blocking lame botnets

 #!/bin/sh


if [ -z "$1" ] ; then

echo please provide the ip to ban

exit

fi


if [ -z "$2" ] ; then

echo please provide the reason as a string with underscores

echo eg tried_to_hack_dns

echo if you provide the reason as http-hacker it will

echo prevent this ip from accessing http ports

exit

fi 


if [ -z "`grep $1 /etc/hosts.deny`" ] ; then

echo "# "$2 >> /etc/hosts.deny

if [ "$2" != "http-hacker" ] ; then

echo "sshd,pop,pop3,smb,imap,afp,ftp: "$1 >> /etc/hosts.deny

fi

if [ "$2" = "http-hacker" ] ; then

        echo "sshd,pop,pop3,smb,imap,afp,ftp,http,https: "$1 >> /etc/hosts.deny

        fi

echo "Added the following to hosts.deny:"

tail -n2 /etc/hosts.deny

ourIp="[insert here]"

echo "iptables -t filter -I INPUT -s $1 -p tcp --dport 22 -d $ourIp -j REJECT etc, etc"

iptables -t filter -I INPUT -s $1 -p tcp --dport 22 -d $ourIp -j REJECT

iptables -t filter -I INPUT -s $1 -p tcp --dport 110 -d $ourIp -j REJECT

iptables -t filter -I INPUT -s $1 -p tcp --dport 143 -d $ourIp -j REJECT

iptables -t filter -I INPUT -s $1 -p tcp --dport 548 -d $ourIp -j REJECT

iptables -t filter -I INPUT -s $1 -p tcp --dport 20 -d $ourIp -j REJECT

iptables -t filter -I INPUT -s $1 -p tcp --dport 21 -d $ourIp -j REJECT

iptables -t filter -I INPUT -s $1 -p tcp --dport 445 -d $ourIp -j REJECT

if [ "$2" = "http-hacker" ] ; then

iptables -t filter -I INPUT -s $1 -p tcp --dport 80 -d $ourIp -j REJECT

iptables -t filter -I INPUT -s $1 -p tcp --dport 443  -d $ourIp -j REJECT

fi

iptables-save > /etc/sysconfig/iptables.save

fi

if [ "`grep $1 /etc/hosts.deny`" = "" ] ; then

echo $1" is already in hosts.deny"

fi


/scripts/ban-email $1 $2


echo "DONT FORGET TO TRY SSH IN TO CHECK THE FIREWALL HASNT LOCKED YOU OUT"


echo $1 >> /root/hackers




and ban-email script:


#!/bin/sh


if [ -z "$1" ] ; then

echo please provide the ip or address to ban

exit

fi


if [ -z "$2" ] ; then

echo please provide the reason as a string with underscores

echo eg spammer

exit

fi 


if [ -z "`grep $1 /etc/mail/access`" ] ; then

# we've not banned them before

echo "# "$2 >> /etc/mail/access

echo $1"      DENY" >> /etc/mail/access

cd /etc/mail ; make ; cd - 2> /dev/null 1>/dev/null

echo "Added the following to mail-access:"

tail -n2 /etc/mail/access

# echo "blacklist_from $1" >> /etc/mail/sa-blacklist

#/scripts/sa-restart

exit

fi

if [ "`grep $1 /etc/mail/access`" != "" ] ; then

echo "not adding $1 - alreading in mail.access"

exit

fi


Popular posts from this blog

Automatically Fix Song Metadata and Filenames on Linux with Beets

throttle traffic on apache

script to show all files with disk usage sizes