Humanoid Insomniac ~#root




Aller au contenu | Aller au menu | Aller à la recherche

Spamhaus Exploits Block List

Spamhaus Exploits Block List Script:

read the project Spamhaus DROP:

Take this script, edit, chmod 755, ad run it once per 24 H ( Please DO NOT auto-fetch the DROP list more than once per hour! )

 #!/bin/bash 
 # based off the following script 
 # http://www.cyberciti.biz/tips/block-spamming-scanning-with-iptables.html
 # Just ajusted for un CHAIN - Spamhaus and logs to: [SPAMHAUS BLOCK]
 # path to iptables
 IPTABLES="/sbin/iptables";
 # list of known spammers
 URL="http://www.spamhaus.org/drop/drop.lasso";
 # save local copy here
 FILE="/tmp/drop.lasso";
 # iptables custom chain
 CHAIN="Spamhaus";
 # check to see if the chain already exists
 $IPTABLES -L $CHAIN -n
 # check to see if the chain already exists
 if [ $? -eq 0 ]; then
 # flush the old rules
 $IPTABLES -F $CHAIN
 echo "Flushed old rules. Applying updated Spamhaus list...."
 else
 # create a new chain set
 $IPTABLES -N $CHAIN
 # tie chain to input rules so it runs
 $IPTABLES -A INPUT -j $CHAIN
 # don't allow this traffic through
 $IPTABLES -A FORWARD -j $CHAIN
 echo "Chain not detected. Creating new chain and adding Spamhaus list...."
 fi;
 # get a copy of the spam list
 wget -qc $URL -O $FILE
 # iterate through all known spamming hosts
 for IP in $( cat $FILE | egrep -v '^;' | awk '{ print $1}' ); do
 # add the ip address log rule to the chain
 $IPTABLES -A $CHAIN -p 0 -s $IP -j LOG --log-prefix "[SPAMHAUS BLOCK]" -m limit --limit 3/min --limit-burst 10
 # add the ip address to the chain
 $IPTABLES -A $CHAIN -p 0 -s $IP -j DROP
 echo $IP
 done
 echo "Done!"
 # remove the spam list
 unlink $FILE

Source from: https://github.com/cowgill/spamhaus

read your logs ..... that's It:

[__SPAMHAUS BLOCK__]IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:12:8a:7b:e6:40:14:02 SRC=195.XXX.XXX.XXX DST=YYY.YYY.YYY.255 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=42024 DPT=21320 WINDOW=65535 RES=0x00 SYN URGP=0