Changes

Jump to navigation Jump to search
m
no edit summary
Info: If Hackers / Spammers run scrips against the SME Server, it is logged into /var/log/httpd/error_log this script exports the bad ip adresses and pushes them into the firewall

as root create with vi editor:

$vi /root/antispam.sh

<pre>
#!/bin/bash
rm /spam.txt
touch /spam.txt
cat /var/log/httpd/error_log | cut -d ']' -f3 | cut -d '[' -f2 | cut -d ' ' -f2 | grep '^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}$'> /spam.txt
sort /spam.txt | uniq | for IP in $(cat /spam.txt); do \ sbin/iptables -A INPUT -s $IP/32 -d 0/0 -j DROP; done
exit 0
</pre>

do run the script as root by cron daemon every hour:
edit:
<pre>
$crontab -e
</pre>
insert:
<pre>
@hourly sh /root/antispam.sh > /dev/zero 2>&1
</pre>

Navigation menu