Wednesday, September 8, 2021
Blacklist…..
One way I’ve done this….
root@azcopley:~# route add 84.38.129.0 gw 127.0.0.1 lo
For people I’ve noticed are attacking me..
Not sure about you. I know there are a lot of easier ways to do this. Some of the programs.. fail2ban and that kind of thing work wonders. However I’m a bit heavy handed :)
BLACKLIST=/tmp/blacklist GREP="/usr/bin/grep -Ev" IPT="/usr/sbin/iptables -A" /root/blacklistip.sh IPS=$($GREP "^#" $BLACKLIST) for IP in $IPS do $IPT INPUT -s $IP -j DROP $IPT OUTPUT -d $IP -j DROP done root@azcopley:~#
Call out IP addresses / backup the list so I don’t have to re-exmine those people I’ll eventually want to clean it out, so people re-using ip addresses don’t get blocked, but I really don’t supose that’ll happen real frequently.
cat blacklistip.sh #!/bin/sh CAT="/usr/bin/cat" GREP="/usr/bin/grep -i" AWK="/usr/bin/awk" UNIQ="/usr/bin/uniq" SORT="/usr/bin/sort" ATTACK="sshd" TMPFILE=/tmp/$ATTACK.attack BLACK="/tmp/blacklist" FILE="/var/log/iptables.log" # # Copy off previous $CAT $BLACK.new > $BLACK.old $CAT $FILE | $GREP $ATTACK | $AWK '{ print $11 }' > $TMPFILE.1 $CAT $TMPFILE.1 | $AWK -F "=" '{ print $2 }' >> $TMPFILE.2 $SORT $TMPFILE.2 > $TMPFILE.3 $UNIQ $TMPFILE.3 > $BLACK.new # # Only blacklist ones not done before.... # $AWK 'NR=FNR{a[$0];next}!($0 in a)' $BLACK.old $BLACK.new > $BLACK
Well, the list keeps growing…. Script kiddies. and the like.
cat /tmp/blacklist.new 103.108.87.133 103.218.3.18 103.228.183.10 103.254.198.67 103.3.226.166 104.131.84.222 104.40.217.239 106.116.118.89 106.12.119.1 106.12.125.241 106.12.166.166 106.12.179.191 106.12.211.254 106.12.214.145 106.12.99.204 106.13.167.62 106.13.176.163 106.13.35.232 106.13.44.83 106.13.45.212 106.13.78.7 106.51.98.159 106.52.42.153 106.53.89.104 106.54.127.61 106.54.200.209 106.75.141.160 106.75.28.38 111.203.196.62 111.229.43.27 111.230.231.145 111.230.29.17 111.231.238.83 111.231.69.68 111.40.217.92 112.21.188.235 112.3.30.119 112.35.77.101 114.4.227.194 114.80.94.228 117.50.5.198 117.50.77.220 118.24.88.241 118.25.91.168 118.89.219.116 118.89.78.131 119.29.104.238 121.229.18.144 121.66.252.158 122.152.208.61 122.155.17.174 122.51.10.222 122.51.245.240 122.51.34.199 122.51.39.232 122.55.190.12 123.59.199.45 124.152.118.131 124.93.160.82 124.93.18.202 128.199.107.114 128.199.164.253 128.199.99.204 129.204.51.77 129.28.183.62 13.71.21.123 131.108.60.30 132.232.53.85 138.117.179.134 138.219.129.150 138.68.22.231 139.59.10.42 139.59.87.250 140.143.233.29 140.207.96.235 140.86.12.31 142.93.140.242 145.239.83.104 145.239.87.35 150.136.160.141 150.158.122.241 152.136.152.45 152.32.144.26 152.67.47.139 157.230.163.6 159.65.176.156 161.189.144.43 162.0.225.199 162.243.237.90 162.251.23.43 164.132.42.32 164.163.99.10 165.227.203.162 167.114.114.114 170.210.121.208 171.244.51.114 175.24.49.130 176.197.5.34 176.31.162.82 178.128.221.85 178.128.56.89 178.128.57.147 178.32.115.26 179.191.123.46 18.220.207.167 180.168.212.6 180.76.138.132 180.76.186.109 181.123.177.150 181.46.80.183 183.195.121.197 183.81.152.109 185.107.95.231 185.129.148.43 185.165.169.168 185.20.82.2 185.254.207.197 188.168.82.246 190.210.62.45 191.189.238.135 192.35.168.195 192.35.169.20 192.99.12.24 193.112.28.27 194.204.194.11 195.54.160.99 195.54.161.15 198.98.61.68 2.36.136.146 200.204.174.163 202.147.198.154 203.151.146.216 203.177.71.254 203.185.61.140 206.253.166.69 209.126.124.203 211.108.69.103 211.90.37.75 212.51.148.162 213.184.249.95 213.204.124.71 213.217.0.177 216.126.58.224 217.182.94.110 223.240.109.231 35.201.150.16 35.241.72.130 37.187.3.53 41.223.4.155 41.63.0.133 41.93.32.94 43.241.238.152 43.248.124.132 45.118.151.85 45.14.150.103 45.157.120.16 45.170.73.13 45.92.126.74 46.101.40.21 49.232.136.245 49.232.33.182 49.232.59.246 49.233.33.118 49.233.84.128 49.235.151.50 49.247.196.128 5.196.70.107 5.249.159.37 51.178.51.36 51.38.126.75 51.38.188.63 51.68.227.98 51.75.18.212 51.79.44.52 51.79.70.223 51.79.85.142 51.83.75.97 51.91.100.120 54.37.75.210 58.87.78.80 59.13.125.142 60.167.180.193 60.2.224.234 61.12.26.145 61.160.107.66 61.183.139.155 62.171.148.78 62.210.119.215 62.234.167.126 62.4.21.144 65.78.99.127 66.70.205.186 77.122.171.25 79.137.34.248 79.17.217.113 80.211.246.93 84.2.226.70 89.154.4.249 89.248.168.51 91.121.211.59 92.222.156.151 93.148.0.91 94.103.80.118 97.90.110.160 root@azcopley:~#
E-mail Maint
Where is all my mail going for each account? PITA….
root@azcopley:/home# cat forward.sh #!/bin/bash ECHO="/usr/bin/echo" FILES="/home/*" for ENTRY in $FILES do $ECHO "ACCOUNT: " $ENTRY cat $ENTRY/.forward $ECHO "-----------------------------------------" done $ECHO "--------------------DONE------------------"
TO Here:
:/home# ./forward.sh ----------------------------------------- ACCOUNT: /home/acp timc@azcopley.com jeannie@azcopley.com ----------------------------------------- ACCOUNT: /home/ccp timc@azcopley.com jeannie@azcopley.com ----------------------------------------- ACCOUNT: /home/copleyproperties timc@azcopley.com jeannie@azcopley.com ----------------------------------------- ACCOUNT: /home/crac timc@azcopley.com jeannie@azcopley.com ----------------------------------------- ACCOUNT: /home/jeannie jeanniecopley@gmail.com ----------------------------------------- ACCOUNT: /home/jojoba timc@azcopley.com jeannie@azcopley.com ----------------------------------------- ACCOUNT: /home/mcp timc@azcopley.com jeannie@azcopley.com ----------------------------------------- ACCOUNT: /home/pcp timc@azcopley.com jeannie@azcopley.com ----------------------------------------- ACCOUNT: /home/tcp timc@azcopley.com jeannie@azcopley.com ----------------------------------------- ACCOUNT: /home/tim timc@azcopley.com ----------------------------------------- ACCOUNT: /home/timc ----------------------------------------- ACCOUNT: /home/timcopley timc@azcopley.com ----------------------------------------- ACCOUNT: /home/tuv timc@azcopley.com jeannie@azcopley.com ----------------------------------------- --------------------DONE------------------ home#