[HTACCESS] site spammer rendu innaccessible

Marsh Posté le 30-04-2021 à 19:54:24

Salut à tous.

J'ai un site qui ce fait spammer, et du coup il est inaccessible la plupart du temps, Erreur 503.

Ce site tourne sous la dernière version de PrestaShop, et ont dirais bien qu'il est pris pour cible. Dans les fichier de log apache, c'est assez impressionnant.

Citation :

www.monsite.com 39.89.156.16 - - [30/Apr/2021:17:21:43 +0000] (125 s) "GET /en/24-modeles?q=Categories-JUPE-VESTE--MANTEAU-ACCESSOIRES/Size-S-XL&order=product.price.asc&productListView=list HTTP/1.1" 500 2466 "https://www.monsite.com/en/24-modeles?q=Categories-JUPE-VESTE--MANTEAU/Size-XL-S&order=product.price.asc&productListView=list" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36"
www.monsite.com 39.71.45.101 - - [30/Apr/2021:17:21:43 +0000] (125 s) "GET /en/24-modeles?q=Categories-ACCESSOIRES-VESTE--MANTEAU/Size-L-XL-XS&order=product.name.asc&productListView=list HTTP/1.1" 500 2466 "https://www.monsite.com/en/24-modeles?q=Categories-VESTE--MANTEAU-ACCESSOIRES/Size-L-XL&order=product.name.asc&productListView=list" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36"
www.monsite.com 172.21.26.98 - - [30/Apr/2021:17:21:43 +0000] (125 s) "GET /fr/module/mondialrelay/ordersStatusUpdate?secure_key=66fa2304fdbee242266571e25265321c HTTP/1.1" 500 2466 "-" "curl/7.52.1"
www.monsite.com 101.24.184.208 - - [30/Apr/2021:17:21:43 +0000] (124 s) "GET /en/19-top-tunique?q=Size-M-S/Brand-Atelier+des+modes&order=product.price.asc&productListView=grid&resultsPerPage=24 HTTP/1.1" 500 2466 "https://www.monsite.com/en/19-top-tunique?q=Size-M-S/Brand-Atelier+des+modes&order=product.price.asc&productListView=grid" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36"
www.monsite.com 110.250.83.44 - - [30/Apr/2021:17:21:43 +0000] (124 s) "GET /en/19-top-tunique?q=Brand-Atelier+des+modes/Size-S&order=product.name.desc&productListView=grid&productListView=list HTTP/1.1" 500 2466 "https://www.monsite.com/en/19-top-tunique?q=Brand-Atelier+des+modes/Size-S&order=product.name.desc&productListView=grid" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36"
www.monsite.com 183.27.49.45 - - [30/Apr/2021:17:21:44 +0000] (124 s) "GET /en/24-modeles?q=Categories-ACCESSOIRES-VESTE--MANTEAU/Size-XL-XS-L&order=product.name.asc&productListView=list HTTP/1.1" 500 2466 "https://www.monsite.com/en/24-modeles?q=Categories-VESTE--MANTEAU-ACCESSOIRES/Size-XL-XS&order=product.name.asc&productListView=list" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36"
www.monsite.com 140.224.112.7 - - [30/Apr/2021:17:21:43 +0000] (124 s) "GET /en/24-modeles?q=Categories-ACCESSOIRES-VESTE--MANTEAU/Size-M-XL-L&order=product.name.desc&productListView=list HTTP/1.1" 500 2466 "https://www.monsite.com/en/24-modeles?q=Categories-VESTE--MANTEAU-ACCESSOIRES/Size-M-XL&order=product.name.desc&productListView=list" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36"
www.monsite.com 39.88.93.14 - - [30/Apr/2021:17:21:44 +0000] (123 s) "GET /en/24-modeles?q=Categories-TOP--TUNIQUE-VESTE--MANTEAU/Size-L-XL-S&order=product.name.asc&productListView=list HTTP/1.1" 500 2466 "https://www.monsite.com/en/24-modeles?q=Categories-TOP--TUNIQUE-VESTE--MANTEAU/Size-XL-L&order=product.name.asc&productListView=list" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36"
www.monsite.com 39.82.168.216 - - [30/Apr/2021:17:21:44 +0000] (123 s) "GET /en/24-modeles?q=Categories-JUPE-VESTE--MANTEAU-ACCESSOIRES/Size-S-XL&order=product.name.desc&productListView=list HTTP/1.1" 500 2466 "https://www.monsite.com/en/24-modeles?q=Categories-JUPE-VESTE--MANTEAU/Size-XL-S&order=product.name.desc&productListView=list" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36"
www.monsite.com 119.166.15.128 - - [30/Apr/2021:17:21:44 +0000] (123 s) "GET /en/24-modeles?q=Categories-ROBE-VESTE--MANTEAU-ACCESSOIRES/Size-M-XL&order=product.name.desc&productListView=list HTTP/1.1" 500 2466 "https://www.monsite.com/en/24-modeles?q=Categories-ROBE-VESTE--MANTEAU/Size-XL-M&order=product.name.desc&productListView=list" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36"
www.monsite.com 39.77.153.30 - - [30/Apr/2021:17:21:44 +0000] (123 s) "GET /en/24-modeles?q=Categories-JUPE-VESTE--MANTEAU-ACCESSOIRES/Size-M-XL&order=product.price.asc&productListView=list HTTP/1.1" 500 2466 "https://www.monsite.com/en/24-modeles?q=Categories-JUPE-VESTE--MANTEAU/Size-XL-M&order=product.price.asc&productListView=list" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36"
www.monsite.com 60.1.182.27 - - [30/Apr/2021:17:21:44 +0000] (123 s) "GET /en/24-modeles?q=Categories-ROBE-VESTE--MANTEAU-ACCESSOIRES/Size-L-XL&order=product.name.desc&productListView=list HTTP/1.1" 500 2466 "https://www.monsite.com/en/24-modeles?q=Categories-ROBE-VESTE--MANTEAU/Size-XL-L&order=product.name.desc&productListView=list" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36"
www.monsite.com 183.191.223.156 - - [30/Apr/2021:17:21:44 +0000] (123 s) "GET /en/24-modeles?q=Categories-ROBE-VESTE--MANTEAU-ACCESSOIRES/Size-L-XL&order=product.price.asc&productListView=list HTTP/1.1" 500 2466 "https://www.monsite.com/en/24-modeles?q=Categories-VESTE--MANTEAU-ROBE/Size-L-XL&order=product.price.asc&productListView=list" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36"
www.monsite.com 110.250.83.239 - - [30/Apr/2021:17:21:44 +0000] (123 s) "GET /en/24-modeles?q=Categories-ACCESSOIRES-JUPE-VESTE--MANTEAU-ROBE&order=product.position.asc&productListView=list HTTP/1.1" 500 2466 "https://www.monsite.com/en/24-modeles?q=Categories-ACCESSOIRES-VESTE--MANTEAU-JUPE&order=product.position.asc&productListView=list" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36"
www.monsite.com 58.20.131.239 - - [30/Apr/2021:17:21:44 +0000] (123 s) "GET /en/24-modeles?q=Categories-ROBE-VESTE--MANTEAU-ACCESSOIRES/Size-M-XL&order=product.price.asc&productListView=list HTTP/1.1" 500 2466 "https://www.monsite.com/en/24-modeles?q=Categories-ROBE-VESTE--MANTEAU/Size-XL-M&order=product.price.asc&productListView=list" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36"
www.monsite.com 113.58.245.46 - - [30/Apr/2021:17:21:44 +0000] (123 s) "GET /en/24-modeles?q=Categories-ROBE-VESTE--MANTEAU-ACCESSOIRES/Size-M&order=product.position.asc&productListView=list HTTP/1.1" 500 2466 "https://www.monsite.com/en/24-modeles?q=Categories-ROBE-VESTE--MANTEAU/Size-M&order=product.position.asc&productListView=list" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36"
www.monsite.com 113.58.240.61 - - [30/Apr/2021:17:21:45 +0000] (123 s) "GET /en/24-modeles?q=Categories-VESTE--MANTEAU-ACCESSOIRES/Size-S-XL-XXL&order=product.price.desc&productListView=list HTTP/1.1" 500 2466 "https://www.monsite.com/en/24-modeles?q=Categories-VESTE--MANTEAU/Size-XL-XXL-S&order=product.price.desc&productListView=list" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36"
www.monsite.com 39.71.44.227 - - [30/Apr/2021:17:21:45 +0000] (122 s) "GET /en/19-top-tunique?q=Brand-Atelier+des+modes/Size-XS&order=product.price.desc&productListView=grid&resultsPerPage=36 HTTP/1.1" 500 2466 "https://www.monsite.com/en/19-top-tunique?q=Brand-Atelier+des+modes/Size-XS&order=product.price.desc&productListView=grid" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36"
www.monsite.com 39.88.194.136 - - [30/Apr/2021:17:21:45 +0000] (122 s) "GET /en/19-top-tunique?q=Size-M-S/Brand-Atelier+des+modes&order=product.price.asc&productListView=grid&resultsPerPage=36 HTTP/1.1" 500 2466 "https://www.monsite.com/en/19-top-tunique?q=Size-M-S/Brand-Atelier+des+modes&order=product.price.asc&productListView=grid" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36"
www.monsite.com 60.1.182.27 - - [30/Apr/2021:17:21:45 +0000] (122 s) "GET /en/24-modeles?q=Categories-ACCESSOIRES-VESTE--MANTEAU/Size-M-XL-L&order=product.price.asc&productListView=list HTTP/1.1" 500 2466 "https://www.monsite.com/en/24-modeles?q=Categories-ACCESSOIRES-VESTE--MANTEAU/Size-XL-M&order=product.price.asc&productListView=list" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36"
www.monsite.com 110.250.3.214 - - [30/Apr/2021:17:21:45 +0000] (122 s) "GET /en/19-top-tunique?q=Brand-Atelier+des+modes/Size-L&order=product.name.desc&productListView=grid&productListView=grid HTTP/1.1" 500 2466 "https://www.monsite.com/en/19-top-tunique?q=Brand-Atelier+des+modes/Size-L&order=product.name.desc&productListView=grid" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36"
www.monsite.com 119.186.207.67 - - [30/Apr/2021:17:21:45 +0000] (122 s) "GET /en/19-top-tunique?q=Brand-Atelier+des+modes/Size-XS&order=product.name.asc&productListView=grid&productListView=grid HTTP/1.1" 500 2466 "https://www.monsite.com/en/19-top-tunique?q=Brand-Atelier+des+modes/Size-XS&order=product.name.asc&productListView=grid" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36"
www.monsite.com 220.202.243.70 - - [30/Apr/2021:17:21:45 +0000] (122 s) "GET /en/24-modeles?q=Categories-ACCESSOIRES/Size-XL-XS&order=product.position.asc&productListView=list&resultsPerPage=24 HTTP/1.1" 500 2466 "https://www.monsite.com/en/24-modeles?q=Categories-ACCESSOIRES/Size-XL-XS&order=product.position.asc&productListView=list" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36"
www.monsite.com 119.166.10.104 - - [30/Apr/2021:17:21:45 +0000] (122 s) "GET /en/24-modeles?q=Categories-TOP--TUNIQUE/Size-S-XL&order=product.position.asc&productListView=list&resultsPerPage=36 HTTP/1.1" 500 2466 "https://www.monsite.com/en/24-modeles?q=Categories-TOP--TUNIQUE/Size-S-XL&order=product.position.asc&productListView=list" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36"
www.monsite.com 220.160.18.41 - - [30/Apr/2021:17:21:45 +0000] (122 s) "GET /en/24-modeles?q=Categories-TOP--TUNIQUE-VESTE--MANTEAU/Size-XXXL&order=product.name.asc&productListView=list HTTP/1.1" 500 2466 "https://www.monsite.com/en/24-modeles?q=Categories-TOP--TUNIQUE-VESTE--MANTEAU/Size-XXXL&order=product.position.asc&productListView=list" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36"
www.monsite.com 39.82.203.91 - - [30/Apr/2021:17:21:45 +0000] (122 s) "GET /en/19-top-tunique?q=Brand-Atelier+des+modes/Size-S&order=product.name.desc&productListView=grid&productListView=grid HTTP/1.1" 500 2466 "https://www.monsite.com/en/19-top-tunique?q=Brand-Atelier+des+modes/Size-S&order=product.name.desc&productListView=grid" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36"
www.monsite.com 183.27.48.41 - - [30/Apr/2021:17:21:46 +0000] (122 s) "GET /en/24-modeles?q=Categories-VESTE--MANTEAU-TOP--TUNIQUE/Size-L-XL&order=product.name.asc&productListView=grid HTTP/1.1" 500 2466 "https://www.monsite.com/en/24-modeles?q=Categories-VESTE--MANTEAU-TOP--TUNIQUE/Size-L-XL&order=product.position.asc&productListView=grid" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36"

Je ne sais pas si c'est un bot de referencement, ou une attaque intentionnel, mais du coup le site est down.

J'ai eu pour idée de bloquer l'url "/en/" le temps de trouver une meilleur solution, mais je n'est pas réussi.

Voici mon fichier htaccess, avec tout à la fin les modifications que j'ai apporté.

Code :

# ~~start~~ Do not remove this comment, Prestashop will keep automatically the code outside this comment when .htaccess will be generated again
# .htaccess automaticaly generated by PrestaShop e-commerce open-source solution
# http://www.prestashop.com - http://www.prestashop.com/forums
<IfModule mod_rewrite.c>
<IfModule mod_env.c>
SetEnv HTTP_MOD_REWRITE On
</IfModule>
RewriteEngine on
#Domain: www.monsite.com
RewriteRule . - [E=REWRITEBASE:/]
RewriteRule ^api(?:/(.*))?$ %{ENV:REWRITEBASE}webservice/dispatcher.php?url=$1 [QSA,L]
# Images
RewriteCond %{HTTP_HOST} ^www.monsite.com$
RewriteRule ^([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$1$2$3.jpg [L]
RewriteCond %{HTTP_HOST} ^www.monsite.com$
RewriteRule ^([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$1$2$3$4.jpg [L]
RewriteCond %{HTTP_HOST} ^www.monsite.com$
RewriteRule ^([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$1$2$3$4$5.jpg [L]
RewriteCond %{HTTP_HOST} ^www.monsite.com$
RewriteRule ^([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg [L]
RewriteCond %{HTTP_HOST} ^www.monsite.com$
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg [L]
RewriteCond %{HTTP_HOST} ^www.monsite.com$
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg [L]
RewriteCond %{HTTP_HOST} ^www.monsite.com$
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg [L]
RewriteCond %{HTTP_HOST} ^www.monsite.com$
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg [L]
RewriteCond %{HTTP_HOST} ^www.monsite.com$
RewriteRule ^c/([0-9]+)(\-[\.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/c/$1$2$3.jpg [L]
RewriteCond %{HTTP_HOST} ^www.monsite.com$
RewriteRule ^c/([a-zA-Z_-]+)(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/c/$1$2.jpg [L]
# AlphaImageLoader for IE and fancybox
RewriteRule ^images_ie/?([^/]+)\.(jpe?g|png|gif)$ js/jquery/plugins/fancybox/images/$1.$2 [L]
# Dispatcher
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ %{ENV:REWRITEBASE}index.php [NC,L]
</IfModule>
AddType application/vnd.ms-fontobject .eot
AddType font/ttf .ttf
AddType font/otf .otf
AddType application/font-woff .woff
AddType font/woff2 .woff2
<IfModule mod_headers.c>
<FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|svg)$">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
</IfModule>
#If rewrite mod isn't enabled
ErrorDocument 404 /index.php?controller=404
RewriteCond %{REQUEST_URI} ^/en$ [NC]
RewriteRule ^.*$ - [F,L]
# ~~end~~ Do not remove this comment, Prestashop will keep automatically the code outside this comment when .htaccess will be generated again

Merci pour votre aide.

Message édité par kontas le 30-04-2021 à 19:57:09

Reply

Marsh Posté le 30-04-2021 à 19:54:24

Reply

Marsh Posté le 02-05-2021 à 17:31:00

Salut,

tu dois mettre ta règle (bien) plus haut, là, étant située après ton dispatcher, elle n'en intervient probablement jamais.

Ah et elle est fausse aussi : tu dois supprimer le $, sinon seules les URL dont le chemin est /en matcheront.

Tu es en dédié ? Tu devrais envisager de bloquer les plages d'adresses IP dont elles émanent au niveau du pare-feu.

Message édité par pluj le 02-05-2021 à 17:51:32

Reply

Marsh Posté le 02-05-2021 à 17:42:53

Salut et merci pour ta réponse.

Finalement j'ai mis cela avant la partie dispatcher :

RewriteCond %{THE_REQUEST} ^.*(\/en\/24-modeles).* [NC]
RewriteRule ^(.*)$ - [F,L]

RewriteCond %{THE_REQUEST} ^.*(\/en\/).* [NC]
RewriteRule ^(.*)$ - [F,L]

Cela fonctionne, mais je suis quand même assez inquiet pour la suite, si jamais l'attaque venais à ce faire à la racine du site je serais marron.

Pour ce qui est du blocage des IP je veux bien, mais il n'y as quasiment aucune redondance, ce qui serait complètement inutile du coup ?!

Reply

Marsh Posté le 02-05-2021 à 21:46:06

Ce ne sont pas strictement les mêmes adresses IP qui reviennent sur ton extrait de log mais il y en a au moins plusieurs qui proviennent de plages réseau identiques :
* 113.58.245.46 + 113.58.240.61 = selon un whois 113.58.0.0/16 est alloué à un prestataire chinois
* 39.89.156.16 + 39.71.45.101 + 39.88.93.14 + 39.77.153.30 + 39.71.44.227 + ... = 39.64.0.0/11 pareil ça vient de Chine
* 110.240.0.0/12 de Chine pour changer
* etc

Tu les bloques niveau pare-feu et si elles proviennent toutes de Chine, tu peux voir pour utiliser geoip/maxmindb pour envoyer balader les requêtes des clients qui viendraient de là-bas (mais demain ce sera peut être des pays l'Est ou ils utiliseront je ne sais quel(s) proxy(s))

Sous réserve que ce soit en adéquation avec ton commerce (si tu as des clients légitimes en Chine, forcément, il va falloir trouver autre chose)

Il faudrait peut être aussi voir s'il n'y aurait pas moyen de faire tenir un peu mieux la charge à ton serveur.

Message édité par pluj le 02-05-2021 à 21:50:51

Reply

Marsh Posté le 03-05-2021 à 18:37:53

Salut, merci beaucoup pour ces informations.

Non, les visiteurs chinois ne font pas parti de la clientèle, qui ce limite aux pays francophones limitrophes.

Grace au support, j'ai pu récupérer la liste des ip attaquantes :

cat /srv/data/var/log/apache/access.log |awk '{print $2}' | sort -n |uniq -c| sort -nr

Code :

7 34.74.252.229
5 2a01:cb1c:6bd:bd00:f428:1c87:6ee0:d1ae
5 124.163.141.216
4 61.240.226.52
4 39.184.78.208
4 39.184.75.7
4 39.184.75.140
4 39.184.74.225
4 39.181.142.70
4 39.181.142.252
4 39.181.141.29
4 39.181.140.49
4 222.76.6.81
4 183.188.211.141
4 175.162.112.15
4 123.153.60.174
4 123.153.60.158
4 119.186.205.49
4 118.79.252.109
4 117.29.120.200
4 117.29.120.155
4 113.234.166.95
4 113.234.166.84
4 113.234.166.143
4 112.48.9.63
4 112.48.9.24
4 112.48.10.43
4 112.48.10.15
4 110.90.12.67
4 110.250.93.226
4 110.250.92.101
3 61.52.75.155
3 61.52.73.80
3 59.61.164.102
3 59.56.2.118
3 58.214.191.25
3 58.214.184.69
3 58.20.131.99
3 58.20.131.70
3 58.20.131.36
3 39.78.120.79
3 39.71.158.209
3 39.181.140.41
3 39.181.136.177
3 220.202.251.217
3 183.27.50.9
3 183.251.16.134
3 183.188.91.151
3 183.188.91.13
3 183.188.242.153
3 182.119.36.91
3 182.119.36.221
3 180.114.11.162
3 180.114.11.160
3 175.174.56.46
3 175.171.183.8
3 175.171.179.79
3 171.116.79.115
3 150.255.1.59
3 124.90.104.145
3 124.72.0.51
3 124.72.0.46
3 124.163.141.35
3 123.153.62.100
3 123.153.60.131
3 123.129.155.89
3 123.129.155.55
3 123.129.153.75
3 123.129.153.147
3 123.129.152.30
3 121.238.68.131
3 119.186.206.58
3 119.186.204.111
3 119.179.217.246
3 119.179.217.240
3 119.179.217.146
3 119.179.216.28
3 119.179.216.210
3 119.179.216.112
3 119.163.28.22
3 119.116.191.66
3 119.116.187.239
3 119.116.187.125
3 119.116.186.67
3 119.116.186.24
3 119.116.184.71
3 119.116.182.167
3 119.116.181.3
3 119.116.179.216
3 118.79.252.254
3 118.79.187.213
3 118.79.186.119
3 118.79.140.40
3 117.84.174.25
3 117.29.120.117
3 116.2.69.240
3 115.202.79.174
3 115.202.77.111
3 115.202.73.190
3 113.58.236.124
3 113.58.228.1
3 113.234.175.154
3 113.234.160.212
3 112.48.9.169
3 112.248.143.234
3 110.90.12.73
3 110.250.94.75
3 110.250.89.28
3 110.250.88.100
3 110.250.82.24
3 101.67.155.73
3 101.67.155.12
3 101.67.154.10
3 101.67.152.179
3 101.66.51.69
3 101.66.51.145
3 101.66.49.42
3 101.66.49.253
3 101.66.49.2
3 101.17.21.23
3 101.17.16.101
2 66.249.70.86
2 61.52.79.85
2 61.52.78.246
2 61.52.76.71
2 61.52.76.54
2 61.52.74.57
2 61.52.74.31
2 61.52.74.224
2 60.24.14.132
2 60.1.188.179
2 58.214.191.175
2 58.20.132.8
2 58.20.132.54
2 58.20.132.170
2 58.20.132.163
2 58.20.132.134
2 58.20.132.127
2 58.20.131.54
2 49.81.173.175
2 39.91.12.27
2 39.91.102.205
2 39.89.161.19
2 39.82.235.90
2 39.82.225.88
2 39.77.153.125
2 39.71.87.204
2 39.184.77.138
2 39.184.72.113
2 39.181.142.34
2 39.181.141.232
2 39.181.141.14
2 39.181.141.115
2 27.219.145.26
2 27.210.131.161
2 221.229.142.8
2 221.197.66.78
2 220.202.251.252
2 220.202.251.200
2 220.202.243.87
2 220.202.243.69
2 220.202.243.245
2 220.202.243.190
2 220.202.243.147
2 220.202.243.146
2 220.175.61.26
2 218.68.108.74
2 218.68.105.123
2 218.68.102.26
2 183.27.48.90
2 183.27.48.233
2 183.251.24.146
2 183.251.24.132
2 183.251.16.255
2 183.251.16.205
2 183.188.93.46
2 183.188.91.94
2 183.188.91.31
2 183.188.245.25
2 183.188.245.147
2 183.188.244.71
2 183.188.244.6
2 183.188.242.193
2 183.188.213.128
2 182.34.20.193
2 182.101.58.159
2 182.101.54.153
2 180.114.11.5
2 180.114.11.125
2 180.114.11.103
2 180.112.18.53
2 175.171.178.5
2 175.171.178.31
2 150.255.5.4
2 150.255.5.202
2 150.255.0.104
2 144.255.48.203
2 140.224.112.20
2 140.224.112.121
2 124.90.107.46
2 124.90.105.133
2 124.90.104.68
2 124.90.104.154
2 124.90.104.124
2 124.72.0.117
2 124.163.141.211
2 123.169.38.97
2 123.153.63.4
2 123.153.62.105
2 123.153.61.68
2 123.153.61.46
2 123.153.60.54
2 123.153.60.208
2 123.129.155.229
2 123.129.155.169
2 123.129.154.192
2 123.129.154.12
2 123.129.153.159
2 123.129.152.200
2 123.129.152.136
2 121.204.0.49
2 120.32.38.98
2 119.186.205.206
2 119.186.204.43
2 119.179.217.71
2 119.179.217.254
2 119.179.217.237
2 119.179.216.72
2 119.166.12.250
2 119.116.188.230
2 119.116.188.164
2 119.116.186.146
2 119.116.184.204
2 119.116.182.9
2 119.116.178.67
2 119.116.178.58
2 119.116.178.246
2 119.116.178.12
2 119.116.177.88
2 119.116.176.64
2 119.116.176.169
2 118.79.186.99
2 118.79.186.85
2 118.79.141.224
2 118.79.141.190
2 118.79.140.144
2 117.85.13.100
2 117.29.120.160
2 117.25.6.29
2 116.2.95.138
2 116.2.92.24
2 116.2.92.164
2 116.2.92.123
2 116.2.91.29
2 116.2.88.50
2 116.2.88.153
2 116.2.87.81
2 116.2.86.8
2 116.2.86.57
2 116.2.81.61
2 116.2.75.69
2 116.2.73.87
2 116.2.72.114
2 115.202.94.158
2 115.202.91.143
2 115.202.90.40
2 115.202.88.214
2 115.202.88.130
2 115.202.86.109
2 115.202.85.230
2 115.202.69.78
2 115.202.66.245
2 115.202.65.51
2 114.234.152.189
2 114.225.187.242
2 113.58.247.189
2 113.58.247.16
2 113.58.246.33
2 113.58.244.81
2 113.58.239.229
2 113.58.230.212
2 113.58.229.180
2 113.58.226.210
2 113.58.226.153
2 113.58.225.157
2 113.234.174.243
2 113.124.93.235
2 113.124.86.7
2 113.124.85.6
2 113.121.47.166
2 113.121.46.176
2 113.121.45.138
2 113.121.45.13
2 113.121.41.64
2 113.121.39.185
2 113.121.38.38
2 113.121.38.11
2 112.48.9.89
2 112.48.9.81
2 112.48.9.80
2 112.48.9.52
2 112.48.9.40
2 112.48.10.99
2 112.48.10.60
2 112.48.10.2
2 112.48.10.118
2 112.239.121.166
2 112.231.145.153
2 110.90.12.199
2 110.250.95.45
2 110.250.95.43
2 110.250.94.164
2 110.250.93.165
2 110.250.93.110
2 110.250.92.116
2 110.250.89.140
2 110.250.86.104
2 103.131.71.165
2 101.67.154.60
2 101.67.153.245
2 101.66.91.128
2 101.66.51.251
2 101.66.50.221
2 101.66.49.27
2 101.66.49.255
2 101.66.49.227
2 101.66.48.190
2 101.66.48.151
2 101.24.188.219
2 101.24.185.62
2 101.24.180.135
2 101.17.22.231
2 101.17.16.13
1 61.52.79.59
1 61.52.78.69
1 61.52.78.247
1 61.52.78.194
1 61.52.77.24
1 61.52.77.218
1 61.52.75.136
1 61.240.226.51
1 60.24.14.72
1 60.24.14.5
1 60.24.14.126
1 60.1.195.58
1 60.1.194.203
1 60.1.194.137
1 60.1.192.193
1 60.1.191.174
1 60.1.181.56
1 58.215.146.67
1 58.214.186.219
1 58.20.132.89
1 58.20.132.87
1 58.20.132.238
1 58.20.132.117
1 58.20.131.246
1 58.20.131.168
1 58.20.131.154
1 58.20.131.116
1 58.20.131.112
1 49.81.172.226
1 49.81.134.69
1 49.68.4.100
1 40.77.167.68
1 39.89.163.47
1 39.89.160.4
1 39.89.160.110
1 39.88.95.183
1 39.88.194.19
1 39.88.193.149
1 39.88.192.244
1 39.88.192.202
1 39.82.235.97
1 39.82.235.100
1 39.82.234.240
1 39.78.255.228
1 39.77.153.211
1 39.77.153.14
1 39.71.158.20
1 39.184.75.250
1 39.184.72.167
1 39.181.142.73
1 27.219.56.191
1 27.219.56.175
1 27.219.147.45
1 27.219.146.240
1 27.219.146.235
1 27.219.145.177
1 27.219.145.163
1 27.219.145.110
1 27.210.129.246
1 27.210.128.84
1 27.210.128.142
1 222.191.175.244
1 222.191.173.137
1 222.191.173.100
1 222.137.46.18
1 222.137.31.101
1 221.198.235.70
1 221.198.235.191
1 221.198.235.164
1 221.198.235.143
1 221.197.66.38
1 221.197.66.219
1 221.197.66.196
1 221.197.66.181
1 221.197.66.172
1 221.197.56.64
1 221.197.56.247
1 221.197.56.231
1 221.197.56.228
1 221.197.56.216
1 221.197.56.210
1 221.197.56.136
1 220.202.251.8
1 220.202.251.248
1 220.202.251.205
1 220.202.251.184
1 220.202.251.121
1 220.202.251.105
1 220.202.251.104
1 220.202.243.9
1 220.202.243.57
1 220.202.243.241
1 220.202.243.182
1 220.202.243.133
1 220.202.243.120
1 220.175.71.50
1 220.175.71.115
1 220.175.61.182
1 220.175.61.124
1 220.175.36.178
1 218.68.108.67
1 218.68.108.255
1 218.68.108.161
1 218.68.108.110
1 218.68.108.102
1 218.68.107.27
1 218.68.107.214
1 218.68.107.153
1 218.68.107.150
1 218.68.107.116
1 218.68.102.38
1 218.68.102.203
1 218.68.102.124
1 183.27.51.81
1 183.27.51.111
1 183.27.50.117
1 183.27.49.69
1 183.27.49.249
1 183.27.49.242
1 183.27.49.206
1 183.27.49.20
1 183.27.49.188
1 183.27.49.175
1 183.27.49.172
1 183.27.49.152
1 183.27.49.151
1 183.27.49.142
1 183.27.49.137
1 183.27.49.134
1 183.27.49.12
1 183.27.48.50
1 183.27.48.192
1 183.27.48.172
1 183.27.48.170
1 183.27.48.143
1 183.27.48.136
1 183.27.48.116
1 183.27.48.10
1 183.251.24.184
1 183.251.24.166
1 183.251.16.160
1 183.251.16.142
1 183.191.222.138
1 183.188.93.42
1 183.188.245.171
1 183.188.244.241
1 183.188.242.171
1 183.188.211.65
1 183.185.91.98
1 183.185.85.3
1 183.185.85.17
1 183.185.197.221
1 183.185.196.143
1 182.34.36.30
1 182.34.35.167
1 182.34.33.190
1 182.34.22.35
1 182.34.21.86
1 182.34.19.57
1 182.34.18.254
1 182.34.16.184
1 182.101.54.191
1 182.101.51.199
1 182.101.49.187
1 180.124.82.121
1 180.124.127.197
1 180.114.11.9
1 180.114.11.64
1 180.114.11.170
1 180.114.10.97
1 180.114.10.141
1 180.114.10.132
1 180.114.10.109
1 180.112.18.187
1 180.112.18.150
1 180.112.18.106
1 180.112.17.91
1 180.112.16.99
1 175.171.191.118
1 175.171.188.235
1 175.171.183.216
1 175.171.183.10
1 175.171.182.187
1 175.171.179.99
1 175.171.179.9
1 175.171.178.120
1 171.116.77.229
1 171.116.207.51
1 171.116.207.214
1 171.116.207.146
1 171.116.207.125
1 171.116.204.199
1 171.116.204.192
1 171.116.204.16
1 150.255.7.195
1 150.255.7.141
1 150.255.3.195
1 150.255.3.175
1 150.255.2.69
1 150.255.1.109
1 150.255.0.15
1 150.255.0.141
1 144.255.49.117
1 144.123.31.169
1 125.123.126.31
1 125.123.125.130
1 125.123.124.142
1 125.123.122.231
1 125.104.238.13
1 125.104.231.133
1 124.95.157.173
1 124.90.104.9
1 124.90.104.184
1 124.163.143.161
1 124.163.142.175
1 124.163.141.90
1 124.163.141.201
1 124.163.140.201
1 123.232.36.177
1 123.169.39.242
1 123.169.38.174
1 123.153.61.36
1 123.14.255.93
1 123.14.255.23
1 123.14.254.29
1 123.14.252.91
1 123.14.252.37
1 123.14.252.228
1 123.14.252.217
1 123.14.252.126
1 123.14.248.94
1 123.129.154.238
1 123.129.154.189
1 123.129.153.71
1 123.129.153.15
1 123.129.153.112
1 123.129.152.99
1 123.129.152.40
1 123.129.152.218
1 121.238.69.186
1 121.238.68.235
1 120.32.38.108
1 119.186.207.81
1 119.186.205.95
1 119.186.205.148
1 119.186.204.240
1 119.179.217.55
1 119.179.217.175
1 119.179.216.100
1 119.166.11.95
1 119.116.191.155
1 119.116.191.133
1 119.116.190.16
1 119.116.188.104
1 119.116.185.35
1 119.116.184.254
1 119.116.184.129
1 119.116.182.254
1 119.116.180.229
1 119.116.178.186
1 119.116.178.143
1 119.116.177.18
1 119.116.177.137
1 119.116.176.25
1 119.116.176.171
1 118.79.187.82
1 118.79.143.148
1 118.79.143.141
1 118.79.142.68
1 118.79.140.182
1 117.85.15.242
1 117.85.13.133
1 117.85.13.122
1 117.84.174.137
1 116.2.95.231
1 116.2.94.245
1 116.2.94.187
1 116.2.94.130
1 116.2.92.232
1 116.2.91.97
1 116.2.90.211
1 116.2.90.174
1 116.2.88.6
1 116.2.88.205
1 116.2.87.187
1 116.2.87.177
1 116.2.85.53
1 116.2.83.97
1 116.2.83.209
1 116.2.83.188
1 116.2.82.27
1 116.2.80.67
1 116.2.78.248
1 116.2.77.158
1 116.2.76.21
1 116.2.74.45
1 116.2.74.186
1 116.2.74.109
1 116.2.73.182
1 116.2.70.226
1 116.2.69.166
1 116.2.68.211
1 116.2.67.188
1 116.2.64.93
1 115.202.95.63
1 115.202.93.46
1 115.202.90.75
1 115.202.87.226
1 115.202.86.171
1 115.202.84.93
1 115.202.84.234
1 115.202.82.244
1 115.202.81.168
1 115.202.81.114
1 115.202.79.73
1 115.202.78.190
1 115.202.72.84
1 115.202.72.194
1 115.202.72.159
1 115.202.69.119
1 115.202.66.151
1 115.202.65.160
1 114.234.159.178
1 114.234.158.143
1 114.234.156.41
1 114.234.155.156
1 114.234.155.149
1 114.234.154.173
1 114.234.153.226
1 114.234.153.206
1 114.234.152.41
1 114.225.186.136
1 114.225.184.108
1 114.119.151.117
1 114.119.141.78
1 113.58.246.151
1 113.58.245.75
1 113.58.244.148
1 113.58.240.88
1 113.58.239.63
1 113.58.239.115
1 113.58.235.189
1 113.58.234.195
1 113.58.232.191
1 113.58.230.100
1 113.58.229.24
1 113.58.226.37
1 113.58.224.55
1 113.58.224.104
1 113.234.172.226
1 113.234.165.71
1 113.234.164.88
1 113.234.162.211
1 113.234.160.96
1 113.234.160.46
1 113.124.93.140
1 113.124.85.82
1 113.124.85.5
1 113.124.84.6
1 113.121.47.185
1 113.121.44.197
1 113.121.44.180
1 113.121.42.62
1 113.121.41.16
1 113.121.39.142
1 113.121.23.206
1 113.121.22.18
1 113.121.22.149
1 113.121.21.34
1 112.48.9.68
1 112.48.9.60
1 112.48.9.58
1 112.48.9.234
1 112.48.9.203
1 112.48.9.153
1 112.48.9.144
1 112.48.10.75
1 112.48.10.58
1 112.48.10.31
1 112.48.10.111
1 112.48.10.103
1 112.255.28.244
1 112.248.63.41
1 112.248.245.23
1 112.231.87.77
1 112.231.87.53
1 112.231.112.250
1 110.90.12.181
1 110.250.94.79
1 110.250.94.77
1 110.250.94.233
1 110.250.93.85
1 110.250.93.175
1 110.250.93.10
1 110.250.91.208
1 110.250.88.35
1 110.250.88.225
1 110.250.87.68
1 110.250.86.171
1 110.250.84.102
1 110.250.82.89
1 110.250.82.112
1 110.250.80.232
1 101.71.8.129
1 101.67.153.198
1 101.67.152.195
1 101.67.152.180
1 101.66.51.99
1 101.66.51.60
1 101.66.51.159
1 101.24.191.216
1 101.24.190.82
1 101.24.189.229
1 101.24.189.141
1 101.24.188.188
1 101.24.186.165
1 101.24.183.35
1 101.17.26.243
1 101.17.21.66
1 101.17.21.244
1 101.17.17.71

Comment faire, la liste est assez conséquente :pt1cable:

Reply

Marsh Posté le 03-05-2021 à 19:25:56

Salut,

1. bloque les plages qui reviennent (cf ma précédente réponse)
2. bloque les clients en les "géolocalisant" via leur adresse IP (cf ma précédente réponse bis)
3. mets en place une règle fail2ban (mais ça ne me paraît pas adapté vu le peu de requêtes effectuées à partir d'une même adresse - il faut voir sur quel délai d'ailleurs ce sont faites ces requêtes)
4. si tu veux spécifiquement bloquer ces adresses IP (mais tu en auras sans doute d'autres des mêmes réseaux) pipe tes adresses IP sur une commande iptables pour les bloquer au lieu de les trier/compter

AMHA, 3 et 4 ne sont pas viables.

Message édité par pluj le 03-05-2021 à 19:27:15

Reply

Marsh Posté le 08-05-2021 à 20:21:18

Hello, si jamais ces IPs font partie du réseau Tor, si tu places ton site derrière CloudFlare par exemple, elles seront filtrées ..

Tu peux également rajouter un "pot de miel/honeypot" sur ces pages ( sur le motif en un lien invisible qu'ils vont scroller derrière, pour bannir chacune de ces IPS, du genre avec un memcache, mais attention à ne pas bannir google et cie pour ton ref )

Autrement, il faudrait peut être optimiser ce site, customiser ta 503 ..

Message édité par grosbin le 08-05-2021 à 20:21:28

---------------
Photos Panoramiques Montagnes Haute Savoie

Reply

Marsh Posté le 16-05-2021 à 06:40:05

Bjr,

ça ressembles à des 'crawler de prix' ..

ça fait longtemps que tu a ces requetes là ?

est ce que ça continues aujourd'hui ?

---------------
Nom : Prénom : Age : Adresse : Ville : Code Postal : Num Trois Tel

Reply

Marsh Posté le 17-05-2021 à 14:32:50

Au pire, sur toutes les pages ( ou sur un prepend ) mets une vérif qui place un cookie (ou localstorage) du type :

Code :

$secret=md5(date('Ymd').'-secretKey');
if(!isset($_COOKIE['verifBot'] || $_COOKIE['verifBot']==$secret){
setCookie('verifBot',$secret);
header('Location: '. $_SERVER['REQUEST_URI'],1,302);
die;
}

Puis redirige sur la même page ( si non défini ) .. Au pire les bots vont se prendre des boucles de redirections qui auront pour effet de les dissuader de continuer sur ton site, sans pour autant le surcharger
=> vérifiant son existence juste derrière, cela permet de filtrer les bots non basés sur des navigateurs ..

Nb : cela delete les données en post bien entendu, si les cookies sont désactivés, tu tombes dans une boucle de redirection

Au pire des cas CloudFlare + un simple captcha te permettrait de t'en débarasser une fois pour toutes .. :jap:

Message édité par grosbin le 17-05-2021 à 14:37:59

---------------
Photos Panoramiques Montagnes Haute Savoie

Reply

[HTACCESS] site spammer rendu innaccessible

Sujets relatifs:

Leave a Replay