[cafe-sd] Bloquear sitios que nos den la lata con Nimba
deal
deal at e-dnm.com
Thu Sep 20 16:03:39 CEST 2001
Buenas,
acabo de ver un script muy interesante, en Linux Journal Weekly News,
para meter en el cron y bloquear desde los logs de apache las peticiones
que hagan a nuestras máquinas IIS infectados. Este script usa ipchains
pero imagino que no será muy complicado adaptarlo a iptables para los
que usen los 2.4.x
---------------------------------------------------------------
#!/bin/sh
#
# Block sites which originate Nimba queries from Apache server
# Apache must be configured with HostnameLookups Off
LOGS=/var/log/httpd
cd $LOGS
grep '^[0-9]*\.[0-9]*\.[0-9]*\.[0-9]* ' * 2>/dev/null |
awk '/system32\/cmd\.exe/ {sub(/[^:]*:/,"");print $1}' |
sort -u |
while read host
do
if ! fgrep $host /var/tmp/blocked >/dev/null
then
echo $host >>/var/tmp/blocked
/sbin/ipchains -I input -s $host -j DENY -l
fi
done
---------------------------------------------------------------
Nos vemos.
--
http://e-dnm.com :: The best way to predict the
http://debian.org :: future is to invent it. Alan Key.
http://laespiral.org :: GnuPG public information: pub 1024D/6572445B
Key fingerprint = 789C 5A80 F71B 3F93 9B13 44C2 AE1B 8D79 6572 445B
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : /pipermail/cafe/attachments/20010920/5a919313/attachment.pgp
More information about the cafe
mailing list