Humanoid Insomniac ~#root




Aller au contenu | Aller au menu | Aller à la recherche

Mot-clé - spamhaus drop

Fil des billets

dimanche, 8 mars 2015

Spamhaus Exploits Block List ( UPDATE )

Spamhaus Exploits Block List Script:

read the project Spamhaus DROP:

Take this script, edit, chmod 755, ad run it once per 24 H ( Please DO NOT auto-fetch the DROP list more than once per hour! )

#!/bin/bash
# spamhaus.sh - Source adaptee de : https://github.com/cowgill/spamhaus
# MaJ: 08/03/2015 - Brussee YannicK - requis:  iptables
# prends en compte deux listes d'IP chez spamhaus pour proteger les serveurs
#--------------------------------------------------------------
# Voir: http://www.spamhaus.org/drop/ et lire pourquoi...
#--------------------------------------------------------------
# Just ajusted for un CHAIN1 - "Spamhaus" and logs to: [SPAMHAUS BLOCK]
# URL1: http://www.spamhaus.org/drop/drop.lasso
# Just ajusted for un CHAIN2 - "SpamhausEDROP" and logs to: [SPAMHAUS BLOCK EDROP]
# URL2: http://www.spamhaus.org/drop/edrop.txt
#--------------------------------------------------------------
# A mettre en cron toutes les 6 heures passees de 11 Minutes:
#--------------------------------------------------------------
# 11 */6 * * * /usr/local/scripts/spamhaus.sh >/dev/null 2>&1
#--------------------------------------------------------------
# Pour debannir les IP:
# Liste 1:
#--------------------------------------------------------------
# /sbin/iptables -F Spamhaus
#--------------------------------------------------------------
# Liste 2:
#--------------------------------------------------------------
# iptables -F SpamhausEdrop
#--------------------------------------------------------------
# Pour voir les impacts tapez juste: dmesg au bout d'une ou deux heures :)
#--------------------------------------------------------------
# Script Variables:
# path to iptables
IPTABLES="/sbin/iptables";
# list of known spammers
URL1="http://www.spamhaus.org/drop/drop.lasso";
URL2="http://www.spamhaus.org/drop/edrop.txt";
# save local copy here
FILE1="/tmp/drop.lasso";
FILE2="/tmp/edrop.lasso";
# iptables custom CHAIN1
CHAIN1="Spamhaus";
CHAIN2="SpamhausEdrop";
# check to see if the CHAIN1 already exists
$IPTABLES -L $CHAIN1 -n
$IPTABLES -L $CHAIN2 -n
# check to see if the CHAIN1 already exists
if [ $? -eq 0 ]; then
# flush the old rules
$IPTABLES -F $CHAIN1
$IPTABLES -F $CHAIN2
echo "Flushed old rules. Applying updated Spamhaus list DROP and EDROP...."
else
# create a new CHAIN1 set
$IPTABLES -N $CHAIN1
$IPTABLES -N $CHAIN2
# tie CHAIN1 to input rules so it runs
$IPTABLES -A INPUT -j $CHAIN1
$IPTABLES -A INPUT -j $CHAIN2
# don't allow this traffic through
$IPTABLES -A FORWARD -j $CHAIN1
$IPTABLES -A FORWARD -j $CHAIN2
echo "CHAIN1 not detected. Creating new CHAIN1 and adding Spamhaus list...."
echo "CHAIN2 not detected. Creating new CHAIN2 and adding Spamhaus list...."
fi;
# SPAMHAUS DROP
# get a copy of the spam list DROP
wget -qc $URL1 -O $FILE1
# iterate through all known spamming hosts DROP
for IP1 in $( cat $FILE1 | egrep -v '^;' | awk '{ print $1}' ); do
# add the ip address log rule to the CHAIN1 DROP
$IPTABLES -A $CHAIN1 -p 0 -s $IP1 -j LOG --log-prefix "[SPAMHAUS BLOCK DROP]" -m limit --limit 1/min --limit-burst 10
# add the ip address to the CHAIN1
$IPTABLES -A $CHAIN1 -p 0 -s $IP1 -j DROP
echo $IP1
done
#
# SPAMHAUS EDROP
# get a copy of the spam list EDROP
wget -qc $URL2 -O $FILE2
# iterate through all known spamming hosts EDROP
for IP2 in $( cat $FILE2 | egrep -v '^;' | awk '{ print $1}' ); do
# add the ip address log rule to the CHAIN2 2DROP
$IPTABLES -A $CHAIN2 -p 0 -s $IP2 -j LOG --log-prefix "[SPAMHAUS BLOCK EDROP]" -m limit --limit 1/min --limit-burst 10
# add the ip address to the CHAIN2
$IPTABLES -A $CHAIN2 -p 0 -s $IP2 -j DROP
echo $IP2
done
#
echo "Done! for DROP an EDROP Lists"
# remove the spam list
unlink $FILE1
unlink $FILE2