SHARE
TWEET

badip.sh

a guest May 22nd, 2016 85 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #! /bin/bash
  2. # $author: twfcc@twitter
  3. # $PROG: badip.sh
  4. # $description: ban the IP tries to crack ss-server's password
  5. # rules: ERROR greater than 50 times from ss.log will be blocked.
  6. # $usage: crontab -e add line */15 * * * * /path/to/badip.sh
  7. #         clear block list at 03:00am with crontab -e
  8. #         0 3 * * * /sbin/iptables -F
  9. #         clear ss.log at 03:00am with crontab -e
  10. #         0 3 * * * : > /path/to/ss.log
  11. # works on shadowsocks-libev only, execute ss-server with '-v' argument
  12. # ex: nohup ss-server -v -u -c /path/to/whatever.json &>> /path/to/ss.log &
  13. # Public domain use as your own risk!
  14.  
  15. logfile="$HOME/ss.log" #change if it is not your ss.log directory
  16. awk '$0 ~ /^.+ERROR: .+[1-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/{
  17.     ip[$NF]++
  18. }END{
  19.     for (x in ip)
  20.         if (ip[x] > 50)
  21.             print x
  22. }' "$logfile" | while read -r bad_ip ; do
  23.     if ! /sbin/iptables -L | grep -qE "^DROP.+ $bad_ip" ; then
  24.         /sbin/iptables -A INPUT -s "$bad_ip" -j DROP
  25.         echo "$bad_ip blocked."
  26.     else
  27.         echo "$bad_ip already in block list."
  28.     fi
  29. done
  30. exit 0
RAW Paste Data
Top