Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Blocks Shodan IPs From Scanning Your Servers.
#!/usr/bin/python3
import os
shodan = ["104.131.0.69", "104.236.198.48", "155.94.222.12","155.94.254.133", "155.94.254.143", "162.159.244.38", "185.181.102.18", "188.138.9.50", "198.20.69.74", "198.20.69.98", "198.20.70.114", "198.20.87.98", "198.20.99.130", "208.180.20.97", "209.126.110.38", "216.117.2.180", "66.240.192.138", "66.240.219.146", "66.240.236.119", "71.6.135.131", "71.6.146.185", "71.6.158.166", "71.6.165.200", "71.6.167.142", "82.221.105.6", "82.221.105.7", "85.25.103.50", "85.25.43.94", "93.120.27.62", "98.143.148.107", "98.143.148.135"]
for ip in shodan:
os.system("iptables -A INPUT -s {} -j DROP".format(ip))
@tuxxy

This comment has been minimized.

Copy link

commented Feb 1, 2018

It'd read better with a for loop and proper string formatting:

for ip in shodan:
    os.system("iptables -A INPUT -s {} -j DROP".format(ip))
@jgamblin

This comment has been minimized.

Copy link
Owner Author

commented Feb 1, 2018

@tuxxy,

Thanks.... that is much cleaner... updated. : )

@tuxxy

This comment has been minimized.

Copy link

commented Feb 1, 2018

No problem. :)

@toniblyx

This comment has been minimized.

Copy link

commented Feb 1, 2018

you may need also to block any traffic from censys.io/scans.io or any server that is using zmap.io, and also mrlooquer.com

@tfxrdz

This comment has been minimized.

Copy link

commented Feb 2, 2018

@toniblyx thats true, since censys is more powerful than shodan in this matter.

@Ekultek

This comment has been minimized.

Copy link

commented Feb 20, 2018

This doesn't work. Just so everyone knows.

@gianpaj

This comment has been minimized.

Copy link

commented Mar 29, 2018

os.system("ufw deny from {}".format(ip))

for debian/ubuntu

@magiknono

This comment has been minimized.

Copy link

commented Sep 10, 2018

For ufw on debian/ubuntu:
If you want block an ip for all services, you must do it before all actual rules :

os.system("ufw insert 1 deny from {}".format(ip))

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.