Script Auto Block bad trafic cu csf firewall

AlexH

Merg pe strada catre Mine...
Membru personal
Administrative
Freelancer
SEO Expert
#1
Acesta este un script care blocheaza automat traficul bad care vine pe server sau vps.

1. login pe root cu putty
2. editati limita la ip banate (deny limit) din 100 in zero
Cod:
nano /etc/csf/csf.conf
3. salvati acest script in radacina root cu numele autoblock.sh
Cod:
========<<<>>>=======
#!/bin/bash

netstat -anp |grep ‘:80’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n > ~/curr
while read list
do
conns=`echo $list | awk ‘{print $1}’`
ip=`echo $list | awk ‘{print $2}’`
if [ “$conns” -ge 20 ]
then
exist=`cat /etc/csf/csf.deny | grep $ip`
if [ “$ip” != “$exist” ]
then
echo blocking $ip with $conns connections
iptables -I INPUT -s $ip -j DROP
echo $ip >> /etc/csf/csf.deny
blocked=`echo yes`
fi
blocked=`echo yes`
fi
done < ~/curr

if [ $blocked == “yes” ]
then
/etc/init.d/httpd stop
pkill httpd
/etc/init.d/httpd start
fi
=======<<<>>>=======
4. facem cron pentru a rula scriptul si pentru asta rulam comanda de mai jos.
Cod:
*/1 * * * * /root/autoblock.sh >> /var/log/autoblock
5. executam restart la csf

Modificati -ge 20 in orice valoare va convine voua.
 

GoldMember

Member
Registered
#2
Interesant, dar nu inteleg de ce atunci cand primesti un ip blocat opresti si pornesti httpd-ul, daca ai 10 cereri de la diferite ip-uri in acel moment, toate 10 vor primi server offline.
 
Sus