomla/ HTTP/1.1" 403 0 "-" "-"
23.239.66.98 - - [17/May/2016:10:02:37 +0300] "HEAD /drupal/ HTTP/1.1" 403 0 "-" "-"
23.239.66.98 - - [17/May/2016:10:02:38 +0300] "HEAD /site/ HTTP/1.1" 403 0 "-" "-"
23.239.66.98 - - [17/May/2016:10:02:38 +0300] "HEAD /1/ HTTP/1.1" 403 0 "-" "-"
23.239.66.98 - - [17/May/2016:10:02:38 +0300] "HEAD /old/ HTTP/1.1" 403 0 "-" "-"
23.239.66.98 - - [17/May/2016:10:02:39 +0300] "HEAD /new/ HTTP/1.1" 403 0 "-" "-"
23.239.66.98 - - [17/May/2016:10:02:39 +0300] "HEAD /shop/ HTTP/1.1" 403 0 "-" "-"
23.239.66.98 - - [17/May/2016:10:02:39 +0300] "HEAD /portal/ HTTP/1.1" 403 0 "-" "-"
23.239.66.98 - - [17/May/2016:10:33:47 +0300] "HEAD / HTTP/1.1" 403 0 "-" "-"
23.239.66.98 - - [17/May/2016:10:33:47 +0300] "HEAD /wp/ HTTP/1.1" 403 0 "-" "-"
23.239.66.98 - - [17/May/2016:10:33:47 +0300] "HEAD /wordpress/ HTTP/1.1" 403 0 "-" "-"
23.239.66.98 - - [17/May/2016:10:33:48 +0300] "HEAD /blog/ HTTP/1.1" 403 0 "-" "-"
23.239.66.98 - - [17/May/2016:10:33:48 +0300] "HEAD /test/ HTTP/1.1" 403 0 "-" "-"
23.239.66.98 - - [17/May/2016:10:33:48 +0300] "HEAD /blogs/ HTTP/1.1" 403 0 "-" "-"
23.239.66.98 - - [17/May/2016:10:33:49 +0300] "HEAD /joom/ HTTP/1.1" 403 0 "-" "-"
23.239.66.98 - - [17/May/2016:10:33:49 +0300] "HEAD /joomla/ HTTP/1.1" 403 0 "-" "-"

ya da :

Alıntı

[root@lin iplog]# cat 50.87.248.84-1463705125.txt
50.87.248.84 - - [20/May/2016:03:42:31 +0300] "HEAD / HTTP/1.0" 444 0 "-" "-"
50.87.248.84 - - [20/May/2016:03:42:31 +0300] "HEAD / HTTP/1.0" 444 0 "-" "-"
50.87.248.84 - - [20/May/2016:03:42:31 +0300] "HEAD / HTTP/1.0" 444 0 "-" "-"
50.87.248.84 - - [20/May/2016:03:42:31 +0300] "HEAD / HTTP/1.0" 444 0 "-" "-"
50.87.248.84 - - [20/May/2016:03:42:31 +0300] "HEAD / HTTP/1.0" 444 0 "-" "-"
50.87.248.84 - - [20/May/2016:03:42:31 +0300] "HEAD / HTTP/1.0" 444 0 "-" "-"
50.87.248.84 - - [20/May/2016:03:42:31 +0300] "HEAD / HTTP/1.0" 444 0 "-" "-"
50.87.248.84 - - [20/May/2016:03:42:31 +0300] "HEAD / HTTP/1.0" 444 0 "-" "-"
50.87.248.84 - - [20/May/2016:03:42:31 +0300] "HEAD / HTTP/1.0" 444 0 "-" "-"
50.87.248.84 - - [20/May/2016:03:42:31 +0300] "HEAD / HTTP/1.0" 444 0 "-" "-"
50.87.248.84 - - [20/May/2016:03:42:31 +0300] "HEAD / HTTP/1.0" 444 0 "-" "-"
50.87.248.84 - - [20/May/2016:03:42:31 +0300] "HEAD / HTTP/1.0" 444 0 "-" "-"
50.87.248.84 - - [20/May/2016:03:42:31 +0300] "HEAD / HTTP/1.0" 444 0 "-" "-"
50.87.248.84 - - [20/May/2016:03:42:31 +0300] "HEAD / HTTP/1.0" 444 0 "-" "-"
50.87.248.84 - - [20/May/2016:03:42:31 +0300] "HEAD / HTTP/1.0" 444 0 "-" "-"
50.87.248.84 - - [20/May/2016:03:42:31 +0300] "HEAD / HTTP/1.0" 444 0 "-" "-"
50.87.248.84 - - [20/May/2016:03:42:31 +0300] "HEAD / HTTP/1.0" 444 0 "-" "-"
50.87.248.84 - - [20/May/2016:03:42:31 +0300] "HEAD / HTTP/1.0" 444 0 "-" "-"
50.87.248.84 - - [20/May/2016:03:42:31 +0300] "HEAD / HTTP/1.0" 444 0 "-" "-"
50.87.248.84 - - [20/May/2016:03:42:31 +0300] "HEAD / HTTP/1.0" 444 0 "-" "-"
50.87.248.84 - - [20/May/2016:03:42:31 +0300] "HEAD / HTTP/1.0" 444 0 "-" "-"
50.87.248.84 - - [20/May/2016:03:42:31 +0300] "HEAD / HTTP/1.0" 444 0 "-" "-"
50.87.248.84 - - [20/May/2016:03:42:31 +0300] "HEAD / HTTP/1.0" 444 0 "-" "-"
50.87.248.84 - - [20/May/2016:03:42:31 +0300] "HEAD / HTTP/1.0" 444 0 "-" "-"
50.87.248.84 - - [20/May/2016:03:42:31 +0300] "HEAD / HTTP/1.0" 444 0 "-" "-"
50.87.248.84 - - [20/May/2016:03:42:31 +0300] "HEAD / HTTP/1.0" 444 0 "-" "-"
50.87.248.84 - - [20/May/2016:03:42:31 +0300] "HEAD / HTTP/1.0" 444 0 "-" "-"
50.87.248.84 - - [20/May/2016:03:42:31 +0300] "HEAD / HTTP/1.0" 444 0 "-" "-"
50.87.248.84 - - [20/May/2016:03:42:31 +0300] "HEAD / HTTP/1.0" 444 0 "-" "-"

Ya da sistemlerinizden bot ile veri çalınmasını engelliyoruz. Botları whiteliste ekleyebiliyoruz eğer sizin bilginiz dahilindeyse :

Alıntı

[root@lin iplog]# cat 192.243.55.130-1463699483.txt | head -100
192.243.55.135 - - [16/May/2016:18:58:28 +0300] "GET /db.php?c=10&j=8&q=5493&t=192.243.55.130 HTTP/1.1" 302 0 "-" "Mozilla/5.0 (compatible; SemrushBot/1.1~bl; +http://www.semrush.com/bot.html)"
192.243.55.135 - - [16/May/2016:19:06:17 +0300] "GET /db.php?c=10&j=8&q=4776&t=192.243.55.130 HTTP/1.1" 302 0 "-" "Mozilla/5.0 (compatible; SemrushBot/1.1~bl; +http://www.semrush.com/bot.html)"
192.243.55.135 - - [16/May/2016:19:10:21 +0300] "GET /db.php?c=10&j=3&q=17546&t=192.243.55.130 HTTP/1.1" 302 0 "-" "Mozilla/5.0 (compatible; SemrushBot/1.1~bl; +http://www.semrush.com/bot.html)"
192.243.55.135 - - [16/May/2016:19:10:45 +0300] "GET /db.php?c=10&j=3&q=17349&t=192.243.55.130 HTTP/1.1" 302 0 "-" "Mozilla/5.0 (compatible; SemrushBot/1.1~bl; +http://www.semrush.com/bot.html)"
192.243.55.131 - - [16/May/2016:19:13:14 +0300] "GET /db.php?c=10&j=9&q=15172&t=192.243.55.130 HTTP/1.1" 302 0 "-" "Mozilla/5.0 (compatible; SemrushBot/1.1~bl; +http://www.semrush.com/bot.html)"
192.243.55.131 - - [16/May/2016:19:13:36 +0300] "GET /db.php?c=10&j=9&q=15578&t=192.243.55.130 HTTP/1.1" 302 0 "-" "Mozilla/5.0 (compatible; SemrushBot/1.1~bl; +http://www.semrush.com/bot.html)"
192.243.55.131 - - [16/May/2016:19:16:52 +0300] "GET /db.php?c=10&j=9&q=14386&t=192.243.55.130 HTTP/1.1" 302 0 "-" "Mozilla/5.0 (compatible; SemrushBot/1.1~bl; +http://www.semrush.com/bot.html)"
192.243.55.131 - - [16/May/2016:19:18:08 +0300] "GET /db.php?c=10&j=9&q=14589&t=192.243.55.130 HTTP/1.1" 302 0 "-" "Mozilla/5.0 (compatible; SemrushBot/1.1~bl; +http://www.semrush.com/bot.html)"
192.243.55.131 - - [16/May/2016:19:19:44 +0300] "GET /db.php?c=10&j=5&q=6730&t=192.243.55.130 HTTP/1.1" 302 0 "-" "Mozilla/5.0 (compatible; SemrushBot/1.1~bl; +http://www.semrush.com/bot.html)"
192.243.55.135 - - [16/May/2016:19:23:52 +0300] "GET /db.php?c=10&j=9&q=12271&t=192.243.55.130 HTTP/1.1" 302 0 "-" "Mozilla/5.0 (compatible; SemrushBot/1.1~bl; +http://www.semrush.com/bot.html)"
192.243.55.131 - - [16/May/2016:19:24:42 +0300] "GET /db.php?c=10&j=9&q=12074&t=192.243.55.130 HTTP/1.1" 302 0 "-" "Mozilla/5.0 (compatible; SemrushBot/1.1~bl; +http://www.semrush.com/bot.html)"
192.243.55.131 - - [16/May/2016:19:25:13 +0300] "GET /db.php?c=10&j=2&q=15555&t=192.243.55.130 HTTP/1.1" 302 0 "-" "Mozilla/5.0 (compatible; SemrushBot/1.1~bl; +http://www.semrush.com/bot.html)"
192.243.55.131 - - [16/May/2016:19:26:02 +0300] "GET /db.php?c=10&j=2&q=15750&t=192.243.55.130 HTTP/1.1" 302 0 "-" "Mozilla/5.0 (compatible; SemrushBot/1.1~bl; +http://www.semrush.com/bot.html)"
192.243.55.131 - - [16/May/2016:19:28:38 +0300] "GET /db.php?c=10&j=2&q=2858&t=192.243.55.130 HTTP/1.1" 302 0 "-" "Mozilla/5.0 (compatible; SemrushBot/1.1~bl; +http://www.semrush.com/bot.html)"
192.243.55.131 - - [16/May/2016:19:29:31 +0300] "GET /db.php?c=10&j=2&q=16205&t=192.243.55.130 HTTP/1.1" 302 0 "-" "Mozilla/5.0 (compatible; SemrushBot/1.1~bl; +http://www.semrush.com/bot.html)"
192.243.55.131 - - [16/May/2016:19:29:58 +0300] "GET /db.php?c=10&j=2&q=16000&t=192.243.55.130 HTTP/1.1" 200 0 "-" "Mozilla/5.0 (compatible; SemrushBot/1.1~bl; +http://www.semrush.com/bot.html)"
192.243.55.131 - - [16/May/2016:19:30:29 +0300] "GET /db.php?c=10&j=7&q=11978&t=192.243.55.130 HTTP/1.1" 302 0 "-" "Mozilla/5.0 (compatible; SemrushBot/1.1~bl; +http://www.semrush.com/bot.html)"
192.243.55.138 - - [16/May/2016:19:34:58 +0300] "GET /db.php?c=10&j=7&q=8061&t=192.243.55.130 HTTP/1.1" 302 0 "-" "Mozilla/5.0 (compatible; SemrushBot/1.1~bl; +http://www.semrush.com/bot.html)"
192.243.55.138 - - [16/May/2016:19:34:59 +0300] "GET /db.php?c=10&j=4&q=12045&t=192.243.55.130 HTTP/1.1" 302 0 "-" "Mozilla/5.0 (compatible; SemrushBot/1.1~bl; +http://www.semrush.com/bot.html)"
192.243.55.138 - - [16/May/2016:19:36:33 +0300] "GET /db.php?c=10&j=3&q=3451&t=192.243.55.130 HTTP/1.1" 302 0 "-" "Mozilla/5.0 (compatible; SemrushBot/1.1~bl; +http://www.semrush.com/bot.html)"