Script Auto Block bad trafic cu csf firewall

[AlexH]

Acesta este un script care blocheaza automat traficul bad care vine pe server sau vps.

1. login pe root cu putty
2. editati limita la ip banate (deny limit) din 100 in zero

nano /etc/csf/csf.conf

3. salvati acest script in radacina root cu numele autoblock.sh

========<<<>>>=======
#!/bin/bash

netstat -anp |grep ‘:80’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n > ~/curr
while read list
do
conns=`echo $list | awk ‘{print $1}’`
ip=`echo $list | awk ‘{print $2}’`
if [ “$conns” -ge 20 ]
then
exist=`cat /etc/csf/csf.deny | grep $ip`
if [ “$ip” != “$exist” ]
then
echo blocking $ip with $conns connections
iptables -I INPUT -s $ip -j DROP
echo $ip >> /etc/csf/csf.deny
blocked=`echo yes`
fi
blocked=`echo yes`
fi
done < ~/curr

if [ $blocked == “yes” ]
then
/etc/init.d/httpd stop
pkill httpd
/etc/init.d/httpd start
fi
=======<<<>>>=======

4. facem cron pentru a rula scriptul si pentru asta rulam comanda de mai jos.

*/1 * * * * /root/autoblock.sh >> /var/log/autoblock

5. executam restart la csf

Modificati -ge 20 in orice valoare va convine voua.

 

[GoldMember]

Interesant, dar nu inteleg de ce atunci cand primesti un ip blocat opresti si pornesti httpd-ul, daca ai 10 cereri de la diferite ip-uri in acel moment, toate 10 vor primi server offline.