Skip to content

Instantly share code, notes, and snippets.

@bert2002
Created August 31, 2014 15:50
Show Gist options
  • Save bert2002/1ba15fb9156c558d5530 to your computer and use it in GitHub Desktop.
Save bert2002/1ba15fb9156c558d5530 to your computer and use it in GitHub Desktop.
Block xmlrpc.php attacks
#!/bin/bash
# script: block xmlrpc attacks
# author: Steffen Wirth <s.wirth@itbert.de>
LOGFILE="/var/log/apache2/access.log"
LASTLINES="20"
MAXCOUNT="5"
LIST=$(tail -n$LASTLINES $LOGFILE |grep "xmlrpc.php" | awk '{print $1}' | sort -n | uniq -c)
if [ -n "$LIST" ]; then
while read -r count ip ; do
if [ $count -ge $MAXCOUNT ]; then
iptables -A INPUT -s $ip -j DROP
logger -t "XMLRPC" "blocked ip $ip"
fi
done <<< "$LIST"
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment