blocking lame botnets

 #!/bin/sh


if [ -z "$1" ] ; then

echo please provide the ip to ban

exit

fi


if [ -z "$2" ] ; then

echo please provide the reason as a string with underscores

echo eg tried_to_hack_dns

echo if you provide the reason as http-hacker it will

echo prevent this ip from accessing http ports

exit

fi 


if [ -z "`grep $1 /etc/hosts.deny`" ] ; then

echo "# "$2 >> /etc/hosts.deny

if [ "$2" != "http-hacker" ] ; then

echo "sshd,pop,pop3,smb,imap,afp,ftp: "$1 >> /etc/hosts.deny

fi

if [ "$2" = "http-hacker" ] ; then

        echo "sshd,pop,pop3,smb,imap,afp,ftp,http,https: "$1 >> /etc/hosts.deny

        fi

echo "Added the following to hosts.deny:"

tail -n2 /etc/hosts.deny

ourIp="[insert here]"

echo "iptables -t filter -I INPUT -s $1 -p tcp --dport 22 -d $ourIp -j REJECT etc, etc"

iptables -t filter -I INPUT -s $1 -p tcp --dport 22 -d $ourIp -j REJECT

iptables -t filter -I INPUT -s $1 -p tcp --dport 110 -d $ourIp -j REJECT

iptables -t filter -I INPUT -s $1 -p tcp --dport 143 -d $ourIp -j REJECT

iptables -t filter -I INPUT -s $1 -p tcp --dport 548 -d $ourIp -j REJECT

iptables -t filter -I INPUT -s $1 -p tcp --dport 20 -d $ourIp -j REJECT

iptables -t filter -I INPUT -s $1 -p tcp --dport 21 -d $ourIp -j REJECT

iptables -t filter -I INPUT -s $1 -p tcp --dport 445 -d $ourIp -j REJECT

if [ "$2" = "http-hacker" ] ; then

iptables -t filter -I INPUT -s $1 -p tcp --dport 80 -d $ourIp -j REJECT

iptables -t filter -I INPUT -s $1 -p tcp --dport 443  -d $ourIp -j REJECT

fi

iptables-save > /etc/sysconfig/iptables.save

fi

if [ "`grep $1 /etc/hosts.deny`" = "" ] ; then

echo $1" is already in hosts.deny"

fi


/scripts/ban-email $1 $2


echo "DONT FORGET TO TRY SSH IN TO CHECK THE FIREWALL HASNT LOCKED YOU OUT"


echo $1 >> /root/hackers




and ban-email script:


#!/bin/sh


if [ -z "$1" ] ; then

echo please provide the ip or address to ban

exit

fi


if [ -z "$2" ] ; then

echo please provide the reason as a string with underscores

echo eg spammer

exit

fi 


if [ -z "`grep $1 /etc/mail/access`" ] ; then

# we've not banned them before

echo "# "$2 >> /etc/mail/access

echo $1"      DENY" >> /etc/mail/access

cd /etc/mail ; make ; cd - 2> /dev/null 1>/dev/null

echo "Added the following to mail-access:"

tail -n2 /etc/mail/access

# echo "blacklist_from $1" >> /etc/mail/sa-blacklist

#/scripts/sa-restart

exit

fi

if [ "`grep $1 /etc/mail/access`" != "" ] ; then

echo "not adding $1 - alreading in mail.access"

exit

fi


Popular posts from this blog

Pause a program which is using too much CPU

Sometimes your battery is running low and you need to pause a program without quitting it or force-quitting it, so that you can preserve battery but not lose the job that the program is doing. To do this,  Step 1. open a terminal Step 2. type:  ps ax | grep -i  "<program name>" so for example, if it's photoshop you need to pause, replace "<program name>" with "photoshop" Step 3. Next to the results on the far left you'll see a number, usually with 5 digits. E.g. 12345. Step 4. Type:  kill -STOP 12345 where 12345 are the numbers obtained in Step 2-3. Step 5. When you want to resume the program, type kill -CONT 12345 It should then continue to operate or run as usual without problems.
Read more

throttle traffic on apache

sudo apt install apache2-utils sudo apt install libapache2-mod-evasive vi /etc/apache2/mods-enabled/evasive.conf service apache restart edit it and set values as per below or whatever else you like, the time quantities are seconds     DOSSiteInterval     1     DOSBlockingPeriod   10     #DOSLogDir           "/var/lock/mod_evasive"
Read more

/var/log/journal taking up lots of space

 If /var/log/journal is taking up too much space, you can clear it and prevent it growing too big again. Prevention: vi /etc/systemd/journald.conf   Look for: SystemMaxUse=2000M Or similar, and set it to a lower value Then: service systemd-journald restart Clearing once-off: journalctl --vacuum-time=2d assuming for example you want to clear everything before two days ago.
Read more