Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $whiteList = [
- ];
- if (isset($argv[1])) banHammer($argv[1]);
- else {
- while (1 == 1) {
- banHammer(100);
- }
- }
- function banHammer($lines) {
- global $whiteList;
- $ip_bans = [];
- /*
- $wp_attacks = [];
- exec("cat /var/log/apache2/wordpress.access.log | tail -$lines", $wp_attacks);
- foreach ($wp_attacks as $wp_attack) {
- if (
- strpos($wp_attack, 'wp-login.php HTTP/1.1') !== false ||
- strpos($wp_attack, 'xmlrpc.php') !== false
- ) {
- preg_match('/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/', $wp_attack, $ip_match);
- if (!in_array($ip_match[0], $ip_bans)) {
- $ip_bans[] = $ip_match[0];
- }
- }
- }
- */
- $jctl = [];
- exec("journalctl | tail -$lines", $jctl);
- foreach ($jctl as $j) {
- if (
- strpos($j, 'Disconnected from invalid user') !== false ||
- strpos($j, 'Failed password for mysql') !== false ||
- strpos($j, 'error: maximum authentication attempts exceeded for makr from') !== false ||
- strpos($j, 'Failed password for root from') !== false
- ) {
- preg_match('/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/', $j, $ip_match);
- if (!in_array($ip_match[0], $ip_bans)) {
- $ip_bans[] = $ip_match[0];
- }
- }
- }
- foreach ($ip_bans as $ban) {
- ob_start();
- system("ip route show $ban");
- $out = ob_get_clean();
- if (!in_array($ban, $whiteList) && $out == '') {
- system("ip route add prohibit $ban");
- echo date('Y-m-d H:i:s') . "\tbanned $ban\n";
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement