Auto Update IP Tables Firewall Rules from Apache Error Log Auto Spam Protect

From wiki.linuxonlinehelp.de
Jump to: navigation, search

Info: If Hackers / Spammers run scrips against the SME Server, it is logged into /var/log/httpd/error_log this script exports the bad ip adresses and pushes them into the firewall

as root create with vi editor:

$vi /root/antispam.sh

#!/bin/bash
rm /spam.txt
touch /spam.txt
cat /var/log/httpd/error_log | cut -d ']' -f3 | cut -d '[' -f2 | cut -d ' ' -f2 | grep '^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}$'> /spam.txt 
sort /spam.txt | uniq | for IP in $(cat /spam.txt); do \ sbin/iptables -A INPUT -s $IP/32 -d 0/0 -j DROP; done
exit 0

do run the script as root by cron daemon every hour: edit:

$crontab -e

insert:

@hourly   sh  /root/antispam.sh  > /dev/zero 2>&1