John's Linux blog

 Say you have a list of IP addresses from a log file of hackers/losers/DDoSers. Step 1, install geoiplookup sudo apt-get install geoip-bin Step 2, for i in `cat list` ; do ( echo -n $i" " ; geoiplookup $i ) ; done | grep -v "South Africa" This basically will let you look up who they are and ignore IPs from home country, in this case South Africa. Once you decide which countries are likely to be hackers (Hello, former soviet bloc!) - then you block their IPs.

sudo apt install apache2-utils sudo apt install libapache2-mod-evasive vi /etc/apache2/mods-enabled/evasive.conf service apache restart edit it and set values as per below or whatever else you like, the time quantities are seconds     DOSSiteInterval     1     DOSBlockingPeriod   10     #DOSLogDir           "/var/lock/mod_evasive"

 As I block botnets IP addresses I will put them here for yall to block as well. Botnet file list

  #!/bin/sh if [ -z "$1" ] ; then echo please provide the ip to ban exit fi if [ -z "$2" ] ; then echo please provide the reason as a string with underscores echo eg tried_to_hack_dns echo if you provide the reason as http-hacker it will echo prevent this ip from accessing http ports exit fi  if [ -z "`grep $1 /etc/hosts.deny`" ] ; then echo "# "$2 >> /etc/hosts.deny if [ "$2" != "http-hacker" ] ; then echo "sshd,pop,pop3,smb,imap,afp,ftp: "$1 >> /etc/hosts.deny fi if [ "$2" = "http-hacker" ] ; then         echo "sshd,pop,pop3,smb,imap,afp,ftp,http,https: "$1 >> /etc/hosts.deny         fi echo "Added the following to hosts.deny:" tail -n2 /etc/hosts.deny ourIp="[insert here]" echo "iptables -t filter -I INPUT -s $1 -p tcp --dport 22 -d $ourIp -j REJECT etc, etc" iptables -t fil