Wednesday, September 8, 2021

Blacklist…..

One way I’ve done this….

root@azcopley:~# route add 84.38.129.0 gw 127.0.0.1 lo

For people I’ve noticed are attacking me..

Not sure about you. I know there are a lot of easier ways to do this. Some of the programs.. fail2ban and that kind of thing work wonders. However I’m a bit heavy handed :)

BLACKLIST=/tmp/blacklist
GREP="/usr/bin/grep -Ev"
IPT="/usr/sbin/iptables -A"

/root/blacklistip.sh

IPS=$($GREP "^#" $BLACKLIST)

for IP in $IPS
 do
  $IPT INPUT -s $IP -j DROP
  $IPT OUTPUT -d $IP -j DROP
done
root@azcopley:~#

Call out IP addresses / backup the list so I don’t have to re-exmine those people I’ll eventually want to clean it out, so people re-using ip addresses don’t get blocked, but I really don’t supose that’ll happen real frequently.

 cat blacklistip.sh
#!/bin/sh
CAT="/usr/bin/cat"
GREP="/usr/bin/grep -i"
AWK="/usr/bin/awk"
UNIQ="/usr/bin/uniq"
SORT="/usr/bin/sort"

ATTACK="sshd"
TMPFILE=/tmp/$ATTACK.attack
BLACK="/tmp/blacklist"
FILE="/var/log/iptables.log"
#
#  Copy off previous

$CAT $BLACK.new > $BLACK.old

$CAT $FILE | $GREP $ATTACK | $AWK '{ print $11 }' > $TMPFILE.1
$CAT $TMPFILE.1 | $AWK -F "=" '{ print $2 }' >> $TMPFILE.2
$SORT $TMPFILE.2 > $TMPFILE.3

$UNIQ $TMPFILE.3 > $BLACK.new
#
#  Only blacklist ones not done before....
#
$AWK 'NR=FNR{a[$0];next}!($0 in a)' $BLACK.old $BLACK.new > $BLACK

Well, the list keeps growing…. Script kiddies. and the like.

 cat /tmp/blacklist.new
103.108.87.133
103.218.3.18
103.228.183.10
103.254.198.67
103.3.226.166
104.131.84.222
104.40.217.239
106.116.118.89
106.12.119.1
106.12.125.241
106.12.166.166
106.12.179.191
106.12.211.254
106.12.214.145
106.12.99.204
106.13.167.62
106.13.176.163
106.13.35.232
106.13.44.83
106.13.45.212
106.13.78.7
106.51.98.159
106.52.42.153
106.53.89.104
106.54.127.61
106.54.200.209
106.75.141.160
106.75.28.38
111.203.196.62
111.229.43.27
111.230.231.145
111.230.29.17
111.231.238.83
111.231.69.68
111.40.217.92
112.21.188.235
112.3.30.119
112.35.77.101
114.4.227.194
114.80.94.228
117.50.5.198
117.50.77.220
118.24.88.241
118.25.91.168
118.89.219.116
118.89.78.131
119.29.104.238
121.229.18.144
121.66.252.158
122.152.208.61
122.155.17.174
122.51.10.222
122.51.245.240
122.51.34.199
122.51.39.232
122.55.190.12
123.59.199.45
124.152.118.131
124.93.160.82
124.93.18.202
128.199.107.114
128.199.164.253
128.199.99.204
129.204.51.77
129.28.183.62
13.71.21.123
131.108.60.30
132.232.53.85
138.117.179.134
138.219.129.150
138.68.22.231
139.59.10.42
139.59.87.250
140.143.233.29
140.207.96.235
140.86.12.31
142.93.140.242
145.239.83.104
145.239.87.35
150.136.160.141
150.158.122.241
152.136.152.45
152.32.144.26
152.67.47.139
157.230.163.6
159.65.176.156
161.189.144.43
162.0.225.199
162.243.237.90
162.251.23.43
164.132.42.32
164.163.99.10
165.227.203.162
167.114.114.114
170.210.121.208
171.244.51.114
175.24.49.130
176.197.5.34
176.31.162.82
178.128.221.85
178.128.56.89
178.128.57.147
178.32.115.26
179.191.123.46
18.220.207.167
180.168.212.6
180.76.138.132
180.76.186.109
181.123.177.150
181.46.80.183
183.195.121.197
183.81.152.109
185.107.95.231
185.129.148.43
185.165.169.168
185.20.82.2
185.254.207.197
188.168.82.246
190.210.62.45
191.189.238.135
192.35.168.195
192.35.169.20
192.99.12.24
193.112.28.27
194.204.194.11
195.54.160.99
195.54.161.15
198.98.61.68
2.36.136.146
200.204.174.163
202.147.198.154
203.151.146.216
203.177.71.254
203.185.61.140
206.253.166.69
209.126.124.203
211.108.69.103
211.90.37.75
212.51.148.162
213.184.249.95
213.204.124.71
213.217.0.177
216.126.58.224
217.182.94.110
223.240.109.231
35.201.150.16
35.241.72.130
37.187.3.53
41.223.4.155
41.63.0.133
41.93.32.94
43.241.238.152
43.248.124.132
45.118.151.85
45.14.150.103
45.157.120.16
45.170.73.13
45.92.126.74
46.101.40.21
49.232.136.245
49.232.33.182
49.232.59.246
49.233.33.118
49.233.84.128
49.235.151.50
49.247.196.128
5.196.70.107
5.249.159.37
51.178.51.36
51.38.126.75
51.38.188.63
51.68.227.98
51.75.18.212
51.79.44.52
51.79.70.223
51.79.85.142
51.83.75.97
51.91.100.120
54.37.75.210
58.87.78.80
59.13.125.142
60.167.180.193
60.2.224.234
61.12.26.145
61.160.107.66
61.183.139.155
62.171.148.78
62.210.119.215
62.234.167.126
62.4.21.144
65.78.99.127
66.70.205.186
77.122.171.25
79.137.34.248
79.17.217.113
80.211.246.93
84.2.226.70
89.154.4.249
89.248.168.51
91.121.211.59
92.222.156.151
93.148.0.91
94.103.80.118
97.90.110.160
root@azcopley:~#

E-mail Maint

Where is all my mail going for each account? PITA….

root@azcopley:/home# cat forward.sh
#!/bin/bash
ECHO="/usr/bin/echo"

FILES="/home/*"
for ENTRY in $FILES
  do
    $ECHO "ACCOUNT: " $ENTRY
    cat $ENTRY/.forward
    $ECHO "-----------------------------------------"
  done

$ECHO "--------------------DONE------------------"

TO Here: 

:/home# ./forward.sh
-----------------------------------------
ACCOUNT: /home/acp
timc@azcopley.com
jeannie@azcopley.com
-----------------------------------------
ACCOUNT: /home/ccp
timc@azcopley.com
jeannie@azcopley.com
-----------------------------------------
ACCOUNT: /home/copleyproperties
timc@azcopley.com
jeannie@azcopley.com
-----------------------------------------
ACCOUNT: /home/crac
timc@azcopley.com
jeannie@azcopley.com
-----------------------------------------
ACCOUNT: /home/jeannie
jeanniecopley@gmail.com
-----------------------------------------
ACCOUNT: /home/jojoba
timc@azcopley.com
jeannie@azcopley.com
-----------------------------------------
ACCOUNT: /home/mcp
timc@azcopley.com
jeannie@azcopley.com
-----------------------------------------
ACCOUNT: /home/pcp
timc@azcopley.com
jeannie@azcopley.com
-----------------------------------------
ACCOUNT: /home/tcp
timc@azcopley.com
jeannie@azcopley.com
-----------------------------------------
ACCOUNT: /home/tim
timc@azcopley.com
-----------------------------------------
ACCOUNT: /home/timc

-----------------------------------------
ACCOUNT: /home/timcopley
timc@azcopley.com
-----------------------------------------
ACCOUNT: /home/tuv
timc@azcopley.com
jeannie@azcopley.com
-----------------------------------------
--------------------DONE------------------
home#