SHARE
TWEET

Untitled

a guest Mar 26th, 2020 68 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2.  
  3. $whiteList = [
  4. ];
  5.  
  6. if (isset($argv[1])) banHammer($argv[1]);
  7. else {
  8.     while (1 == 1) {
  9.         banHammer(100);
  10.     }
  11. }
  12.  
  13. function banHammer($lines) {
  14.     global $whiteList;
  15.     $ip_bans = [];
  16. /*
  17.     $wp_attacks = [];
  18.     exec("cat /var/log/apache2/wordpress.access.log | tail -$lines", $wp_attacks);
  19.     foreach ($wp_attacks as $wp_attack) {
  20.         if (
  21.             strpos($wp_attack, 'wp-login.php HTTP/1.1') !== false ||
  22.             strpos($wp_attack, 'xmlrpc.php') !== false
  23.         ) {
  24.             preg_match('/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/', $wp_attack, $ip_match);
  25.             if (!in_array($ip_match[0], $ip_bans)) {
  26.                 $ip_bans[] = $ip_match[0];
  27.             }
  28.         }
  29.     }
  30. */
  31.     $jctl = [];
  32.     exec("journalctl | tail -$lines", $jctl);
  33.     foreach ($jctl as $j) {
  34.         if (
  35.             strpos($j, 'Disconnected from invalid user') !== false ||
  36.             strpos($j, 'Failed password for mysql') !== false ||
  37.             strpos($j, 'error: maximum authentication attempts exceeded for makr from') !== false ||
  38.             strpos($j, 'Failed password for root from') !== false
  39.         ) {
  40.             preg_match('/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/', $j, $ip_match);
  41.             if (!in_array($ip_match[0], $ip_bans)) {
  42.                 $ip_bans[] = $ip_match[0];
  43.             }
  44.         }
  45.     }
  46.  
  47.     foreach ($ip_bans as $ban) {
  48.         ob_start();
  49.         system("ip route show $ban");
  50.         $out = ob_get_clean();
  51.         if (!in_array($ban, $whiteList) && $out == '') {
  52.             system("ip route add prohibit $ban");
  53.             echo date('Y-m-d H:i:s') . "\tbanned $ban\n";
  54.         }
  55.     }
  56. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top