Aggressive IPv Ranges Targeting France and Belgium – Blocklist Update

By /

Listen to this Post

Laurent M., a Senior Cybersecurity Engineer, has identified two IPv4 ranges with five highly aggressive IPs (100% confidence) targeting France and Belgium. These IPs exhibit malicious activities, including Apache attacks, information gathering, remote code execution, web traversal, SSH attacks, and scanning.

Malicious IPs to Block Immediately:

– `45.156.129.105`
– `45.156.129.108`
– `45.156.130.40`
– `45.156.130.42`
– `45.156.130.43`

For those using Laurent’s blocklist, it is updated every 48 hours, so manual blocking may not be necessary.

👉 Blocklist Access (DST=FR, BE): https://lnkd.in/eXGb7jJx

You Should Know: How to Block These IPs Manually

Linux (iptables) Blocking Commands:

 Block single IP 
sudo iptables -A INPUT -s 45.156.129.105 -j DROP

Block multiple IPs 
sudo iptables -A INPUT -s 45.156.129.0/24 -j DROP 
sudo iptables -A INPUT -s 45.156.130.0/24 -j DROP

Save iptables rules (Debian/Ubuntu) 
sudo iptables-save > /etc/iptables/rules.v4

For CentOS/RHEL 
sudo service iptables save

Windows (Firewall) Blocking:

 Block IP via PowerShell 
New-NetFirewallRule -DisplayName "Block Malicious IP" -Direction Inbound -RemoteAddress 45.156.129.105 -Action Block

Block an entire range 
New-NetFirewallRule -DisplayName "Block Malicious Range" -Direction Inbound -RemoteAddress 45.156.129.0/24 -Action Block

Automating IP Blocking via Cron (Linux):

 Add a cron job to update blocklist 
0 /12    /usr/sbin/iptables -A INPUT -s 45.156.129.105 -j DROP

Detecting Suspicious SSH Attacks:

 Check SSH brute-force attempts 
sudo grep "Failed password" /var/log/auth.log

Monitor live SSH attacks 
sudo tail -f /var/log/auth.log | grep "Invalid user"

What Undercode Say:

Staying ahead of threat actors requires proactive blocking and monitoring. Use automated tools like `fail2ban` to dynamically block attackers:

 Install fail2ban 
sudo apt install fail2ban

Configure jail for SSH 
sudo nano /etc/fail2ban/jail.local

Add these settings: 
[bash] 
enabled = true 
maxretry = 3 
bantime = 1h

For Apache attacks, analyze logs:

 Check Apache access logs 
sudo tail -f /var/log/apache2/access.log | grep "45.156.129"

Block IP at the web server level (Apache) 
<Directory "/var/www/html"> 
Require all granted 
Require not ip 45.156.129.105 
</Directory>

Expected Output:

  • Blocked IPs stop appearing in logs.
  • Reduced unauthorized login attempts.
  • Improved server security posture.

Stay vigilant and update blocklists regularly! 🚨

References:

Reported By: Laurent Minne – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: