[cafe-sd] Bloquear sitios que nos den la lata con Nimba

deal deal at e-dnm.com
Thu Sep 20 16:03:39 CEST 2001


Buenas,

acabo de ver un script muy interesante, en Linux Journal Weekly News,
para meter en el cron y bloquear desde los logs de apache las peticiones
que hagan a nuestras máquinas IIS infectados. Este script usa ipchains
pero imagino que no será muy complicado adaptarlo a iptables para los
que usen los 2.4.x

---------------------------------------------------------------

#!/bin/sh
#
# Block sites which originate Nimba queries from Apache server
# Apache must be configured with HostnameLookups Off

LOGS=/var/log/httpd

cd $LOGS

grep '^[0-9]*\.[0-9]*\.[0-9]*\.[0-9]* ' * 2>/dev/null |
awk '/system32\/cmd\.exe/ {sub(/[^:]*:/,"");print $1}' |
sort -u |
while read host
do
if ! fgrep $host /var/tmp/blocked >/dev/null
then
echo $host >>/var/tmp/blocked
/sbin/ipchains -I input -s $host -j DENY -l
fi
done

---------------------------------------------------------------

Nos vemos.

-- 
http://e-dnm.com      ::  The best way to predict the
http://debian.org     ::  future is to invent it. Alan Key.
http://laespiral.org  ::  GnuPG public information: pub 1024D/6572445B  
Key fingerprint  =  789C 5A80 F71B 3F93 9B13  44C2 AE1B 8D79 6572 445B
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : /pipermail/cafe/attachments/20010920/5a919313/attachment.pgp


More information about the cafe mailing list