Recherches récentes
Options de recherche
We collected 470K IPv4s from a botnet that was trying to get all the content from our social network; it was behaving in such a way that we could track every single request it made. Since we blocked it, the server has been working much better; it hasn't been running with such a low load for at least a year.
Here is the latest file, more than 506K /32.
https://www.partagerfichier.fr/download/2025-03-31-16-46-39_botnet-set.zip
Can you try to use the ipset and tell us if it works ? Reply on seenthis or on mastodon, tagging https://seenthis.net/people/biggrizzly or https://framapiaf.org/@biggrizzly
https://seenthis.net/messages/1105923
It's an `ipset` backup (https://ipset.netfilter.org/ipset.man.html).
You can restore the file using this command line :
ipset restore -file ./botnet-set
You can declare it in iptables, using this command line :
iptables -A INPUT -m set --match-set botnet-set src -j DROP
The origin of this botnet should be investigated.
GeoIP study ; it looks like compromised devices on residential connections.
https://pixelfed.zoo-logique.org/storage/m/_v2/493806419159965724/549719332-a3f277/UeErDnEy4q9Z/TMGG8PWDW1zgoyWtTAUSaC7qqHQrEoqdpdiTUWT4.png
@biggrizzly It is working for me
Just from yesterday I had multiple requests from all of these IPs:
https://share.nabein.me/f.php?h=3lCSeuFZ&p=1
Thank you very much for this list :)
