/ban fuckers.sh
Last active Dec 22, 2017
| #!/bin/bash | |
| # The fuckfaces ipset will hold any ip that appears to be portscanning or brute forcing ssh connections. | |
| ipset -q create fuckfaces hash:ip counters | |
| zgrep "Bad protocol" /var/log/auth.* | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | sort | uniq | xargs -I{} ipset -q add fuckfaces {} | |
| zgrep "Did not receive identification string from" /var/log/auth.* | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | sort | uniq | xargs -I{} ipset -q add fuckfaces {} | |
| zgrep "Invalid user" /var/log/auth.* | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | sort | uniq | xargs -I{} ipset -q add fuckfaces {} | |
| # buuuut remove anyone from the list who has a pk that works, just in case. | |
| zgrep "Accepted publickey" /var/log/auth.log* | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | sort | uniq | xargs -I{} ipset -q del fuckfaces {} |
| #!/bin/bash | |
| # cribbed and adapted from : | |
| # https://mattwilcox.net/web-development/unexpected-ddos-blocking-china-with-ipset-and-iptables | |
| # http://www.ipdeny.com/ipblocks/ | |
| # Fuck off, tor | |
| ipset -q create tor hash:net counters | |
| # sticking with 8.8.8.8 rather than putting my ip in this. | |
| curl -s https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=8.8.8.8 | sed '/^#/d' | while read IP | |
| do | |
| ipset -q add tor $IP | |
| done | |
| # China | |
| ipset -q create china hash:net counters | |
| rm -f /etc/zones/cn.zone | |
| wget -q -P /etc/zones http://www.ipdeny.com/ipblocks/data/countries/cn.zone | |
| for i in $(cat /etc/zones/cn.zone); do ipset -q -A china $i; done | |
| echo "added:" `wc -l /etc/zones/cn.zone` | |
| # Russia | |
| ipset -q create russia hash:net counters | |
| rm -f /etc/zones/ru.zone | |
| wget -q -P /etc/zones http://www.ipdeny.com/ipblocks/data/countries/ru.zone | |
| for i in $(cat /etc/zones/ru.zone); do ipset -q -A russia $i; done | |
| echo "added:" `wc -l /etc/zones/ru.zone` | |
| # Ukraine | |
| ipset -q create ukraine hash:net counters | |
| rm -rf /etc/zones/ua.zone | |
| wget -q -P /etc/zones http://www.ipdeny.com/ipblocks/data/countries/ua.zone | |
| for i in $(cat /etc/zones/ua.zone); do ipset -q -A ukraine $i; done | |
| echo "added:" `wc -l /etc/zones/ua.zone` | |
| # North Korea (adorable, NK has only 1 ip block) | |
| ipset -q create nkorea hash:net counters | |
| rm -f /etc/zones/kp.zone | |
| wget -q -P /etc/zones http://www.ipdeny.com/ipblocks/data/countries/kp.zone | |
| for i in $(cat /etc/zones/kp.zone); do ipset -q -A nkorea $i; done | |
| echo "added:" `wc -l /etc/zones/kp.zone` |
| # Generated by iptables-save v1.4.21 on Tue Jul 11 16:32:01 2017 | |
| *security | |
| :INPUT ACCEPT [0:0] | |
| :FORWARD ACCEPT [0:0] | |
| :OUTPUT ACCEPT [0:0] | |
| COMMIT | |
| # Completed on Tue Jul 11 16:32:01 2017 | |
| # Generated by iptables-save v1.4.21 on Tue Jul 11 16:32:01 2017 | |
| *raw | |
| :PREROUTING ACCEPT [0:0] | |
| :OUTPUT ACCEPT [0:0] | |
| COMMIT | |
| # Completed on Tue Jul 11 16:32:01 2017 | |
| # Generated by iptables-save v1.4.21 on Tue Jul 11 16:32:01 2017 | |
| *nat | |
| :PREROUTING ACCEPT [0:0] | |
| :INPUT ACCEPT [0:0] | |
| :OUTPUT ACCEPT [0:0] | |
| :POSTROUTING ACCEPT [0:0] | |
| COMMIT | |
| # Completed on Tue Jul 11 16:32:01 2017 | |
| # Generated by iptables-save v1.4.21 on Tue Jul 11 16:32:01 2017 | |
| *mangle | |
| :PREROUTING ACCEPT [0:0] | |
| :INPUT ACCEPT [0:0] | |
| :FORWARD ACCEPT [0:0] | |
| :OUTPUT ACCEPT [0:0] | |
| :POSTROUTING ACCEPT [0:0] | |
| COMMIT | |
| # Completed on Tue Jul 11 16:32:01 2017 | |
| # Generated by iptables-save v1.4.21 on Tue Jul 11 16:32:01 2017 | |
| *filter | |
| :INPUT ACCEPT [0:0] | |
| :FORWARD ACCEPT [0:0] | |
| :OUTPUT ACCEPT [0:0] | |
| :LOGDROP - [0:0] | |
| -A INPUT -i lo -j ACCEPT | |
| -A INPUT -d 127.0.0.0/8 -j REJECT --reject-with icmp-port-unreachable | |
| -A INPUT -p tcp -m set --match-set china src -j DROP | |
| -A INPUT -p tcp -m set --match-set nkorea src -j DROP | |
| -A INPUT -p tcp -m set --match-set russia src -j DROP | |
| -A INPUT -p tcp -m set --match-set ukraine src -j DROP | |
| -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| -A INPUT -p tcp -m set --match-set tor src -j DROP | |
| -A INPUT -p tcp -m set --match-set fuckfaces src -j DROP | |
| -A INPUT -p tcp -m state --state NEW -m tcp --dport $SSH_PORT -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource | |
| -A INPUT -p tcp -m state --state NEW -m tcp --dport $SSH_PORT -m recent --update --seconds 60 --hitcount 4 --name DEFAULT --mask 255.255.255.255 --rsource -j LOGDROP | |
| -A INPUT -p tcp -m state --state NEW -m tcp --dport $SSH_PORT -m comment --comment ssh -j ACCEPT | |
| -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT | |
| -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT | |
| -A INPUT -p tcp -m state --state NEW -m tcp --dport 6667 -m comment --comment irc -j ACCEPT | |
| -A INPUT -p tcp -m state --state NEW -m tcp --dport 6697 -m comment --comment ssl_irc -j ACCEPT | |
| -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT | |
| -A INPUT -j DROP | |
| -A FORWARD -j DROP | |
| -A OUTPUT -j ACCEPT | |
| COMMIT | |
| # Completed on Tue Jul 11 16:32:01 2017 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment