286
edits
Changes
Jump to navigation
Jump to search
m
Auto Update IP Tables Firewall Rules from Apache Error Log Auto Spam Protect (view source)
Revision as of 18:34, 11 May 2016
, 18:34, 11 May 2016no edit summary
Info: If Hackers / Spammers run scrips against the SME Server, it is logged into /var/log/httpd/error_log this script exports the bad ip adresses and pushes them into the firewall
as root create with vi editor:
$vi /root/antispam.sh
<pre>
#!/bin/bash
rm /spam.txt
touch /spam.txt
cat /var/log/httpd/error_log | cut -d ']' -f3 | cut -d '[' -f2 | cut -d ' ' -f2 | grep '^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}$'> /spam.txt
sort /spam.txt | uniq | for IP in $(cat /spam.txt); do \ sbin/iptables -A INPUT -s $IP/32 -d 0/0 -j DROP; done
exit 0
</pre>
do run the script as root by cron daemon every hour:
edit:
<pre>
$crontab -e
</pre>
insert:
<pre>
@hourly sh /root/antispam.sh > /dev/zero 2>&1
</pre>
as root create with vi editor:
$vi /root/antispam.sh
<pre>
#!/bin/bash
rm /spam.txt
touch /spam.txt
cat /var/log/httpd/error_log | cut -d ']' -f3 | cut -d '[' -f2 | cut -d ' ' -f2 | grep '^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}$'> /spam.txt
sort /spam.txt | uniq | for IP in $(cat /spam.txt); do \ sbin/iptables -A INPUT -s $IP/32 -d 0/0 -j DROP; done
exit 0
</pre>
do run the script as root by cron daemon every hour:
edit:
<pre>
$crontab -e
</pre>
insert:
<pre>
@hourly sh /root/antispam.sh > /dev/zero 2>&1
</pre>