Déni de service et spam de commentaires sur WordPress

Depuis samedi dernier, ce site est victime de spams de commentaires. Je ne sais d’ailleurs pas dire, hélas, s’il s’agit là d’une conséquence ou d’une cause de nombreuses tentatives en dénis de service. Il y a beaucoup d’outils pour y faire face. Pour isoler les noms de machines des différents assaillants, j’ai installé et utilisé iftop ! L’essentiel des « attaques » provienne de Chine et des pays de l’Est.

Plutôt que d’utiliser GeoIP au niveau d’Apache ou de Iptables pour isoler ces pays « belliqueux », je me suis appuyé sur les adresses Ip des spams de commentaires pour les bloquer au niveau de Iptables et de Apache. Je ne tiens pas à bloquer les spiders de Yandex et de Baidu ! Je me suis appuyé sur le site DB-IP pour savoir d’où provenaient ces requêtes. Même si je suis quelque peu sceptique quant à son utilisation, l’autre alternative est d’utiliser Fail2Ban. Je ne m’y suis pas encore risqué pour l’instant ! Je n’ai pas suffisamment de temps de cerveau disponible pour m’y consacrer totalement.

DB-IP

Collecter les adresses Ip des spams de commentaire

Équipés d’Askimet, les sites WordPress que j’édite sont réglés de façon à classer parmi les indésirables tout commentaire possédant plus d’un lien. La requête ci-dessous vous permettra de collecter les adresses Ip de ces spams de commentaires :

SELECT comment_author_IP
FROM wp_comments
WHERE comment_approved != 1

Iptables (pour le dédié)

Depuis samedi, j’ai ajouté les règles suivantes à mon fichier de configuration qui, sous CentOS, se situe dans /etc/sysconfig/iptables. Cette opération n’est possible que sur de l’hébergement dédié !

-A INPUT -s 107.22.88.11 -j DROP
-A INPUT -s 130.180.77.74 -j DROP
-A INPUT -s 136.243.1.83 -j DROP
-A INPUT -s 144.76.218.236 -j DROP
-A INPUT -s 144.76.78.195 -j DROP
-A INPUT -s 151.80.31.0/24 -j DROP
-A INPUT -s 151.80.41.169 -j DROP
-A INPUT -s 167.114.172.229 -j DROP
-A INPUT -s 176.9.10.227 -j DROP
-A INPUT -s 178.154.243.97 -j DROP
-A INPUT -s 178.202.133.84 -j DROP
-A INPUT -s 178.24.180.141 -j DROP
-A INPUT -s 178.255.215.89 -j DROP
-A INPUT -s 178.33.231.130 -j DROP
-A INPUT -s 178.33.241.10 -j DROP
-A INPUT -s 184.73.184.104 -j DROP
-A INPUT -s 185.20.4.0/24 -j DROP
-A INPUT -s 188.40.45.150 -j DROP
-A INPUT -s 192.99.150.120 -j DROP
-A INPUT -s 192.99.8.112 -j DROP
-A INPUT -s 195.154.209.237 -j DROP
-A INPUT -s 195.154.217.154 -j DROP
-A INPUT -s 195.154.233.224 -j DROP
-A INPUT -s 199.87.252.25 -j DROP
-A INPUT -s 207.241.237.221 -j DROP
-A INPUT -s 212.175.22.199 -j DROP
-A INPUT -s 24.230.181.31 -j DROP
-A INPUT -s 31.31.73.93 -j DROP
-A INPUT -s 37.187.137.225 -j DROP
-A INPUT -s 37.187.57.221 -j DROP
-A INPUT -s 37.59.35.153 -j DROP
-A INPUT -s 37.59.42.102 -j DROP
-A INPUT -s 46.236.24.0/24 -j DROP
-A INPUT -s 46.252.131.34 -j DROP
-A INPUT -s 46.4.116.197 -j DROP
-A INPUT -s 49.212.131.68 -j DROP
-A INPUT -s 49.212.152.29 -j DROP
-A INPUT -s 50.16.221.78 -j DROP
-A INPUT -s 50.19.1.102 -j DROP
-A INPUT -s 51.254.97.218 -j DROP
-A INPUT -s 5.196.72.238 -j DROP
-A INPUT -s 52.21.253.76 -j DROP
-A INPUT -s 52.5.121.103 -j DROP
-A INPUT -s 52.6.2.64 -j DROP
-A INPUT -s 52.8.0.31 -j DROP
-A INPUT -s 54.145.60.138 -j DROP
-A INPUT -s 54.146.39.130 -j DROP
-A INPUT -s 54.162.91.163 -j DROP
-A INPUT -s 54.167.69.185 -j DROP
-A INPUT -s 54.174.52.157 -j DROP
-A INPUT -s 54.174.56.124 -j DROP
-A INPUT -s 54.174.59.198 -j DROP
-A INPUT -s 54.174.59.245 -j DROP
-A INPUT -s 54.174.60.33 -j DROP
-A INPUT -s 54.242.190.30 -j DROP
-A INPUT -s 54.82.28.111 -j DROP
-A INPUT -s 54.92.154.223 -j DROP
-A INPUT -s 5.9.112.6 -j DROP
-A INPUT -s 5.9.83.211 -j DROP
-A INPUT -s 62.210.170.165 -j DROP
-A INPUT -s 62.210.204.18 -j DROP
-A INPUT -s 62.210.84.178 -j DROP
-A INPUT -s 66.249.64.0/24 -j DROP
-A INPUT -s 66.249.67.0/24 -j DROP
-A INPUT -s 66.249.78.0/24 -j DROP
-A INPUT -s 66.249.89.0/24 -j DROP
-A INPUT -s 66.249.91.0/24 -j DROP
-A INPUT -s 66.249.92.0/24 -j DROP
-A INPUT -s 68.180.228.227 -j DROP
-A INPUT -s 68.180.229.57 -j DROP
-A INPUT -s 77.248.252.113 -j DROP
-A INPUT -s 78.193.136.175 -j DROP
-A INPUT -s 79.143.178.116 -j DROP
-A INPUT -s 80.86.94.7 -j DROP
-A INPUT -s 81.235.252.20 -j DROP
-A INPUT -s 82.193.127.15 -j DROP
-A INPUT -s 82.230.82.4 -j DROP
-A INPUT -s 84.1.52.252 -j DROP
-A INPUT -s 85.25.198.9 -j DROP
-A INPUT -s 85.93.89.81 -j DROP
-A INPUT -s 86.132.215.49 -j DROP
-A INPUT -s 87.253.130.0/24 -j DROP
-A INPUT -s 88.192.244.13 -j DROP
-A INPUT -s 88.198.105.82 -j DROP
-A INPUT -s 88.198.26.200 -j DROP
-A INPUT -s 89.156.119.145 -j DROP
-A INPUT -s 89.163.148.58 -j DROP
-A INPUT -s 91.121.211.0/24 -j DROP
-A INPUT -s 91.12.81.235 -j DROP
-A INPUT -s 91.66.160.149 -j DROP
-A INPUT -s 92.221.148.40 -j DROP
-A INPUT -s 93.63.88.184 -j DROP
-A INPUT -s 94.23.11.106 -j DROP
-A INPUT -s 95.131.121.56 -j DROP
-A INPUT -s 95.91.45.195 -j DROP
#Bots
-A INPUT -s 157.55.39.0/24 -j DROP
-A INPUT -s 88.179.30.111 -j DROP
#wp-login.php+xmlrpc.php
-A INPUT -s 117.169.1.0/24 -j DROP
#admantx
-A INPUT -s 173.224.125.59 -j DROP
-A INPUT -s 188.138.24.210 -j DROP
-A INPUT -s 85.25.73.17 -j DROP
-A INPUT -s 188.138.94.29 -j DROP
-A INPUT -s 217.118.24.0/24 -j DROP
-A INPUT -s 50.30.32.7 -j DROP
-A INPUT -s 62.75.182.111 -j DROP
-A INPUT -s 62.75.254.51 -j DROP
-A INPUT -s 173.224.113.0/24 -j DROP
-A INPUT -s 217.118.23.0/24 -j DROP
-A INPUT -s 85.25.236.29 -j DROP
#adsbot
#-A INPUT -s 66.249.89.90 -j DROP
#-A INPUT -s 66.249.89.93 -j DROP
#-A INPUT -s 66.249.89.96 -j DROP
#-A INPUT -s 66.249.92.27 -j DROP
#-A INPUT -s 66.249.90.22 -j DROP
#-A INPUT -s 66.249.90.86 -j DROP
#-A INPUT -s 66.249.90.90 -j DROP
#-A INPUT -s 66.249.90.94 -j DROP
#ahrefs OK
#-A INPUT -s 188.165.15.0/24 -j DROP
#Aitellu
-A INPUT -s 54.216.58.77 -j DROP
#alertmix OK
-A INPUT -s 107.20.100.18 -j DROP
-A INPUT -s 107.20.132.225/32 -j DROP
-A INPUT -s 54.145.12.192 -j DROP
-A INPUT -s 54.92.199.91 -j DROP
#alyze.info
-A INPUT -s 213.251.182.110 -j DROP
#Analyticsseo OK
-A INPUT -s 178.62.67.175 -j DROP
-A INPUT -s 185.24.97.0/24 -j DROP
-A INPUT -s 188.65.114.181 -j DROP
-A INPUT -s 188.65.115.128 -j DROP
#best-seo-offer
-A INPUT -s 109.92.163.15 -j DROP
-A INPUT -s 200.100.246.193 -j DROP
-A INPUT -s 84.122.56.76 -j DROP
-A INPUT -s 88.10.186.116 -j DROP
#BLEXBot webmeup-crawler.com
-A INPUT -s 136.243.36.0/24 -j DROP
#Brandwatch
-A INPUT -s 94.228.34.0/24 -j DROP
#Changedetection
-A INPUT -s 63.249.66.0/24 -j DROP
#cliqzbot
-A INPUT -s 81.169.245.219 -j DROP
#cognitiveseo
-A INPUT -s 144.76.100.237 -j DROP
-A INPUT -s 144.76.106.214 -j DROP
-A INPUT -s 136.243.16.102 -j DROP
-A INPUT -s 148.251.235.184/32 -j DROP
-A INPUT -s 148.251.151.4/32 -j DROP
-A INPUT -s 148.251.234.184/32 -j DROP
-A INPUT -s 173.232.7.0/24 -j DROP
-A INPUT -s 178.63.75.73/32 -j DROP
-A INPUT -s 188.40.120.19 -j DROP
-A INPUT -s 188.40.97.23/32 -j DROP
-A INPUT -s 192.161.160.0/24 -j DROP
-A INPUT -s 206.214.82.0/24 -j DROP
-A INPUT -s 213.184.98.0/24 -j DROP
-A INPUT -s 50.31.105.0/24 -j DROP
-A INPUT -s 67.202.113.0/24 -j DROP
-A INPUT -s 89.47.23.0/24 -j DROP
#Commoncrawl/CCBot
-A INPUT -s 107.20.20.39 -j DROP
-A INPUT -s 174.129.127.214 -j DROP
-A INPUT -s 174.129.135.89 -j DROP
-A INPUT -s 174.129.151.95 -j DROP
-A INPUT -s 174.129.64.33 -j DROP
-A INPUT -s 174.129.72.165 -j DROP
-A INPUT -s 174.129.96.175 -j DROP
-A INPUT -s 184.73.126.70 -j DROP
-A INPUT -s 184.73.13.66 -j DROP
-A INPUT -s 184.73.8.127 -j DROP
-A INPUT -s 184.73.3.107 -j DROP
-A INPUT -s 184.73.81.214 -j DROP
-A INPUT -s 23.21.38.201 -j DROP
-A INPUT -s 23.22.36.191 -j DROP
-A INPUT -s 23.22.46.195 -j DROP
-A INPUT -s 23.23.46.20 -j DROP
-A INPUT -s 23.23.57.144 -j DROP
-A INPUT -s 50.16.112.199 -j DROP
-A INPUT -s 50.16.24.12 -j DROP
-A INPUT -s 50.16.31.61 -j DROP
-A INPUT -s 50.16.68.229 -j DROP
-A INPUT -s 50.16.84.67 -j DROP
-A INPUT -s 54.167.184.188 -j DROP
-A INPUT -s 54.144.206.0/24 -j DROP
-A INPUT -s 54.144.243.34 -j DROP
-A INPUT -s 54.144.246.252 -j DROP
-A INPUT -s 54.144.254.174 -j DROP
-A INPUT -s 54.144.251.8 -j DROP
-A INPUT -s 54.145.173.176 -j DROP
-A INPUT -s 54.145.173.36 -j DROP
-A INPUT -s 54.145.174.178 -j DROP
-A INPUT -s 54.145.176.120 -j DROP
-A INPUT -s 54.145.221.99 -j DROP
-A INPUT -s 54.145.222.231 -j DROP
-A INPUT -s 54.147.213.234 -j DROP
-A INPUT -s 54.147.217.76 -j DROP
-A INPUT -s 54.147.225.204 -j DROP
-A INPUT -s 54.158.167.59 -j DROP
-A INPUT -s 54.158.175.78 -j DROP
-A INPUT -s 54.158.188.170 -j DROP
-A INPUT -s 54.159.190.106 -j DROP
-A INPUT -s 54.163.68.15 -j DROP
-A INPUT -s 54.163.90.41 -j DROP
-A INPUT -s 54.166.46.226 -j DROP
-A INPUT -s 54.167.157.247 -j DROP
-A INPUT -s 54.196.199.101 -j DROP
-A INPUT -s 54.204.210.197 -j DROP
-A INPUT -s 54.204.74.171 -j DROP
-A INPUT -s 54.205.170.21 -j DROP
-A INPUT -s 54.205.209.95 -j DROP
-A INPUT -s 54.205.37.110 -j DROP
-A INPUT -s 54.224.175.2 -j DROP
-A INPUT -s 54.226.143.14 -j DROP
-A INPUT -s 54.227.231.144 -j DROP
-A INPUT -s 54.81.80.46 -j DROP
-A INPUT -s 54.82.41.6 -j DROP
-A INPUT -s 54.82.50.27 -j DROP
-A INPUT -s 54.87.83.160 -j DROP
-A INPUT -s 54.89.6.219 -j DROP
-A INPUT -s 54.145.136.73 -j DROP
-A INPUT -s 54.145.164.64 -j DROP
-A INPUT -s 54.145.207.36 -j DROP
-A INPUT -s 54.145.209.0/24 -j DROP
-A INPUT -s 54.145.235.72 -j DROP
-A INPUT -s 54.145.246.183 -j DROP
-A INPUT -s 54.146.174.220 -j DROP
-A INPUT -s 54.146.180.94 -j DROP
-A INPUT -s 54.147.204.207 -j DROP
-A INPUT -s 54.147.220.66 -j DROP
-A INPUT -s 54.147.250.33 -j DROP
-A INPUT -s 54.157.222.62 -j DROP
-A INPUT -s 54.158.85.158 -j DROP
-A INPUT -s 54.159.134.239 -j DROP
-A INPUT -s 54.159.165.175 -j DROP
-A INPUT -s 54.159.214.27 -j DROP
-A INPUT -s 54.159.240.93 -j DROP
-A INPUT -s 54.159.240.93 -j DROP
-A INPUT -s 54.161.135.168 -j DROP
-A INPUT -s 54.161.147.106 -j DROP
-A INPUT -s 54.161.149.107 -j DROP
-A INPUT -s 54.161.181.156 -j DROP
-A INPUT -s 54.161.201.189 -j DROP
-A INPUT -s 54.163.115.193/32 -j DROP
-A INPUT -s 54.163.100.58 -j DROP
-A INPUT -s 54.163.115.193 -j DROP
-A INPUT -s 54.163.141.69 -j DROP
-A INPUT -s 54.163.168.15 -j DROP
-A INPUT -s 54.163.84.0/24 -j DROP
-A INPUT -s 54.166.102.61 -j DROP
-A INPUT -s 54.166.117.130 -j DROP
-A INPUT -s 54.166.122.69 -j DROP
-A INPUT -s 54.166.12.41 -j DROP
-A INPUT -s 54.166.54.215 -j DROP
-A INPUT -s 54.167.144.170 -j DROP
-A INPUT -s 54.167.159.151 -j DROP
-A INPUT -s 54.167.175.0/24 -j DROP
-A INPUT -s 54.167.177.207 -j DROP
-A INPUT -s 54.197.15.196 -j DROP
-A INPUT -s 54.197.142.249 -j DROP
-A INPUT -s 54.197.168.70 -j DROP
-A INPUT -s 54.197.171.28 -j DROP
-A INPUT -s 54.197.199.191 -j DROP
-A INPUT -s 54.197.94.30 -j DROP
-A INPUT -s 54.204.188.32 -j DROP
-A INPUT -s 54.204.162.36 -j DROP
-A INPUT -s 54.204.165.156 -j DROP
-A INPUT -s 54.204.182.118 -j DROP
-A INPUT -s 54.204.243.45 -j DROP
-A INPUT -s 54.204.92.234 -j DROP
-A INPUT -s 54.205.130.92 -j DROP
-A INPUT -s 54.205.74.11 -j DROP
-A INPUT -s 54.205.88.118 -j DROP
-A INPUT -s 54.205.96.97 -j DROP
-A INPUT -s 54.211.101.8 -j DROP
-A INPUT -s 54.211.23.190 -j DROP
-A INPUT -s 54.211.79.99 -j DROP
-A INPUT -s 54.211.86.24 -j DROP
-A INPUT -s 54.227.214.52 -j DROP
-A INPUT -s 54.242.229.204/32 -j DROP
-A INPUT -s 54.242.105.196 -j DROP
-A INPUT -s 54.82.152.93 -j DROP
-A INPUT -s 54.82.230.178 -j DROP
-A INPUT -s 54.83.224.32 -j DROP
-A INPUT -s 54.87.107.232 -j DROP
-A INPUT -s 54.87.109.30 -j DROP
-A INPUT -s 54.87.160.113 -j DROP
-A INPUT -s 54.87.180.138 -j DROP
-A INPUT -s 54.87.192.157 -j DROP
-A INPUT -s 54.87.221.168 -j DROP
-A INPUT -s 54.87.72.176 -j DROP
-A INPUT -s 54.87.76.100 -j DROP
-A INPUT -s 54.87.88.36 -j DROP
-A INPUT -s 54.89.12.223 -j DROP
-A INPUT -s 54.89.91.165 -j DROP
-A INPUT -s 54.92.233.125 -j DROP
-A INPUT -s 54.92.255.172 -j DROP
#cuwhois
-A INPUT -s 37.187.35.119 -j DROP
-A INPUT -s 37.187.132.209 -j DROP
#crystalsemantics
-A INPUT -s 5.153.46.245 -j DROP
-A INPUT -s 50.97.84.118 -j DROP
-A INPUT -s 5.9.65.80 -j DROP
#datagnion
-A INPUT -s 148.251.6.16 -j DROP
#datenbank
-A INPUT -s 81.209.177.0/24 -j DROP
#domainreanimator
-A INPUT -s 167.114.156.198 -j DROP
#domainappender
-A INPUT -s 52.10.30.213 -j DROP
-A INPUT -s 52.11.130.196 -j DROP
-A INPUT -s 52.11.223.80 -j DROP
-A INPUT -s 52.24.97.94 -j DROP
-A INPUT -s 52.25.106.62 -j DROP
-A INPUT -s 52.25.157.31 -j DROP
-A INPUT -s 52.25.217.8 -j DROP
-A INPUT -s 52.25.35.100 -j DROP
-A INPUT -s 52.25.8.250 -j DROP
-A INPUT -s 52.25.86.170 -j DROP
-A INPUT -s 52.26.145.117 -j DROP
-A INPUT -s 52.26.198.203 -j DROP
-A INPUT -s 52.26.20.217 -j DROP
-A INPUT -s 52.26.210.205 -j DROP
-A INPUT -s 52.26.221.57 -j DROP
-A INPUT -s 52.26.223.25 -j DROP
-A INPUT -s 52.26.227.80 -j DROP
-A INPUT -s 52.26.229.60 -j DROP
-A INPUT -s 52.26.242.117 -j DROP
-A INPUT -s 52.26.248.244 -j DROP
-A INPUT -s 52.26.249.97 -j DROP
-A INPUT -s 52.26.252.200 -j DROP
-A INPUT -s 52.26.253.195 -j DROP
-A INPUT -s 52.26.36.52 -j DROP
-A INPUT -s 52.26.39.37 -j DROP
-A INPUT -s 52.26.5.92 -j DROP
-A INPUT -s 52.26.94.28 -j DROP
-A INPUT -s 52.27.11.243 -j DROP
-A INPUT -s 52.27.12.0/24 -j DROP
-A INPUT -s 52.27.13.0/24 -j DROP
-A INPUT -s 52.27.19.0/24 -j DROP
-A INPUT -s 52.27.27.250 -j DROP
-A INPUT -s 52.27.29.27 -j DROP
-A INPUT -s 52.27.30.0/24 -j DROP
-A INPUT -s 52.27.31.0/24 -j DROP
-A INPUT -s 52.27.3.0/24 -j DROP
-A INPUT -s 52.27.32.248 -j DROP
-A INPUT -s 52.27.33.0/24 -j DROP
-A INPUT -s 52.27.34.0/24 -j DROP
-A INPUT -s 52.27.4.28 -j DROP
-A INPUT -s 52.27.45.0/24 -j DROP
-A INPUT -s 52.27.51.31 -j DROP
-A INPUT -s 52.27.55.15 -j DROP
-A INPUT -s 52.27.58.0/24 -j DROP
-A INPUT -s 52.27.60.179 -j DROP
-A INPUT -s 52.8.140.156 -j DROP
-A INPUT -s 52.8.198.0/24 -j DROP
-A INPUT -s 52.8.203.196 -j DROP
-A INPUT -s 52.8.211.177 -j DROP
-A INPUT -s 52.8.214.38 -j DROP
-A INPUT -s 52.8.89.34 -j DROP
#eCairn
-A INPUT -s 174.129.3.160 -j DROP
-A INPUT -s 184.73.184.70 -j DROP
#everysocialone
-A INPUT -s 69.164.209.170/32 -j DROP
#Feedafever
#-A INPUT -s 109.205.67.92/32 -j DROP
#Feedpress
#-A INPUT -s 188.165.0.0/16 -j DROP
#-A INPUT -s 5.39.0.0/16 -j DROP
#foo by Google
#-A INPUT -s 66.249.64.46 -j DROP
#Foo par Microsoft
#-A INPUT -s 168.63.55.72 -j DROP
#freewebmonitoring
-A INPUT -s 5.135.143.169 -j DROP
#hubspot
-A INPUT -s 54.174.54.104 -j DROP
-A INPUT -s 54.174.59.96 -j DROP
-A INPUT -s 54.174.62.14 -j DROP
-A INPUT -s 54.174.52.55 -j DROP
-A INPUT -s 54.174.53.17 -j DROP
-A INPUT -s 54.174.55.0/24 -j DROP
-A INPUT -s 54.174.57.151 -j DROP
-A INPUT -s 54.174.58.0/24 -j DROP
-A INPUT -s 54.174.60.236 -j DROP
-A INPUT -s 54.174.61.221 -j DROP
-A INPUT -s 54.174.63.175 -j DROP
#Garlik 
-A INPUT -s 185.26.92.4 -j DROP
#Grapeshot
-A INPUT -s 89.145.95.0/24 -j DROP
#GroupHigh
-A INPUT -s 50.203.216.14/32 -j DROP
#Impulse-Web
-A INPUT -s 178.32.28.117/32 -j DROP
#indonesiancoder
-A INPUT -s 111.67.15.147 -j DROP
-A INPUT -s 208.131.155.219 -j DROP
-A INPUT -s 5.101.156.0/24 -j DROP
#Infegy
-A INPUT -s 74.87.163.0/24 -j DROP
#linkdex
-A INPUT -s 23.20.133.85 -j DROP
-A INPUT -s 23.22.130.152 -j DROP
-A INPUT -s 50.17.137.132 -j DROP
-A INPUT -s 50.19.66.2 -j DROP
-A INPUT -s 50.17.75.173 -j DROP
-A INPUT -s 50.19.10.237 -j DROP
-A INPUT -s 50.19.159.109 -j DROP
-A INPUT -s 50.19.22.196 -j DROP
-A INPUT -s 54.144.180.139 -j DROP
-A INPUT -s 54.144.18.104 -j DROP
-A INPUT -s 54.145.17.193 -j DROP
-A INPUT -s 54.146.235.61 -j DROP
-A INPUT -s 54.147.102.114 -j DROP
-A INPUT -s 54.159.95.23 -j DROP
-A INPUT -s 54.204.183.234 -j DROP
-A INPUT -s 54.226.165.126 -j DROP
-A INPUT -s 54.226.27.184 -j DROP
-A INPUT -s 54.242.101.78 -j DROP
-A INPUT -s 54.82.35.100 -j DROP
-A INPUT -s 54.82.82.225 -j DROP
-A INPUT -s 54.83.104.110 -j DROP
-A INPUT -s 54.91.203.48 -j DROP
-A INPUT -s 54.145.240.14 -j DROP
-A INPUT -s 54.145.40.200 -j DROP
-A INPUT -s 54.145.78.158 -j DROP
-A INPUT -s 54.147.51.161 -j DROP
-A INPUT -s 54.157.108.200 -j DROP
-A INPUT -s 54.157.42.53 -j DROP
-A INPUT -s 54.158.33.35 -j DROP
-A INPUT -s 54.158.3.45 -j DROP
-A INPUT -s 54.159.108.14 -j DROP
-A INPUT -s 54.159.45.84 -j DROP
-A INPUT -s 54.159.83.21 -j DROP
-A INPUT -s 54.160.61.253 -j DROP
-A INPUT -s 54.161.106.109 -j DROP
-A INPUT -s 54.161.157.249 -j DROP
-A INPUT -s 54.161.20.76 -j DROP
-A INPUT -s 54.162.64.130 -j DROP
-A INPUT -s 54.166.147.47 -j DROP
-A INPUT -s 54.196.59.174 -j DROP
-A INPUT -s 54.198.142.129 -j DROP
-A INPUT -s 54.198.4.89 -j DROP
-A INPUT -s 54.226.214.87 -j DROP
-A INPUT -s 54.237.152.154 -j DROP
-A INPUT -s 54.80.243.243 -j DROP
-A INPUT -s 54.81.2.241 -j DROP
-A INPUT -s 54.82.119.140 -j DROP
-A INPUT -s 107.20.0.105 -j DROP
-A INPUT -s 107.21.191.167 -j DROP
-A INPUT -s 107.22.108.170 -j DROP
-A INPUT -s 184.73.137.68 -j DROP
-A INPUT -s 184.73.51.23 -j DROP
-A INPUT -s 23.20.141.115 -j DROP
-A INPUT -s 23.20.164.93 -j DROP
-A INPUT -s 23.21.0.60 -j DROP
-A INPUT -s 23.22.117.72 -j DROP
-A INPUT -s 23.22.139.237 -j DROP
-A INPUT -s 23.22.221.134 -j DROP
-A INPUT -s 23.22.78.45 -j DROP
-A INPUT -s 23.23.54.53 -j DROP
-A INPUT -s 50.16.171.32 -j DROP
-A INPUT -s 50.16.41.82 -j DROP
-A INPUT -s 50.17.37.125 -j DROP
-A INPUT -s 50.17.51.92 -j DROP
-A INPUT -s 50.19.1.236 -j DROP
-A INPUT -s 50.19.24.77 -j DROP
-A INPUT -s 50.19.30.63 -j DROP
-A INPUT -s 50.19.75.244 -j DROP
-A INPUT -s 54.147.1.97 -j DROP
-A INPUT -s 54.159.138.24 -j DROP
-A INPUT -s 54.163.222.178 -j DROP
-A INPUT -s 54.204.188.32 -j DROP
-A INPUT -s 54.205.81.43 -j DROP
-A INPUT -s 54.224.185.62 -j DROP
-A INPUT -s 54.224.205.107 -j DROP
-A INPUT -s 54.227.134.131 -j DROP
-A INPUT -s 54.90.230.238 -j DROP
-A INPUT -s 54.91.74.228 -j DROP
-A INPUT -s 54.144.223.147 -j DROP
-A INPUT -s 54.144.166.92 -j DROP
-A INPUT -s 54.144.63.207 -j DROP
-A INPUT -s 54.144.80.214 -j DROP
-A INPUT -s 54.144.95.141 -j DROP
-A INPUT -s 54.145.16.67 -j DROP
-A INPUT -s 54.145.227.154 -j DROP
-A INPUT -s 54.145.251.165 -j DROP
-A INPUT -s 54.145.65.253 -j DROP
-A INPUT -s 54.145.71.121 -j DROP
-A INPUT -s 54.146.109.160 -j DROP
-A INPUT -s 54.147.108.247 -j DROP
-A INPUT -s 54.147.231.175 -j DROP
-A INPUT -s 54.147.24.17 -j DROP
-A INPUT -s 54.147.51.86 -j DROP
-A INPUT -s 54.147.59.201 -j DROP
-A INPUT -s 54.159.226.230 -j DROP
-A INPUT -s 54.161.238.121 -j DROP
-A INPUT -s 54.161.78.132 -j DROP
-A INPUT -s 54.162.117.142 -j DROP
-A INPUT -s 54.162.117.174 -j DROP
-A INPUT -s 54.162.139.215 -j DROP
-A INPUT -s 54.162.159.111 -j DROP
-A INPUT -s 54.163.46.210 -j DROP
-A INPUT -s 54.166.253.32 -j DROP
-A INPUT -s 54.167.226.208 -j DROP
-A INPUT -s 54.167.227.146 -j DROP
-A INPUT -s 54.167.231.64 -j DROP
-A INPUT -s 54.167.54.168 -j DROP
-A INPUT -s 54.196.226.38 -j DROP
-A INPUT -s 54.196.233.225 -j DROP
-A INPUT -s 54.197.107.64 -j DROP
-A INPUT -s 54.197.178.58 -j DROP
-A INPUT -s 54.198.123.228 -j DROP
-A INPUT -s 54.204.58.224 -j DROP
-A INPUT -s 54.211.64.247 -j DROP
-A INPUT -s 54.221.141.139 -j DROP
-A INPUT -s 54.221.158.73 -j DROP
-A INPUT -s 54.221.188.75 -j DROP
-A INPUT -s 54.224.166.151 -j DROP
-A INPUT -s 54.226.136.213 -j DROP
-A INPUT -s 54.226.222.178 -j DROP
-A INPUT -s 54.226.252.165 -j DROP
-A INPUT -s 54.226.31.56 -j DROP
-A INPUT -s 54.226.75.16 -j DROP
-A INPUT -s 54.227.18.153 -j DROP
-A INPUT -s 54.234.184.23 -j DROP
-A INPUT -s 54.234.209.75 -j DROP
-A INPUT -s 54.234.248.101 -j DROP
-A INPUT -s 54.234.74.42 -j DROP
-A INPUT -s 54.234.75.211 -j DROP
-A INPUT -s 54.235.8.224 -j DROP
-A INPUT -s 54.242.106.211 -j DROP
-A INPUT -s 54.242.149.68 -j DROP
-A INPUT -s 54.242.151.238 -j DROP
-A INPUT -s 54.242.20.182 -j DROP
-A INPUT -s 54.242.234.61 -j DROP
-A INPUT -s 54.242.238.235 -j DROP
-A INPUT -s 54.82.7.115 -j DROP
-A INPUT -s 54.87.50.21 -j DROP
-A INPUT -s 54.87.56.134 -j DROP
-A INPUT -s 54.89.149.83 -j DROP
-A INPUT -s 54.91.101.35 -j DROP
-A INPUT -s 54.91.108.203 -j DROP
-A INPUT -s 54.91.130.65 -j DROP
-A INPUT -s 54.92.131.226 -j DROP
-A INPUT -s 54.92.154.199 -j DROP
-A INPUT -s 184.73.137.68 -j DROP
-A INPUT -s 23.20.141.115 -j DROP
-A INPUT -s 23.20.164.93 -j DROP
-A INPUT -s 23.22.221.134 -j DROP
-A INPUT -s 50.19.24.77 -j DROP
-A INPUT -s 54.144.63.207 -j DROP
-A INPUT -s 54.145.71.121 -j DROP
-A INPUT -s 54.146.109.160 -j DROP
-A INPUT -s 54.147.59.201 -j DROP
-A INPUT -s 54.159.226.230 -j DROP
-A INPUT -s 54.162.117.142 -j DROP
-A INPUT -s 54.162.117.174 -j DROP
-A INPUT -s 54.162.139.215 -j DROP
-A INPUT -s 54.162.159.111 -j DROP
-A INPUT -s 54.163.46.210 -j DROP
-A INPUT -s 54.167.227.146 -j DROP
-A INPUT -s 54.167.231.64 -j DROP
-A INPUT -s 54.167.54.168 -j DROP
-A INPUT -s 54.197.107.64 -j DROP
-A INPUT -s 54.204.58.224 -j DROP
-A INPUT -s 54.221.141.139 -j DROP
-A INPUT -s 54.221.158.73 -j DROP
-A INPUT -s 54.221.188.75 -j DROP
-A INPUT -s 54.226.136.213 -j DROP
-A INPUT -s 54.226.252.165 -j DROP
-A INPUT -s 54.227.18.153 -j DROP
-A INPUT -s 54.234.75.211 -j DROP
-A INPUT -s 54.242.20.182 -j DROP
-A INPUT -s 54.242.234.61 -j DROP
-A INPUT -s 54.87.50.21 -j DROP
-A INPUT -s 54.87.56.134 -j DROP
-A INPUT -s 54.89.149.83 -j DROP
-A INPUT -s 54.91.101.35 -j DROP
-A INPUT -s 54.92.131.226 -j DROP
#linkfluence/kraken/rtgi
-A INPUT -s 176.31.230.76 -j DROP
-A INPUT -s 178.33.236.0/24 -j DROP
-A INPUT -s 37.59.32.175 -j DROP
-A INPUT -s 37.59.33.191 -j DROP
-A INPUT -s 37.59.34.187 -j DROP
-A INPUT -s 37.59.35.202 -j DROP
-A INPUT -s 46.105.116.73 -j DROP
-A INPUT -s 5.135.137.0/24 -j DROP
-A INPUT -s 5.135.138.217 -j DROP
-A INPUT -s 5.135.139.130 -j DROP
-A INPUT -s 5.135.140.59 -j DROP
-A INPUT -s 5.39.64.74 -j DROP
-A INPUT -s 52.16.104.82 -j DROP
-A INPUT -s 52.16.106.57 -j DROP
-A INPUT -s 52.16.168.240 -j DROP
-A INPUT -s 52.16.198.251 -j DROP
-A INPUT -s 62.39.87.44 -j DROP
-A INPUT -s 66.249.64.51 -j DROP
#linkonomics
-A INPUT -s 162.222.181.94 -j DROP
-A INPUT -s 130.211.152.28 -j DROP
#Majestic12/MJ12Bot OK
-A INPUT -s 109.147.201.52 -j DROP
-A INPUT -s 109.149.178.10 -j DROP
-A INPUT -s 173.0.63.77 -j DROP
-A INPUT -s 198.27.65.39 -j DROP
-A INPUT -s 198.27.66.185 -j DROP
-A INPUT -s 212.175.22.199 -j DROP
-A INPUT -s 212.83.177.193 -j DROP
-A INPUT -s 212.175.22.199 -j DROP
-A INPUT -s 217.103.97.99 -j DROP
-A INPUT -s 217.79.184.51 -j DROP
-A INPUT -s 31.31.73.93 -j DROP
-A INPUT -s 46.4.89.35 -j DROP
-A INPUT -s 46.4.120.3 -j DROP
-A INPUT -s 5.9.87.98 -j DROP
-A INPUT -s 52.16.214.246 -j DROP
-A INPUT -s 62.163.78.143 -j DROP
-A INPUT -s 68.115.87.0 -j DROP
-A INPUT -s 74.111.12.201 -j DROP
-A INPUT -s 82.3.61.48 -j DROP
-A INPUT -s 142.4.214.124 -j DROP
-A INPUT -s 195.154.163.175 -j DROP
-A INPUT -s 78.46.50.246 -j DROP
-A INPUT -s 136.243.24.27 -j DROP
-A INPUT -s 136.243.5.0/24 -j DROP
-A INPUT -s 136.243.16.7 -j DROP
-A INPUT -s 142.4.213.178 -j DROP
-A INPUT -s 144.76.194.118 -j DROP
-A INPUT -s 144.76.26.177 -j DROP
-A INPUT -s 144.76.29.162 -j DROP
-A INPUT -s 144.76.62.165 -j DROP
-A INPUT -s 144.76.7.107 -j DROP
-A INPUT -s 144.76.8.132 -j DROP
-A INPUT -s 144.76.102.241 -j DROP
-A INPUT -s 144.76.32.0/24 -j DROP
-A INPUT -s 148.251.124.0/24 -j DROP
-A INPUT -s 148.251.183.105 -j DROP
-A INPUT -s 176.9.29.209 -j DROP
-A INPUT -s 176.9.4.172 -j DROP
-A INPUT -s 178.200.77.99 -j DROP
-A INPUT -s 178.63.13.15 -j DROP
-A INPUT -s 188.40.114.215 -j DROP
-A INPUT -s 188.40.109.147 -j DROP
-A INPUT -s 188.40.95.70 -j DROP
-A INPUT -s 192.99.40.137 -j DROP
-A INPUT -s 192.99.2.27 -j DROP
-A INPUT -s 192.99.1.101 -j DROP
-A INPUT -s 195.154.187.115 -j DROP
-A INPUT -s 198.100.144.83 -j DROP
-A INPUT -s 198.245.49.180 -j DROP
-A INPUT -s 198.245.51.90 -j DROP
-A INPUT -s 198.245.62.10 -j DROP
-A INPUT -s 198.27.64.0/24 -j DROP
-A INPUT -s 198.27.66.194 -j DROP
-A INPUT -s 198.27.82.0/24 -j DROP
-A INPUT -s 208.107.236.134 -j DROP
-A INPUT -s 209.126.117.84 -j DROP
-A INPUT -s 209.126.107.104 -j DROP
-A INPUT -s 212.175.22.199 -j DROP
-A INPUT -s 213.251.182.106 -j DROP
-A INPUT -s 24.165.193.65 -j DROP
-A INPUT -s 46.4.12.20 -j DROP
-A INPUT -s 46.4.123.172 -j DROP
-A INPUT -s 46.4.32.75 -j DROP
-A INPUT -s 46.4.87.105 -j DROP
-A INPUT -s 5.9.104.46 -j DROP
-A INPUT -s 5.9.111.70 -j DROP
-A INPUT -s 5.9.156.107 -j DROP
-A INPUT -s 5.9.85.4 -j DROP
-A INPUT -s 5.9.89.170 -j DROP
-A INPUT -s 62.210.90.118 -j DROP
-A INPUT -s 62.210.97.48 -j DROP
-A INPUT -s 71.176.122.34 -j DROP
-A INPUT -s 72.91.210.24 -j DROP
-A INPUT -s 78.46.174.197 -j DROP
-A INPUT -s 78.46.94.23 -j DROP
-A INPUT -s 78.94.83.192 -j DROP
-A INPUT -s 80.213.253.241 -j DROP
-A INPUT -s 84.208.207.190 -j DROP
-A INPUT -s 86.132.212.12 -j DROP
-A INPUT -s 86.132.212.7 -j DROP
-A INPUT -s 88.198.16.153 -j DROP
-A INPUT -s 88.198.164.52 -j DROP
-A INPUT -s 91.121.170.189 -j DROP
-A INPUT -s 91.121.121.43 -j DROP
-A INPUT -s 91.121.169.194 -j DROP
-A INPUT -s 91.194.84.106 -j DROP
-A INPUT -s 92.221.161.154 -j DROP
-A INPUT -s 92.232.53.54 -j DROP
-A INPUT -s 94.143.115.49/32 -j DROP
-A INPUT -s 94.208.145.95 -j DROP
-A INPUT -s 94.22.43.37 -j DROP
-A INPUT -s 94.22.46.23 -j DROP
-A INPUT -s 94.22.47.242 -j DROP
-A INPUT -s 94.23.19.178 -j DROP
-A INPUT -s 95.34.26.88 -j DROP
#Masscan
-A INPUT -s 61.240.144.67 -j DROP
#Meanpath OK
-A INPUT -s 192.99.107.0/24 -j DROP
#megaindex
-A INPUT -s 144.76.63.35/32 -j DROP
#metauri
-A INPUT -s 23.29.122.0/24 -j DROP
-A INPUT -s 23.227.176.34/32 -j DROP
#Moreover OK
-A INPUT -s 8.8.204.0/24 -j DROP
-A INPUT -s 70.39.246.0/24 -j DROP
#Montools.com
-A INPUT -s 65.181.121.220/32 -j DROP
-A INPUT -s 65.181.124.196/32 -j DROP
#omgili OK 
-A INPUT -s 62.0.1.90/32 -j DROP
-A INPUT -s 212.150.211.0/24 -j DROP
-A INPUT -s 199.203.61.0/24 -j DROP
#openhose
-A INPUT -s 207.244.73.0/24 -j DROP
#Openlinkprofiler
-A INPUT -s 107.170.42.20 -j DROP
-A INPUT -s 162.243.109.121 -j DROP
-A INPUT -s 162.243.110.96 -j DROP
-A INPUT -s 162.243.192.45 -j DROP
-A INPUT -s 162.243.49.233 -j DROP
#Opensiteexplorer
-A INPUT -s 208.115.111.0/24 -j DROP
-A INPUT -s 208.115.113.0/24 -j DROP
#OWlin OK
-A INPUT -s 83.145.75.205 -j DROP
-A INPUT -s 87.253.132.0/24 -j DROP
#PageAnalyzer
-A INPUT -s 193.107.145.150 -j DROP
-A INPUT -s 5.189.144.124 -j DROP
#Pagesinventory
-A INPUT -s 130.185.104.121 -j DROP
#PaperLiBot OK
-A INPUT -s 37.187.162.0/24 -j DROP
-A INPUT -s 37.187.165.0/24 -j DROP
-A INPUT -s 37.187.167.0/24 -j DROP
-A INPUT -s 37.59.18.190 -j DROP
-A INPUT -s 37.59.19.0/24 -j DROP
#pr-cy
-A INPUT -s 93.171.202.240 -j DROP
#Proximic
-A INPUT -s 52.5.34.255 -j DROP
-A INPUT -s 52.4.126.131 -j DROP
-A INPUT -s 52.4.6.42 -j DROP
-A INPUT -s 52.6.13.169 -j DROP
-A INPUT -s 52.7.163.219 -j DROP
-A INPUT -s 52.7.177.189 -j DROP
-A INPUT -s 54.84.198.40 -j DROP

#Queryseeker
-A INPUT -s 49.212.154.0/24 -j DROP
#Radian6 OK
-A INPUT -s 142.166.3.122 -j DROP
-A INPUT -s 207.34.25.76 -j DROP
-A INPUT -s 23.21.233.232 -j DROP
-A INPUT -s 54.221.193.204 -j DROP
-A INPUT -s 54.221.194.231 -j DROP
-A INPUT -s 54.221.221.21 -j DROP
-A INPUT -s 54.225.118.181 -j DROP
-A INPUT -s 54.225.128.1 -j DROP
-A INPUT -s 54.225.84.134 -j DROP
#ranks.nl
-A INPUT -s 85.214.111.153 -j DROP
#rogerbot OK
-A INPUT -s 209.133.111.0/24 -j DROP
-A INPUT -s 209.249.5.0/24 -j DROP
#scaper
-A INPUT -s 173.230.129.121 -j DROP
#Searchmetrics OK
-A INPUT -s 88.198.31.242/32 -j DROP
-A INPUT -s 148.251.124.206/32 -j DROP
#Semantic-visions
-A INPUT -s 144.76.32.142/32 -j DROP
#semrush OK
-A INPUT -s 46.229.164.0/24 -j DROP
-A INPUT -s 178.255.215.81 -j DROP
-A INPUT -s 207.46.13.0/24 -j DROP
-A INPUT -s 68.180.228.251 -j DROP
-A INPUT -s 68.180.229.45 -j DROP
#Seobility 
-A INPUT -s 88.198.114.16/32 -j DROP
#Seoclarity
-A INPUT -s 192.185.225.115/32 -j DROP
#Seokicks.de
-A INPUT -s 46.4.132.226/32 -j DROP
-A INPUT -s 78.46.38.10 -j DROP
#Similartech
-A INPUT -s 64.79.85.205 -j DROP
#Spinn3r
-A INPUT -s 173.192.238.0/24 -j DROP
-A INPUT -s 174.36.228.0/24 -j DROP
-A INPUT -s 174.36.241.0/24 -j DROP
#siteexplorer
-A INPUT -s 208.43.225.0/24 -j DROP
#synthesio OK
-A INPUT -s 188.165.200.0/24 -j DROP
-A INPUT -s 94.23.220.0/24 -j DROP
-A INPUT -s 46.105.115.0/24 -j DROP
-A INPUT -s 94.23.195.0/24 -j DROP
-A INPUT -s 94.23.202.0/24 -j DROP
-A INPUT -s 94.23.240.0/24 -j DROP
-A INPUT -s 94.23.245.0/24 -j DROP
-A INPUT -s 178.33.227.0/24 -j DROP
-A INPUT -s 37.59.145.0/24 -j DROP
#sysomos
-A INPUT -s 209.171.42.71/32 -j DROP
#traackr
-A INPUT -s 174.129.250.121/32 -j DROP
-A INPUT -s 54.204.199.49 -j DROP
-A INPUT -s 54.204.46.255 -j DROP
-A INPUT -s 54.221.234.16 -j DROP
-A INPUT -s 54.83.55.131 -j DROP
#Ubermetrics-technologies OK
-A INPUT -s 144.76.94.0/24 -j DROP
-A INPUT -s 148.251.136.180 -j DROP
-A INPUT -s 176.9.63.54 -j DROP
-A INPUT -s 5.9.155.183 -j DROP
-A INPUT -s 78.46.34.151 -j DROP
#viralvideochart
-A INPUT -s 23.22.131.24 -j DROP
#webmeup-crawler OK
-A INPUT -s 136.243.36.0/24 -j DROP
#wesee
-A INPUT -s 95.211.231.130/32 -j DROP
#wise-guys OK
-A INPUT -s 82.94.179.38/32 -j DROP
#Wscheck OK
-A INPUT -s 199.217.119.4 -j DROP
#Xenu Link Sleuth OK
-A INPUT -s 195.154.52.186 -j DROP
-A INPUT -s 196.217.65.194 -j DROP
-A INPUT -s 31.63.157.122 -j DROP
-A INPUT -s 31.63.187.6 -j DROP
-A INPUT -s 5.14.114.202 -j DROP
-A INPUT -s 5.14.126.0 -j DROP
-A INPUT -s 62.210.217.18 -j DROP
-A INPUT -s 78.223.234.140 -j DROP
-A INPUT -s 78.225.47.124 -j DROP
-A INPUT -s 87.98.161.163/32 -j DROP
-A INPUT -s 90.8.1.49 -j DROP
-A INPUT -s 90.8.4.27 -j DROP
-A INPUT -s 93.220.107.7 -j DROP
#Xovibot OK
-A INPUT -s 185.53.44.67/32 -j DROP
#-------------------------------
#Pologne
#-A INPUT -s 194.187.168.0/24 -j DROP
#McMillan
-A INPUT -s 12.36.121.0/24 -j DROP
#Russie/Ukraine
-A INPUT -s 46.151.52.0/24 -j DROP
#aitellu
-A INPUT -s 46.137.100.96 -j DROP
#amazonaws
-A INPUT -s 54.172.122.155 -j DROP
-A INPUT -s 54.179.61.227 -j DROP
#asianet
-A INPUT -s 27.145.64.141 -j DROP
#colocrossing wp-login.php
-A INPUT -s 216.246.49.26 -j DROP
#linode
-A INPUT -s 106.185.33.80 -j DROP
#onlinehome-server
-A INPUT -s 212.227.21.199 -j DROP
-A INPUT -s 82.165.151.97 -j DROP
#poneytelecom
-A INPUT -s 195.154.58.218 -j DROP
-A INPUT -s 212.129.42.8 -j DROP
-A INPUT -s 212.83.129.37 -j DROP
-A INPUT -s 212.83.179.131 -j DROP
-A INPUT -s 62.210.205.155 -j DROP
-A INPUT -s 62.210.207.74 -j DROP
-A INPUT -s 62.210.209.104 -j DROP
-A INPUT -s 62.210.211.145 -j DROP
-A INPUT -s 62.210.211.25 -j DROP
#scalabledns
-A INPUT -s 23.89.145.205 -j DROP
-A INPUT -s 23.89.254.35 -j DROP
#scrapy
-A INPUT -s 68.199.181.109 -j DROP
#secureserver
-A INPUT -s 182.50.129.173 -j DROP
-A INPUT -s 184.168.46.66 -j DROP
-A INPUT -s 50.62.57.239 -j DROP
-A INPUT -s 50.63.152.178 -j DROP
-A INPUT -s 97.74.6.175 -j DROP
#seograph
-A INPUT -s 85.25.210.18 -j DROP
#server-home
-A INPUT -s 195.137.213.227 -j DROP
-A INPUT -s 77.236.97.64 -j DROP
#siteprotect
-A INPUT -s 64.71.32.12 -j DROP
-A INPUT -s 64.71.32.31 -j DROP
-A INPUT -s 64.71.32.35 -j DROP
#your-server
-A INPUT -s 144.76.136.146 -j DROP
-A INPUT -s 148.251.81.195 -j DROP
-A INPUT -s 178.63.54.23 -j DROP
-A INPUT -s 5.9.145.132 -j DROP
-A INPUT -s 88.198.35.68 -j DROP
#zoominfo
-A INPUT -s 207.106.190.66 -j DROP
#Servertohell.net
#-A INPUT -s 109.74.0.0/18 -j DROP
#Comcast
#-A INPUT -s 71.236.250.176 -j DROP
#Colt
#-A INPUT -s 213.41.124.82 -j DROP

.htaccess pour le mutualisé

Ce que vous pouvez faire dans le cadre d’un hébergement mutualisé, c’est ajouter ces quelques lignes à votre fichier .htaccess :

<files ~ "(wp-comments-post|securimage_show|admin-ajax)\.php">
#<Limit Post>
Order allow,deny
Allow from all
Deny from 1.com 2m-equation.net 6core.net
Deny from accesshaiti.net adviceforbid.com affille.net aidensmusic.com albacom.net algx.net amazonaws.com anchorfree.com ardanhosting.com arsenalassociation.com as15003.net as43234.net as51430.net
Deny from berkelyx.com betterdomainhosting.eu bettys-news.com bezeqint.net bizevaluator.info btcentralplus.com
Deny from cantv.net cgi.ca cheapseovps.com chinamobile.com chirpan.com choopa.com choopa.net co.uk codelayer.org colocrossing.com colostore.net colt.net com.cn comcast.net comcastbusiness.com compsyscloud.com comunitel.net congesia.com contina.com continuumdatacenters.com correctnic.com crystalsoft-it.com cyberghostvpn.com
Deny from dimenoc.com dinaserver.com donbranco.com dnxserver.net
Deny from eastmidland.net ecatel.net eonix.net escaple3.com
Deny from fairlyclose.com fictto.com filemedia.net
Deny from gamespot24.com gategemstone.com ghostshosting.net globaltap.com googleusercontent.com guarmarr.com
Deny from heilink.com  hostedpanama.com hostvenom.com hostwindsdns.com
Deny from karclub.com krypt.com kwaoo.net kyivstar.net
Deny from instantnotificationservices.com ipvnow.com ispsystem.net
Deny from jobcity.com jointventure.net
Deny from leasededi.com leaseweb.com limitless-servers.com lypfect.com
Deny from mach9servers.com marketstreetwifi.net megapath.net micfo.com milkmist.com mindcombinedserver.com myconsumerreward.com myhostmysite.com
Deny from norstway.com notsteyle.com
Deny from openskytelcom.net optonline.net ovh.net
Deny from pmsponsors.net poneytelecom.eu pontsparachute.com purewebtech.net
Deny from quadranet.com queryfoundry.net qinglongboye.com
Deny from reputeo.ch romanelliproject.com rootleveltech.com rr.com
Deny from sagonet.net sbcglobal.net scalabledns.com secureserver.net serverhotell.net signalservis.net shineservers.com sleyfl.com slowplum.com smart-dns.net smartone.com softlayer.com solidseodedicated.com sologalaxy.com sometimessite.com sprintdatacenter.net starrt-fortress.com stratoserver.net steephost.net supcloud.net
Deny from tapestryteeth.com techserverdns.com telostor.ca telus.net topsfieldinternational.com torservers.net totbb.net trentexchange.com triolan.net
Deny from ubiquityservers.com ubservers.com uk2group.com ultimatumetheme.com unil.ch unti-is.com
Deny from verizon.net vilayer.com virginm.net vmline.pl vntp.net volia.net
Deny from wa-01.com whackemcrackem.com wifirst.net
Deny from your-server.de
Deny from xi.com xssl.net
Deny from .ads .adsl .aero .af .ai .al .am .an .ao .aq .ar .as .asia .at .au .aw .ax .az
Deny from .ba .bb .bd .bf .bg .bh .bi .biz .bj .bm .bn .bo .boo .br .bs .bt .bv .bw .by .bz .by
Deny from .cat .cc .cd .cf .cg .ci .ck .cl .cn .co .coop .cr .cs .cu .cv .cx .cy .cz
Deny from .dad .de .dd .dhcp .dj .dk .dm .do .dz
Deny from .eat .ec .edu .ee .eg .eh .er .es .esq .eu .et
Deny from .fi .fj .fk .fly .fm .fo .foo .fx
Deny from .ga .gb .gd .ge .gf .gh .gi .gl .gm .gn .gov .gq .gr .gs .gt .gu .gw .gy
Deny from .here .hk .hm .hn .host .how .hr .ht .hu
Deny from .id .ie .il .im .in .ing .info .int .io .iq .ir .is .it
Deny from .je .jm .jo .jobs .jp
Deny from .ke .kg .kh .ki .km .kn .kp .kr .kw .ky .kz
Deny from .la .lb .li .link .lk .lr .ls .lt .lv .ly
Deny from .ma .mc .md .me .meme .mg .mh .mk .mil .ml .mm .mn .mo .mov .mobi .mp .mr .ms .mt .mu .museum .mv .mw .mx
Deny from .na .name .nc .ne .new .nf .ng .ni .nl .no .np .nr .nt .nu .nz
Deny from .om
Deny from .pa .pe .pg .ph .pk .pl .pm .pn .pr .pro .prof .ps .pt .pw .py
Deny from .qa
Deny from .ro .rsvp .ru .rw
Deny from .sa .sb .sc .sd .se .sex .sg .sh .si .sj .sk .sl .sm .sn .soy .sr .ss .st .su .sv .sy .sz
Deny from .tc .td .tel .tf .tg .th .tj .tk .tl .tm .tn .to .tp .tr .travel .tt .tv .tw .tz
Deny from .ua .ug .uk .um .us .uy
Deny from .va .vc .ve .vg .vi .vn .vu
Deny from .wf .ws
Deny from .xn--* .xxx
Deny from .ye .yt .yu
Deny from .za .zip .zm .zr .zw
Deny from 1
Deny from 100 101 103 104 105 106 107 108
Deny from 109.109.109 109.122.229 109.162 109.164.240 109.165 109.169 109.184 109.188 109.190.85.95 109.194 109.196.210 109.201.143 109.201.154 109.211.94.232 109.226.203 109.230.221 109.231.122 109.7.65.66 109.86 109.87 109.93
Deny from 110 111 112 113 114 115 116 117 118 119
Deny from 12 120 121 122 123 124 125 126 128.107 128.177 128.199.63 129.144
Deny from 130 131.156 133 134.249 136 137 138 139
Deny from 14
Deny from 140 141.0.14 141.138.205 141.255.156.61 142 143 145.255 146 148 149.202.98 149.255
Deny from 15
Deny from 151.236.29 153 154 155.94 156.54 156.75 158.69 159.203 159.205.136 159.224 159.255.165 159.255.169
Deny from 162 163 164.138.237 165 167 168.131
Deny from 171 172 173 174 175
Deny from 176.10 176.100.111 176.104 176.109 176.116.74 176.119 176.126.252 176.14 176.123.3 176.193 176.194 176.195 176.212 176.213 176.215 176.31 176.61.141 176.8 176.9 176.97 176.99
Deny from 177
Deny from 178.121 178.124 178.125 178.137 178.150 178.158 178.162.222 178.168.30 178.172.230 178.175.128 178.184 178.19 178.206 178.207 178.210.219 178.216.54 178.23.129 178.237.87 178.250.45 178.32 178.33 178.44 178.62.165 178.73 178.82 178.94
Deny from 179
Deny from 180 181 182 184 183 185 186 187 188 189
Deny from 188.123.248 188.128.99 188.134 188.138.149 188.143.232 188.143.234 188.163 188.165.206.226 188.234 188.26 188.63 188.92.75
Deny from 190 191 192
Deny from 193.105.210 193.109.199 193.136 193.144 193.150 193.189 193.201 193.248.195 193.43.158 193.90
Deny from 194.139 194.149.148 194.151 194.183.0 194.183.4 194.185 194.186.246 194.187.168 194.199.55.254 194.34.105 194.56.178.164 194.67
Deny from 195.114.128 195.12.188 195.138.81 195.142 195.182.94 195.211 195.228 195.3.144 195.62.25 195.81.140
Deny from 196 197 198 199
Deny from 2.13.255.56 2.136 2.50
Deny from 200 201 202 203 204 206 207 208 209
Deny from 210 211
Deny from 212.111.198 212.117.180 212.126.96 212.138.88.114 212.160.138.237 212.166 212.174.143.129 212.175 212.181 212.200 212.56 212.59 212.73.73 212.76.140 212.83.157.67 212.90.40 212.92.243 212.92.35.34
Deny from 213.0 213.111.233 213.144.132 213.154.203 213.184.105 213.185.81 213.186.167 213.197.129 213.215.201 213.227 213.238.175 213.227 213.37 213.42 213.65
Deny from 216
Deny from 217.147.84 217.195.202 217.64.110
Deny from 218 219
Deny from 220 221 222 223
Deny from 23 24 27
Deny from 31.133.13 31.169.83 31.172.30 31.184 31.187.92 31.187.93 31.192 31.193.196 31.202 31.204 31.23 31.28.251 31.31 31.37.121.176 31.39.125.134 31.41 31.6.71 31.7.232
Deny from 36
Deny from 37.0.121 37.0.123 37.112 37.113 37.115 37.131.215 37.139.16 37.187.79.141 37.187.88 37.203.212 37.214.32 37.215 37.221 37.229 37.233.27 37.236 37.247.48 37.44 37.48.80 37.48.81  37.57 37.59 37.77.51.162
Deny from 38 39
Deny from 40 41 42 43 45
Deny from 46.102 46.105.248.86 46.105.254 46.118 46.119 46.147 46.151 46.16.74 46.161 46.165 46.166.163 46.175.254 46.183.162 46.185 46.188 46.191 46.21.99 46.211 46.22.166 46.246 46.28.66 46.29 46.36.112 46.38.62 46.39 46.41 46.61 46.7 46.98
Deny from 49
Deny from 5.101 5.135 5.139 5.149.212 5.157 5.158 5.160 5.164 5.166 5.167 5.175 5.233 5.248 5.249.164 5.254 5.255.73 5.34.123 5.39 5.45 5.79.68 5.9
Deny from 50 54 58 59
Deny from 60 61 62.102.148 62.122 62.16 62.20 62.201.203 62.210.82 62.39.122 62.76 62.77.180 62.90 63 64 65 66 67 68 69
Deny from 70 71 72 74 75 76
Deny from 77.109.139 77.122 77.123 77.125 77.126 77.154.202.104 77.232.159 77.243 77.79.178 77.91.179 77.93.2.81  77.95.225
Deny from 78.188 78.225.69.85 78.237.8.14 78.25 78.29 78.30 78.63
Deny from 79.133.217 79.143.179 79.172.193 79.176 79.98.107
Deny from 80.191 80.203 80.232.207 80.28 80.39 80.71.115 80.72.37 80.82.64 80.82.65 80.79.127 80.86 80.93
Deny from 81
Deny from 82.102.24 82.112.194 82.137.208 82.151.83 82.192.30 82.193.109 82.209.251 82.221 82.238.179.246
Deny from 83.128 83.141.175.34 83.234 83.244.185 83.39 83.41 83.50
Deny from 84.240 84.243 84.244 89.34.26 84.72
Deny from 85.10.210 85.114.129 85.17 85.138 85.195.82 85.25 85.29.187 85.9.20 85.98
Deny from 86.120 86.121 86.51 86.57.191 86.69.93.195 86.70.120.162 86.74.208.95 86.96
Deny from 87.228.15 87.98.179.184 87.98.151 87.98.165.214 87.98.166 87.98.173
Deny from 88.125.64.25 88.147.166 88.15 88.150.163 88.190 88.246.126.43 88.255 88.64 88.80.41
Deny from 89.105.194 89.111 89.137 89.139 89.169 89.147 89.19.178 89.191 89.218 89.234.157.254 89.248.169 89.248.171 89.249.207 89.28 89.30.105.121 89.43 89.44 89.46 89.47
Deny from 90.52.66.253 90.54.190.128
Deny from 91.105.238 91.106 91.108.182 91.109.196 91.109.247 91.121.73.4 91.121.175.35 91.144.177 91.188.124 91.188.39 91.191.173 91.194.57 91.197.89
Deny from 91.200 91.207.4 91.207.5 91.207.6 91.207.7 91.207.8
Deny from 91.212.124 91.213.121 91.217.10 91.218.115 91.218.247 91.221.84 91.224.150
Deny from 91.231.40 91.232.96 91.235 91.236.74 91.236.75 91.237.249 91.238.134 91.239.15
Deny from 91.240.163 91.241.53
Deny from 91.99.61
Deny from 92.113 92.126 92.157.193.130 92.222.66.16 92.233 92.243.166 92.255
Deny from 93.115 93.118 93.127 93.171.205 93.174 93.178 93.179 93.182 93.186.251 93.21.10.70 93.72 93.74 93.77 93.84 93.85 93.94.246
Deny from 94.102.56 94.127 94.153 94  
Deny from 94.23.148 94.23.30.166 94.23.155.150 94.23.157.166 94.23.6.70
Deny from 94.242.115 94.242.237 94.244.70 94.26.172 94.27 94.45
Deny from 95.104 95.105 95.132 95.133 95.141 95.154.87 95.163 95.181 95.211 95.24 95.215.61 95.28 95.65 95.67 95.77 95.78 95.79 #Deny from 96 97 98 99
Deny from 2001:470:b037::0/48
Deny from 2001:41d0:2:71de::0/64
Deny from 2001:da8::0/32
Deny from 2a00:b980:2::0/48
Deny from 2a01:e35:242c:3350:f57f:4bb9:edf8:a5a9
</files>
#</Limit>

Conclusion provisoire

Depuis samedi, les choses vont beaucoup mieux, même si j’ai régulièrement des lenteurs dues à des attaques venues d’autres serveurs. Cette liste est susceptible de connaître des évolutions dans les jours et les mois qui viennent.

0.00 avg. rating (0% score) - 0 votes

WordPress  / Apache Blogosphère Commentaires DDoS Déni de service Fail2ban Iptables Spam Wordpress 

Commentaires

Tu connais le plugin Fail2ban pour WordPress?
Peut être qu’il est possible d’écrire un plugin similaire qui bloquerait les ordi qui veulent poster X commentaire à la minutes + ceux qui sont taggés spam par Askimet?

@Tuxicoman

Non, je ne le connais pas. Je vais m’intéresser à Fail2Ban très rapidement.

En même temps qui utilise WordPress encore ?

@Corbier

Selon Smile, WordPress était en 2012 l’un des trois CMS les plus utilisés. Je ne pense pas que les choses aient changé en 1 an.

@Denis c’était une blague ;-)

@Corbier

Je suis resté de marbre ! ;+)

Laisser un commentaire

(requis)

(requis)