Mi recientemente publicado script GTFO lleva ya dos días corriendo cada dos minutos. Estos son los resultados.

Registro de direcciones IP bloqueadas/desbloqueadas en el log de GTFO:

root@linuxito:~# grep -i banning /var/log/gtfo.log       
Banning new IP addresses...
Banning 103.15.60.234
Banning 103.58.79.82
Banning 105.104.204.203
Banning 106.51.129.233
Banning 114.143.201.2
Banning 117.222.28.36
Banning 151.50.22.63
Banning 158.193.143.51
Banning 178.116.67.50
Banning 178.148.49.212
Banning 180.190.66.1
Banning 180.191.142.56
Banning 180.215.122.2
Banning 185.37.168.73
Banning 188.246.141.43
Banning 190.102.136.18
Banning 200.102.23.120
Banning 213.6.148.30
Banning 2.233.125.199
Banning 41.136.13.220
Banning 5.43.108.59
Banning 78.166.192.192
Banning 78.85.72.242
Banning 83.215.135.151
Banning 83.35.212.125
Banning 84.40.120.207
Banning 85.242.171.240
Banning 87.4.85.46
Banning 91.200.12.47
Banning 92.80.196.246
Banning 95.13.182.161
Banning 176.31.245.146
Banning 185.93.187.114
Banning 83.142.196.169
Banning 84.238.141.127
Banning new IP addresses...
Banning 113.199.255.134
Banning new IP addresses...
Banning 123.49.34.11
Banning new IP addresses...
Banning 91.200.12.42
Banning new IP addresses...
Banning 115.138.104.69
Banning new IP addresses...
Banning 84.74.118.70
Banning new IP addresses...
Banning 39.40.253.57
Banning new IP addresses...
Banning 37.116.248.53
Banning new IP addresses...
Banning 94.254.146.177
Banning new IP addresses...
Banning 187.60.34.66
Banning new IP addresses...
Banning 79.186.130.190
Banning new IP addresses...
Banning 88.7.223.192
Banning new IP addresses...
Banning 181.45.84.50
Banning new IP addresses...
Banning 72.174.8.207
Banning new IP addresses...
Banning 187.67.96.133
Banning new IP addresses...
Banning 180.254.94.98
Banning new IP addresses...
Banning 84.235.93.171
Banning new IP addresses...
Banning 103.48.180.193
Banning new IP addresses...
Banning 187.152.86.112
Banning new IP addresses...
Banning 103.225.59.10
Banning new IP addresses...
Banning 62.210.162.228
Banning new IP addresses...
Banning 92.66.96.163
Banning new IP addresses...
Banning 82.159.12.147
Banning new IP addresses...
Banning 36.68.50.80
Banning new IP addresses...
Banning 183.87.126.246
Banning new IP addresses...
Banning 103.244.176.57
Banning new IP addresses...
Banning 82.194.134.112
Banning new IP addresses...
Banning 46.246.39.81
Banning new IP addresses...
Banning 178.216.190.17
Banning new IP addresses...
Banning 172.115.156.172
Banning new IP addresses...
Banning 173.208.177.59
Banning new IP addresses...
Banning 88.233.106.116
Banning 88.233.106.116
Banning new IP addresses...
Banning 175.100.174.111
Banning new IP addresses...
Banning 81.167.162.51
Banning new IP addresses...
Banning 103.231.162.36
Banning new IP addresses...
Banning 41.210.7.114
Banning new IP addresses...
Banning 31.223.151.13
Banning new IP addresses...
Banning 111.125.209.165
Banning new IP addresses...
Banning 49.148.192.44
Banning new IP addresses...
Banning 91.200.12.132
Banning new IP addresses...
Banning 76.112.141.216
Banning new IP addresses...
Banning 87.5.234.36
Banning new IP addresses...
Banning 188.25.231.70
Banning new IP addresses...
Banning 142.68.93.41
Banning new IP addresses...
Banning 121.54.32.170
Banning new IP addresses...
Banning 148.240.85.197
Banning new IP addresses...
Banning 117.194.71.83
Banning 180.191.119.254
Banning new IP addresses...
Banning 79.116.3.232
Banning 91.219.171.80
Banning new IP addresses...
Banning 87.70.30.4
Banning new IP addresses...
Banning 5.172.108.235
Banning new IP addresses...
Banning 78.174.103.242
Banning new IP addresses...
Banning 151.62.139.21
Banning new IP addresses...
Banning 80.48.171.2
Banning new IP addresses...
Banning 178.162.199.197
Banning new IP addresses...
Banning 118.107.222.43
Banning new IP addresses...
Banning 94.32.209.144
Banning new IP addresses...
Banning 187.0.13.70
Banning new IP addresses...
Banning 217.79.192.104
Banning new IP addresses...
Banning 14.9.210.64
Banning new IP addresses...
Banning 95.245.155.35
Banning new IP addresses...
Banning 103.48.70.186
Banning new IP addresses...
Banning 98.166.238.111
Banning new IP addresses...
Banning 82.81.107.96
Unbanning 103.15.60.234
Unbanning 103.58.79.82
Unbanning 105.104.204.203
Unbanning 106.51.129.233
Unbanning 114.143.201.2
Unbanning 117.222.28.36
Unbanning 151.50.22.63
Unbanning 158.193.143.51
Unbanning 178.116.67.50
Unbanning 178.148.49.212
Unbanning 180.190.66.1
Unbanning 180.191.142.56
Unbanning 180.215.122.2
Unbanning 185.37.168.73
Unbanning 188.246.141.43
Unbanning 190.102.136.18
Unbanning 200.102.23.120
Unbanning 213.6.148.30
Unbanning 2.233.125.199
Unbanning 41.136.13.220
Unbanning 5.43.108.59
Unbanning 78.166.192.192
Unbanning 78.85.72.242
Unbanning 83.215.135.151
Unbanning 83.35.212.125
Unbanning 84.40.120.207
Unbanning 85.242.171.240
Unbanning 87.4.85.46
Unbanning 91.200.12.47
Unbanning 92.80.196.246
Unbanning 95.13.182.161
Unbanning 176.31.245.146
Unbanning 185.93.187.114
Unbanning 83.142.196.169
Unbanning 84.238.141.127
Banning new IP addresses...
Banning 187.3.159.66
Banning new IP addresses...
Banning 176.232.201.233
Banning 176.232.201.233
Banning new IP addresses...
Banning 213.93.242.70
Banning new IP addresses...
Banning 93.99.145.33
Banning new IP addresses...
Banning 103.47.135.46
Banning 41.227.121.144
Unbanning 113.199.255.134
Banning new IP addresses...
Banning 181.95.50.76
Banning 197.48.6.213
Banning new IP addresses...
Banning 37.35.199.126
Unbanning 123.49.34.11
Unbanning 91.200.12.42
Banning new IP addresses...
Banning 201.178.57.165
Unbanning 115.138.104.69
Banning new IP addresses...
Banning 122.61.119.52
Banning new IP addresses...
Banning 5.13.52.168
Unbanning 84.74.118.70
Banning new IP addresses...
Banning 179.34.79.217
Unbanning 39.40.253.57
Banning new IP addresses...
Banning 109.99.239.111
Unbanning 37.116.248.53
Banning new IP addresses...
Banning 103.59.202.131
Unbanning 94.254.146.177
Unbanning 187.60.34.66
Banning new IP addresses...
Banning 81.203.187.203
Unbanning 79.186.130.190
Unbanning 88.7.223.192
Unbanning 181.45.84.50
Banning new IP addresses...
Banning 187.39.224.192
Banning new IP addresses...
Banning 85.148.26.72
Banning new IP addresses...
Banning 91.200.12.155
Unbanning 72.174.8.207
Unbanning 187.67.96.133
Unbanning 180.254.94.98
Banning new IP addresses...
Banning 79.177.88.157
Banning new IP addresses...
Banning 105.155.208.131
Banning new IP addresses...
Banning 91.121.157.80
Banning new IP addresses...
Banning 195.72.208.238
Unbanning 84.235.93.171
Banning new IP addresses...
Banning 31.43.63.169
Unbanning 103.48.180.193
Unbanning 187.152.86.112
Banning new IP addresses...
Banning 186.230.38.127
Unbanning 103.225.59.10
Banning new IP addresses...
Banning 69.50.70.11
Unbanning 62.210.162.228
Unbanning 92.66.96.163
Unbanning 82.159.12.147
Banning new IP addresses...
Banning 73.232.106.68
Unbanning 36.68.50.80
Banning new IP addresses...
Banning 14.45.64.216
Banning 66.27.146.62
Banning new IP addresses...
Banning 5.54.219.252
Unbanning 183.87.126.246
Banning new IP addresses...
Banning 111.205.242.193
Banning new IP addresses...
Banning 212.90.187.118
Banning new IP addresses...
Banning 104.218.216.43
Banning new IP addresses...
Banning 112.133.232.11
Unbanning 103.244.176.57
Banning new IP addresses...
Banning 90.219.202.148
Unbanning 82.194.134.112
Banning new IP addresses...
Banning 46.139.140.53
Unbanning 46.246.39.81
Unbanning 178.216.190.17
Banning new IP addresses...
Banning 221.120.217.61
Banning new IP addresses...
Banning 158.197.98.32
Banning new IP addresses...
Banning 110.44.2.165
Unbanning 172.115.156.172
Banning new IP addresses...
Banning 49.150.130.13
Unbanning 173.208.177.59
Banning new IP addresses...
Banning 93.184.84.32
Unbanning 88.233.106.116
Unbanning 88.233.106.116
Banning new IP addresses...
Banning 79.129.106.44
Unbanning 175.100.174.111
Banning new IP addresses...
Banning 189.173.0.255
Unbanning 81.167.162.51
Banning new IP addresses...
Banning 178.191.220.174
Unbanning 103.231.162.36
Unbanning 41.210.7.114
Banning new IP addresses...
Banning 103.67.179.34
Unbanning 31.223.151.13
Banning new IP addresses...
Banning 98.212.137.146
Unbanning 111.125.209.165
Banning new IP addresses...
Banning 81.247.35.45
Banning new IP addresses...
Banning 41.164.24.122
Unbanning 49.148.192.44
Banning new IP addresses...
Banning 168.227.164.252
Unbanning 91.200.12.132
Unbanning 76.112.141.216
Banning new IP addresses...
Banning 31.148.224.141

Lista de direcciones IP bloqueadas en la base de datos (junto con su fecha en formato "YYYYMMDDHHMM"):

root@linuxito:~# cat /usr/local/GTFO/banned.ip 
87.5.234.36 201611030644
188.25.231.70 201611030646
142.68.93.41 201611030702
121.54.32.170 201611030706
148.240.85.197 201611030720
117.194.71.83 201611030746
180.191.119.254 201611030746
79.116.3.232 201611030810
91.219.171.80 201611030810
87.70.30.4 201611030812
5.172.108.235 201611030930
78.174.103.242 201611030940
151.62.139.21 201611030952
80.48.171.2 201611031018
178.162.199.197 201611031032
118.107.222.43 201611031106
94.32.209.144 201611031108
187.0.13.70 201611031114
217.79.192.104 201611031120
14.9.210.64 201611031156
95.245.155.35 201611031220
103.48.70.186 201611031240
98.166.238.111 201611031306
82.81.107.96 201611031310
187.3.159.66 201611031334
176.232.201.233 201611031338
176.232.201.233 201611031338
213.93.242.70 201611031354
93.99.145.33 201611031416
103.47.135.46 201611031422
41.227.121.144 201611031422
181.95.50.76 201611031452
197.48.6.213 201611031452
37.35.199.126 201611031458
201.178.57.165 201611031544
122.61.119.52 201611031546
5.13.52.168 201611031558
179.34.79.217 201611031616
109.99.239.111 201611031704
103.59.202.131 201611031708
81.203.187.203 201611031712
187.39.224.192 201611031734
85.148.26.72 201611031756
91.200.12.155 201611031814
79.177.88.157 201611031912
105.155.208.131 201611031954
91.121.157.80 201611031958
195.72.208.238 201611032056
31.43.63.169 201611032130
186.230.38.127 201611032146
69.50.70.11 201611032248
73.232.106.68 201611032314
14.45.64.216 201611032354
66.27.146.62 201611032354
5.54.219.252 201611040018
111.205.242.193 201611040054
212.90.187.118 201611040156
104.218.216.43 201611040204
112.133.232.11 201611040218
90.219.202.148 201611040252
46.139.140.53 201611040316
221.120.217.61 201611040344
158.197.98.32 201611040348
110.44.2.165 201611040352
49.150.130.13 201611040408
93.184.84.32 201611040424
79.129.106.44 201611040428
189.173.0.255 201611040434
178.191.220.174 201611040442
103.67.179.34 201611040522
98.212.137.146 201611040528
81.247.35.45 201611040536
41.164.24.122 201611040542
168.227.164.252 201611040544
31.148.224.141 201611040628
99.140.105.147 201611040642

Lista de direcciones IP desbloqueadas (luego de 24 horas):

root@linuxito:~# cat /usr/local/GTFO/unbanned.ip 
103.15.60.234
103.58.79.82
105.104.204.203
106.51.129.233
114.143.201.2
117.222.28.36
151.50.22.63
158.193.143.51
178.116.67.50
178.148.49.212
180.190.66.1
180.191.142.56
180.215.122.2
185.37.168.73
188.246.141.43
190.102.136.18
200.102.23.120
213.6.148.30
2.233.125.199
41.136.13.220
5.43.108.59
78.166.192.192
78.85.72.242
83.215.135.151
83.35.212.125
84.40.120.207
85.242.171.240
87.4.85.46
91.200.12.47
92.80.196.246
95.13.182.161
176.31.245.146
185.93.187.114
83.142.196.169
84.238.141.127
113.199.255.134
123.49.34.11
91.200.12.42
115.138.104.69
84.74.118.70
39.40.253.57
37.116.248.53
94.254.146.177
187.60.34.66
79.186.130.190
88.7.223.192
181.45.84.50
72.174.8.207
187.67.96.133
180.254.94.98
84.235.93.171
103.48.180.193
187.152.86.112
103.225.59.10
62.210.162.228
92.66.96.163
82.159.12.147
36.68.50.80
183.87.126.246
103.244.176.57
82.194.134.112
46.246.39.81
178.216.190.17
172.115.156.172
173.208.177.59
88.233.106.116
88.233.106.116
175.100.174.111
81.167.162.51
103.231.162.36
41.210.7.114
31.223.151.13
111.125.209.165
49.148.192.44
91.200.12.132
76.112.141.216

Estado actual del firewall:

root@linuxito:~# iptables -nL --line-numbers | grep DROP
Chain INPUT (policy DROP)
1    DROP       all  --  99.140.105.147       0.0.0.0/0           
2    DROP       all  --  31.148.224.141       0.0.0.0/0           
3    DROP       all  --  168.227.164.252      0.0.0.0/0           
4    DROP       all  --  41.164.24.122        0.0.0.0/0           
5    DROP       all  --  81.247.35.45         0.0.0.0/0           
6    DROP       all  --  98.212.137.146       0.0.0.0/0           
7    DROP       all  --  103.67.179.34        0.0.0.0/0           
8    DROP       all  --  178.191.220.174      0.0.0.0/0           
9    DROP       all  --  189.173.0.255        0.0.0.0/0           
10   DROP       all  --  79.129.106.44        0.0.0.0/0           
11   DROP       all  --  93.184.84.32         0.0.0.0/0           
12   DROP       all  --  49.150.130.13        0.0.0.0/0           
13   DROP       all  --  110.44.2.165         0.0.0.0/0           
14   DROP       all  --  158.197.98.32        0.0.0.0/0           
15   DROP       all  --  221.120.217.61       0.0.0.0/0           
16   DROP       all  --  46.139.140.53        0.0.0.0/0           
17   DROP       all  --  90.219.202.148       0.0.0.0/0           
18   DROP       all  --  112.133.232.11       0.0.0.0/0           
19   DROP       all  --  104.218.216.43       0.0.0.0/0           
20   DROP       all  --  212.90.187.118       0.0.0.0/0           
21   DROP       all  --  111.205.242.193      0.0.0.0/0           
22   DROP       all  --  5.54.219.252         0.0.0.0/0           
23   DROP       all  --  66.27.146.62         0.0.0.0/0           
24   DROP       all  --  14.45.64.216         0.0.0.0/0           
25   DROP       all  --  73.232.106.68        0.0.0.0/0           
26   DROP       all  --  69.50.70.11          0.0.0.0/0           
27   DROP       all  --  186.230.38.127       0.0.0.0/0           
28   DROP       all  --  31.43.63.169         0.0.0.0/0           
29   DROP       all  --  195.72.208.238       0.0.0.0/0           
30   DROP       all  --  91.121.157.80        0.0.0.0/0           
31   DROP       all  --  105.155.208.131      0.0.0.0/0           
32   DROP       all  --  79.177.88.157        0.0.0.0/0           
33   DROP       all  --  91.200.12.155        0.0.0.0/0           
34   DROP       all  --  85.148.26.72         0.0.0.0/0           
35   DROP       all  --  187.39.224.192       0.0.0.0/0           
36   DROP       all  --  81.203.187.203       0.0.0.0/0           
37   DROP       all  --  103.59.202.131       0.0.0.0/0           
38   DROP       all  --  109.99.239.111       0.0.0.0/0           
39   DROP       all  --  179.34.79.217        0.0.0.0/0           
40   DROP       all  --  5.13.52.168          0.0.0.0/0           
41   DROP       all  --  122.61.119.52        0.0.0.0/0           
42   DROP       all  --  201.178.57.165       0.0.0.0/0           
43   DROP       all  --  37.35.199.126        0.0.0.0/0           
44   DROP       all  --  197.48.6.213         0.0.0.0/0           
45   DROP       all  --  181.95.50.76         0.0.0.0/0           
46   DROP       all  --  41.227.121.144       0.0.0.0/0           
47   DROP       all  --  103.47.135.46        0.0.0.0/0           
48   DROP       all  --  93.99.145.33         0.0.0.0/0           
49   DROP       all  --  213.93.242.70        0.0.0.0/0           
50   DROP       all  --  176.232.201.233      0.0.0.0/0           
51   DROP       all  --  176.232.201.233      0.0.0.0/0           
52   DROP       all  --  187.3.159.66         0.0.0.0/0           
53   DROP       all  --  82.81.107.96         0.0.0.0/0           
54   DROP       all  --  98.166.238.111       0.0.0.0/0           
55   DROP       all  --  103.48.70.186        0.0.0.0/0           
56   DROP       all  --  95.245.155.35        0.0.0.0/0           
57   DROP       all  --  14.9.210.64          0.0.0.0/0           
58   DROP       all  --  217.79.192.104       0.0.0.0/0           
59   DROP       all  --  187.0.13.70          0.0.0.0/0           
60   DROP       all  --  94.32.209.144        0.0.0.0/0           
61   DROP       all  --  118.107.222.43       0.0.0.0/0           
62   DROP       all  --  178.162.199.197      0.0.0.0/0           
63   DROP       all  --  80.48.171.2          0.0.0.0/0           
64   DROP       all  --  151.62.139.21        0.0.0.0/0           
65   DROP       all  --  78.174.103.242       0.0.0.0/0           
66   DROP       all  --  5.172.108.235        0.0.0.0/0           
67   DROP       all  --  87.70.30.4           0.0.0.0/0           
68   DROP       all  --  91.219.171.80        0.0.0.0/0           
69   DROP       all  --  79.116.3.232         0.0.0.0/0           
70   DROP       all  --  180.191.119.254      0.0.0.0/0           
71   DROP       all  --  117.194.71.83        0.0.0.0/0           
72   DROP       all  --  148.240.85.197       0.0.0.0/0           
73   DROP       all  --  121.54.32.170        0.0.0.0/0           
74   DROP       all  --  142.68.93.41         0.0.0.0/0           

En este momento estoy haciendo algunas mejoras al script. Especialmente para evitar el parseo de líneas de forma repetida, sino que cada vez que corre el script parsee sólo lineas nuevas (desde la última corrida) en el log de errores. Luego agregaré la funcionalidad necesaria para detectar intentos de acceso en el access.log (utiliza un formato diferente). Así que estén atentxs a los cambios en el repositorio.


Tal vez pueda interesarte


Compartí este artículo