Bash Script - IP Banning With Iptables

Apr 28, 2009

my VPS provided didn't enable a lot of modules and that's why I can use a firewall(csf or apf) and dos deflate script

I need a simple script for it.

First,it has to call this:
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
then there will be something like:
Number : IP address
20 1.2.3.4
40 1.2.3.5
80 1.2.3.6
and then the bash script has to bann IPs with more than 30 connections(In our case: 1.2.3.5 and 1.2.3.6) with this:
iptables -A INPUT -s IP_FOR_BLOCK -j DROP

View 14 Replies


ADVERTISEMENT

Iptables And Banning Ip Addresses

Jan 19, 2007

ý'd want to ban some ip addresses and i tried use iptables. But it doesnt work so far.

what i did is:
root/sbin/ iptables -A INPUT -p tcp -s 193.93.236.0/22 -d any/0 -m state --state NEW -j DROP

as seen, i tried to ban an ip range from my box (coz of spam). But it looks that doesnt work.

What i want to do is to prevent wp spammers to post their disgraceful links to my database.

i am using centos.

View 13 Replies View Related

Banning SSH Abusers

Nov 15, 2007

About a week ago I got logs from the server that looked like this:

unknown (200.87.116.210): 5112 Time(s)
unknown (65.111.177.212): 5005 Time(s)
unknown (bastion.fmg-kopernik.ru): 662 Time(s)
root (bastion.fmg-kopernik.ru): 657 Time(s)

I then turned on the brute force protection cPanel provides, and it went down considerably from there. I'm not concerned at all about it (since the passwords are strong), but I would like to know the best way to determine abusive users (of SSH), and the best way to ban them.

Assuming the server does not have APF installed, or any particular control panel...

View 14 Replies View Related

Server Banning Itself

Dec 20, 2007

Getting these emails, several a day telling me that the server is banning its own allocated IP addresses. Can someone explain what on earth it could possibly be doing to ban its own IP's?

From - Thu Dec 20 16:50:47 2007
X-Account-Key: account3
X-UIDL: GmailId116f88c2a1c060ca
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Delivered-To: myemail@gmail.com
Received: by 10.90.78.14 with SMTP id a14cs288558agb;
Thu, 20 Dec 2007 09:14:04 -0800 (PST)
Received: by 10.142.177.7 with SMTP id z7mr183490wfe.47.1198170843836;
Thu, 20 Dec 2007 09:14:03 -0800 (PST)
Return-Path: <root@host.domain.com.br>
Received: from server.domain.com.br (domain.com.br [xxx.xxx64.138])
by mx.google.com with ESMTP id m8si38592roe.1.2007.12.20.09.14.03;
Thu, 20 Dec 2007 09:14:03 -0800 (PST)
Received-SPF: pass (google.com: domain of root@server.domain.com.br designates xxx.xxx.64.138 as permitted sender) client-ip=xxx.xxx.64.138;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of root@server.domain.com.br designates xxx.xxx.64.138 as permitted sender) smtp.mail=root@server.domain.com.br
Received: from root by server.domain.com.br with local (Exim 4.68)
(envelope-from <root@server.domain.com.br>)
id 1J5OyA-0004us-63
for root@server.domain.com.br; Thu, 20 Dec 2007 15:13:39 -0200
To: root@server.domain.com.br
Subject: IP addresses banned on Thu Dec 20 15:13:39 BRST 2007
Message-Id: <E1J5OyA-0004us-63@server.domain.com.br>
From: root <root@server.domain.com.br>
Date: Thu, 20 Dec 2007 15:13:39 -0200
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server.domain.com.br
X-AntiAbuse: Original Domain - server.domain.com.br
X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12]
X-AntiAbuse: Sender Address Domain - server.domain.com.br

Banned the following ip addresses on Thu Dec 20 15:13:38 BRST 2007

xxx.xxx64.138 with 151 connections

I have centos 4 / cpanel installed with apf / bfd yet the deny host rules for apf does not show the server IP's listed as banned.

View 2 Replies View Related

Apf Firewall Banning Range

Mar 8, 2007

I need to ban IP range and I inserted say ip 12.44.0.0 in the deny_hosts rules, this should ban range from 12.44 but strange is people from that range still be able to access my site, any idea what went wrong?

View 3 Replies View Related

Banning Yahoo Slurp IPs

Jul 6, 2008

How can i ban Yahoo! Slurp and its IPs using .htacces?

View 3 Replies View Related

Banning A Whole Country IP Range From My Website

Oct 28, 2008

I want to stop users from country X from accessing my website, I know I can ban people's IPs but I dont know if it is possible to ban certain geographical area and if so, I haven't got a clue about how to do it.

View 8 Replies View Related

Range Banning With IPSec On Windows Server

Oct 9, 2006

Does anyone know how to range ban IPs using IPsec.

I can enter IPs manually but unable to ban an entire RANGE of ips

i.e. For example 172.10.10.10 - 172.1.1.999

Anyone know?

View 4 Replies View Related

VBulleting Is Triggering Mod_security Rule And Banning People

Jun 23, 2008

I installed mod_security and the 403security rules on my VPS (Centos 4.1, Release version of WHM).

Several vBulletin files, including the ajax quick editor and some vbulletin.org add-ons are triggering this rule and banning members' IPs in CSF:

# Restrict witch content encodings we accept.
#
# TODO Most applications support only two encodings for request bodies
# because that is all browsers know how to produce. If you are using
# automated tools to talk to the application you may be using other
# content types and would want to change the list of supported encodings.
#
# Note though that ModSecurity parses only three content encodings:
# application/x-www-form-urlencoded, multipart/form-data request and
# text/xml. The protection provided for any other type of encoding is
# inferior.
#
# TODO There are many applications that are not using multipart/form-data
# encoding (typically only used for file uploads). This content type
# can be disabled if not used.
#
# NOTE We allow any content type to be specified with GET or HEAD
# because some tools incorrectly supply content type information
# even when the body is not present. There is a rule further in
# the file to prevent GET and HEAD requests to have bodies to we're
# safe in that respect.
#
# NOTE Use of WebDAV requires "text/xml" content type.
#
# NOTE Philippe Bourcier (pbourcier AT citali DOT com) reports
# applications running on the PocketPC and AvantGo platforms use
# non-standard content types:
#
# M-Business iAnywhere application/x-mal-client-data
# UltraLite iAnywhere application/octet-stream
#
SecRule REQUEST_METHOD "!^(?:get|head|propfind|options)$"
"chain, t:lowercase, deny,log,auditlog,status:501,msg:'Request content encoding is not allowed by policy',id:'960010',severity:'4'"
SecRule REQUEST_HEADERS:Content-Type "!(?:^(?:application/x-www-form-urlencoded$|multipart/form-data;)|text/xml)"
I don't know how to decipher this rule to know if just removing it is ok, or if it is serving an important purpose. During a couple hour period it was enabled, that rule only seemed to trigger false alarms.

The above was triggered with calls such as [uri "/forums/ajax.php?do=usersearch"] and [uri "/forums/newreply.php?do=postreply&t=11057"]

What I really don't understand is that I have an .htaccess in place to turn off mod_security for the /forums directory:

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
I have also had this rule triggered today when someone tried to access : ...

View 0 Replies View Related

Listing/banning Ipv6 Addresses From Netstat Output

Jan 19, 2008

I've been happily banning ip's using the output from

netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1

for over a year now, with iptables. However recently, after upgrading to apache 2.2, the connections in netstat get listed as ipv6. A row can look like this for example:

tcp6 0 0 ::ffff:12.123.123.123:80 ::ffff:12.123.12.:12382 ESTABLISHED-

(actual ip addresses changed)

As you can see, the remote ip address isn't complete, it's cut off, so the script used to sum up connections and insert into iptables isnt doing anything.

View 0 Replies View Related

After Flush+zero Iptables, Will A New Iptables Ban Work

Jan 5, 2008

I execute the following commands, in the following order:

iptables --flush
iptables --zero
iptables -A INPUT -s 218.65.12.161 -j DROP

will that last command successfully ban that IP until reboot?

If not, what needs to be done? I can't access my site if I don't flush + zero iptables first but I need to be able to ban with iptables.

View 2 Replies View Related

You Have A Mail Bash:~#

Jun 15, 2008

I opened up my VPS bash today and I saw a message like this:

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
..........................
..........................
You have a mail.
bash:~#

Now I am confused from where have I received a mail, and even if I have received it why doesn't it shows in Google Apps??

I have set the MX Entries correctly and when I sent a mail specifically to admin@mysite.com , I do get a mail in google apps.

Anyways where does this mail lie, how can I view this mail ?? I installed postfix as my mailing server.

View 6 Replies View Related

SSH Bash Error

Aug 9, 2008

When I log into my clients VPS via SSH and I get the following error...

login as: root
root@69.162.67.44's password:
Last login: Sun Jan 20 23:33:36 2008 from 122.167.25.31
-bash-3.1#

View 11 Replies View Related

Bash SSH Command

Jun 30, 2007

I've just about got my mysqldump script ready,

Here is what it looks like:

Code:
#!/bin/sh
mysqldump -uusr -ppwd --opt db > /home/usr/dbs/1.sql
mysqldump -uusr -ppwd --opt db2 > /home/usr/dbs/2.sql

cd /home/usr/dbs
tar -zcvf sqldata.tgz *.sql

How would I make my finished gzipped file's filename to include the date?

Would I add any tags infront of sqldata.tgz *.sql?

Or would I have to run another command after the last line?

View 14 Replies View Related

Bash Script

Jun 1, 2007

I could use a bash script for a crontab that does a regular backup of my mysql database.

Unfortunately i can't employ one of the made-up backup scripts using mysqldump because i need to use mysqlhotcopy (that's because i need the raw data for a charset mess in mysql with some foreign languages not classifieds as utf8 .. long story), and i'm a total ignorant of perl and bash scripting.

The script (that will be recalled via cron) has to:remove all the .tar.gz files older than X days in the folder /xxx/backup, if the folder contains more than X tar.gz files
create a folder /xxx/backup/$todaydate call the command "mysqlhotcopy --bla -bla -bla " that will copy the dbase in the previously created /xxx/backup/$todaydate folder
at the end of the previous operation (if successful) compress the $todaydate folder in a $todaydate-sqlbackup.tar.gz file at the end of the previous operation (if successful) delete the uncompressed folder. launch the "rsync -bla -bla" command to syncronize this folder with a remote server I thought it will be something like a 10lines script, and i'll be glad to hand you a couple of virtual beers (via paypal ) as a thank you sign, but if the script is not trivial and you're willing to help anyhow, of course i'm willing to pay more.

View 1 Replies View Related

Apache As Bash

Dec 6, 2007

apache 11421 0.0 0.3 2704 1712 ? Ss Oct09 4:35 bash
apache 11625 0.0 0.1 1912 884 ? Ss Oct09 1:12 bash
apache 14454 0.0 0.0 1764 128 ? Ss Oct17 0:00 /usr/sbin/apache
apache 15216 0.0 0.2 2308 1356 ? Ss Nov10 1:58 bash
apache 19597 0.0 0.2 2308 1336 ? Ss Nov10 1:50 bash
apache 22164 0.0 0.3 2704 1772 ? Ss Oct11 1:11 bash

I stopped apache but can see these when i do ps aux.

View 2 Replies View Related

Litespeed And Bash Script

Jun 4, 2009

I'm having a problem with litespeed and apache, every time when I reboot the server listespeed and apache(both) are started and the server uses apache. I configured litespeed to use a conf file of apache so I can't remove just apache. I need a way when I restart the server litespeed is started and apache is stoped

2nd problem. how to make this in a batch script
The script will backup a directory every month and I need in every backup get a date like this directoryname-date(day/month/year)

View 4 Replies View Related

Cannot Modify Bash Profile

Mar 1, 2008

Code:
-rw-r--r-- 1 root root 975 Dec 22 2006 .bash_profile
root@server [~]# rm -f .bash_profile
rm: cannot remove `.bash_profile': Operation not permitted

root@server [~]# chmod +t .bash_profile
chmod: changing permissions of `.bash_profile': Operation not permitted

I simply wanted to modify something within the file but I keep getting permission errors. I'm logged in as root.

View 3 Replies View Related

Linux BASH Scripting

Dec 7, 2008

I am currently trying to create a bash script which I will run off a loop with a sleep interval that will query tcpdump (udp packets only) on a network interface, and is looking for length 10 packets.

So far so good, not that hard to code I know (Already made it / coded it this far perfectly). Now here is the tricky part, I only want the bash script to identify IP's that have sent over 15 packets with the length of 10. (This is the part that I can't seem to find a way to code).

I was thinking, from the output maybe to calculate the number of lines with the same equal IP's.

Once this script identifies that, it will automatically run a command which I have set. (Quite easy, and I can do this).

I am looking for someone to help me with this. It is a fairly simple and quick job (editing the script I have at the moment). I am willing to also pay (if needed) an amount for this to be completed too. Obvieusly not that much, but still something I am sure we can work out.

View 2 Replies View Related

Simple Bash Script

Sep 24, 2007

somebody to write a very simple bash script to me , which will help me to "wget" some text files!

i want to do the following:
wget [url]

X changes for evey folder (main group)
Y will change for every file in the folder.

eg:
[url]
[url]
[url]


the next group:

[url]
[url]
[url]

The X value range [1-100]
the Y value range [1-13]

View 3 Replies View Related

Removing File -bash: /bin/rm

Mar 31, 2007

Sometimes if I tried to use rm to remove too many files I got this:

-bash: /bin/rm: Argument list too long

I think there was a workaround, like ls and then piping the result to rm, but I forget.

View 3 Replies View Related

Bash Commands On Windows

Jun 5, 2007

I asked around and found [url] and win-bash.exe on source forge.

View 1 Replies View Related

Bash Script - Visit A Website

Jun 7, 2009

I need to make a bash script, when I run it ./script.sh it needs to vivit a website - [url]/something.php where something.php has some function, e.g for emails, so when someone visit something.php it sends email to my email address. I just need a way to visit it via bash script

View 10 Replies View Related

Bash Automate The Installation Of YUM, CPanel/WHM And CSF

Jul 2, 2009

I am trying to automate the installation of YUM, cPanel/WHM and CSF.

I have written a script that works perfectly all the way down to installing CSF...

It gives me the following error when moving onto the CSF installation;

--05:03:37-- [url]
Resolving www.configserver.com... 85.13.195.235
Connecting to www.configserver.com|85.13.195.235|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 433358 (423K) [application/x-tar]
Saving to: `csf.tgz'

100%[=======================================>] 433,358 338K/s in 1.3s

05:03:39 (338 KB/s) - `csf.tgz' saved [433358/433358]

--05:03:39-- http://%0D/
Resolving 15... failed: Name or service not known.
FINISHED --05:03:39--
Downloaded: 1 files, 423K in 1.3s (338 KB/s)
tar:
: Not found in archive
tar: Error exit delayed from previous errors
./cPanelServer.sh: line 9: cd: csf: No such file or directory
sh: install.sh: No such file or directory
./cPanelServer.sh: line 13: unexpected EOF while looking for matching `"'
./cPanelServer.sh: line 18: syntax error: unexpected end of file
Script Contents;

Code:
./yum.sh
cd /home
wget layer1.cpanel.net/latest
sh latest
cd /
rm -fv csf.tgz
wget [url]
tar -xzf csf.tgz
cd /csf
sh install.sh
echo -n "TESTING = "1"
read word
sed "s/$word/TESTING = "0"/g" /etc/file.conf > /etc/file.conf.new
mv /etc/file.conf.new /etc/file.conf
service csf restart

done

It's seems the script is having issues extracting "csf.tgz", but I have no clue.

TBH, this is my first ever script and I'm surprised any of it works!

View 6 Replies View Related

-bash: Netstat: Command Not Found

Apr 2, 2008

i got a new sever and was looking at few thing.

just ran netstat and saw this -bash: netstat: command not found

how can i correct it?

View 7 Replies View Related

Bash: Locate: Command Not Found

May 10, 2008

I have a problem with my server

when I do

locate ***

-bash: locate: command not found

& I did

updatedb

-bash: updatedb: command not found

View 13 Replies View Related

Bash And Remote Files In If Statement

Jun 22, 2007

I am trying to see if a file exists on a remote server but am not getting what I expect. (This is my first Bash script).

Code:
remotefile=[url]
localfile=globaldown.sh

if [ -f "$remotefile" ]
then echo "we have the file remote"
else echo nothing to download from remote server "$remotefile"
fi

if [ -f $localfile ]
then echo we have the local file "$localfile"
else echo "no local file"
fi
it is seeing the local file but not the remote file.

I can copy and past the "echo $remotefile" into my browser and the path is correct.

also wget will fetch the remote file so it should see that it exists.

View 3 Replies View Related

Bash: Sequentially Duplicating A File

Jan 24, 2007

i was wondering if there's a way i can create a number of files in a sequential order via bash.

i have a file, 'example.ext', i want to duplicate this so that i have:
1example.ext
2example.ext
3example.ext
4example.ext
.
.
.
300example.ext

i could use a bash list ('{' and '}') with the cp command but i believe the curly braces can be used as the source parameter and not the destination.

i could write a shell script but i'm not too conversant with shell scripting.

View 6 Replies View Related

-bash: Updatedb: Command Not Found

Nov 1, 2007

I got problem when use locate and updatedb command:

-bash: locate: command not found

Quote:

[root@server ~]# locate httpd.conf
-bash: locate: command not found
[root@server ~]# updatedb
-bash: updatedb: command not found
[root@server ~]#

View 8 Replies View Related

Bash Script To Monitor 3 Or More Processes Via Cron

Jan 21, 2008

I have a bash script which monitors one process:

#!/bin/bash
sitepoint=`ps aux | grep -v grep | grep -c 'process'`
if [ $sitepoint -le "0" ]; then
command
fi

I wonder if it can be extended to monitor 3 processes than making 3 different scripts like that or some other solution for monitoring more than 1 process if it is running or dead.

View 6 Replies View Related

Yum Install :: Bash: ./configure: No Such File Or Directory

Apr 21, 2008

Trying to install yum no RedHed EL4 with Python 2.3.4. I have downloaded [url]and untarred it. I cd'd in the to untarred directory. I then went to ./configure and it gave me:
./configure
-bash: ./configure: No such file or directory

View 8 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved