Humanoid Insomniac ~#root

Aller au contenu | Aller au menu | Aller à la recherche

Spamhaus Exploits Block List

Spamhaus Exploits Block List Script:

read the project Spamhaus DROP:

Take this script, edit, chmod 755, ad run it once per 24 H ( Please DO NOT auto-fetch the DROP list more than once per hour! )

 # based off the following script 
 # Just ajusted for un CHAIN - Spamhaus and logs to: [SPAMHAUS BLOCK]
 # path to iptables
 # list of known spammers
 # save local copy here
 # iptables custom chain
 # check to see if the chain already exists
 # check to see if the chain already exists
 if [ $? -eq 0 ]; then
 # flush the old rules
 echo "Flushed old rules. Applying updated Spamhaus list...."
 # create a new chain set
 # tie chain to input rules so it runs
 # don't allow this traffic through
 echo "Chain not detected. Creating new chain and adding Spamhaus list...."
 # get a copy of the spam list
 wget -qc $URL -O $FILE
 # iterate through all known spamming hosts
 for IP in $( cat $FILE | egrep -v '^;' | awk '{ print $1}' ); do
 # add the ip address log rule to the chain
 $IPTABLES -A $CHAIN -p 0 -s $IP -j LOG --log-prefix "[SPAMHAUS BLOCK]" -m limit --limit 3/min --limit-burst 10
 # add the ip address to the chain
 $IPTABLES -A $CHAIN -p 0 -s $IP -j DROP
 echo $IP
 echo "Done!"
 # remove the spam list
 unlink $FILE

Source from:

read your logs ..... that's It:

[__SPAMHAUS BLOCK__]IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:12:8a:7b:e6:40:14:02 SRC=195.XXX.XXX.XXX DST=YYY.YYY.YYY.255 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=42024 DPT=21320 WINDOW=65535 RES=0x00 SYN URGP=0