random neuron misfires : Stopping malicious web spiders and Windows exploits with iptables

Stopping malicious web spiders and Windows exploits with iptables

Tuesday, September 18th, 2001 at 12:00 am | 1,917 views | trackback url

Stop it cold
Change your logfile names to suit.

#!/bin/sh 
##For whatever they're calling this one now
for LUSER in `grep "winnt" error.log | awk '{print $8}' | 
    sed -e s/]//`; do 
   if [ ! "`/sbin/iptables -L -n | grep $LUSER`" ]; then
      echo "Banning $LUSER with iptables";
      /sbin/iptables -A INPUT -s $LUSER -d 0/0 -j DROP
   fi 
done 

##For our friend CodeRed
for LUSER in `grep "default.ida" access.log | 
    awk '{print $1}' | sed -e s/]//`; do 
   if [ ! "`/sbin/iptables -L -n | grep $LUSER`" ]; then
      echo "Banning $LUSER with iptables";
      /sbin/iptables -A INPUT -s $LUSER -d 0/0 -j DROP
   fi 
done

Last Modified: Tuesday, September 18th, 2001 @ 00:00

This entry was posted on Tuesday, September 18th, 2001 at 12:00 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

You must be logged in to post a comment.

Bad Behavior has blocked 968 access attempts in the last 7 days.