Skip to content

Instantly share code, notes, and snippets.

@snxraven
Created April 6, 2020 20:47
Show Gist options
  • Save snxraven/9ab80b00c78e165594898670c80e4762 to your computer and use it in GitHub Desktop.
Save snxraven/9ab80b00c78e165594898670c80e4762 to your computer and use it in GitHub Desktop.
DirectAdmin CSF BruteForce AutoBlock Via Bash - Clean and Reset List
#!/bin/bash
#Properly Pull all IP's from BruteForce Log!\
echo "Starting Proccess to block IP's in bruteForce Log from DA"
echo "==============="
echo "DUMPING LOG IPS"
exec cat /usr/local/directadmin/data/admin/brute_log_entries.list | cut -d= -f5 | sed 's/\&.*//' | sed -e's/%\([0-9A-F][0-9A-F]\)/\\\\\x\1/g' | xargs echo -e | sed 's/ /\n/g' | uniq > bruteforce.txt
echo "==============="
# Extra Filter of BruteForce List | Uniq
echo "Filtering the IP's so there are no duplicates"
echo "==============="
exec sort bruteforce.txt | uniq -u > filteruniq.txt
# Block ALL IPS IN BruteForce Log
#while IFS= read -r in;do csf -d "$in";done < bruteforce.txt
# Dump Current Blocked IPS List from CSF.DENY
echo "DUMPING CSF LIST"
echo "==============="
exec cat /etc/csf/csf.deny | awk {'print $1'} > currentDeny.txt
#Check for dupes in the filteredIPS From the BruteForce Log and compairs to CSG DENY
# Saves a new list with needed IP Addresses for MASS DENY
echo "Compairing both lists for a uniqe output"
echo "==============="
exec comm -23 <(sort filteruniq.txt) <(sort currentDeny.txt) > newBlockList.txt
echo "done"
bash /rscripts/brute-fix.sh && bash /rscripts/doBlock.sh
bash /rscripts/brute-fix.sh && bash /rscripts/doTempBlock.sh
# Roll through the new list, there should be NO duplicates
echo "Starting block of all unique IP's"
echo "==============="
eval 'while IFS= read -r in;do sudo csf -d "$in";done < newBlockList.txt'
echo "Finished! Cleaning up!"
# Cleanup
echo "==============="
echo "Clearing Temp Data"
eval "rm -f bruteforce.txt currentDeny.txt filteruniq.txt newBlockList.txt"
echo "==============="
echo "Clearing BruteForce Log"
eval "rm -f /usr/local/directadmin/data/admin/brute_log_entries.list"
echo "==============="
echo "Restarting CSF"
eval "sudo csf -r"
echo "CSF RESTARTED!"
echo "==============="
echo "We are all done, the new BruteForce offenders have been added to CSF."
# Roll through the new list, there should be NO duplicates
echo "Starting block of all unique IP's"
echo "==============="
eval 'while IFS= read -r in;do sudo csf -td "$in";done < newBlockList.txt'
echo "Finished! Cleaning up!"
# Cleanup
echo "==============="
echo "Clearing Temp Data"
eval "rm -f bruteforce.txt currentDeny.txt filteruniq.txt newBlockList.txt"
echo "==============="
echo "Clearing BruteForce Log"
eval "rm -f /usr/local/directadmin/data/admin/brute_log_entries.list"
echo "==============="
echo "Restarting CSF"
eval "sudo csf -r"
echo "CSF RESTARTED!"
echo "==============="
echo "We are all done, the new BruteForce offenders have been added to CSF."
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment