Last active
February 9, 2021 07:10
-
-
Save win0err/4ddc1d662276675f0719df9d7d6459f0 to your computer and use it in GitHub Desktop.
Blocks IPs from Jorgee Security Scanner searching for vulnerabilities on a server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| printf "Searching in Apache2 and nginx access logs for Jorgee's scans"; | |
| zcat -f /var/log/{apache2,nginx}/access.*\ | |
| | grep Jorgee \ | |
| | grep -oE '^([0-9]{1,}\.){3}[0-9]{1,}' \ | |
| | sort -n \ | |
| | uniq \ | |
| | awk '{ system("iptables -A INPUT -s " $0 " -j DROP"); printf "."; }' | |
| printf "\nAdding an iptables rule for Jorgee's user-agent."; | |
| sudo iptables -A INPUT -m string --algo bm --string "User-Agent: Mozilla/5.0 Jorgee" -j DROP | |
| printf "\nDone\n"; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Can you rewrite this as a Fail2Ban rule ?
I've found some other URL's but they seem to fail detecting Jorge?
https://dave.moskovitz.co.nz/2017/09/05/knocking-vulnerability-scanners-with-fail2ban/
https://gauss-development.com/fail2ban/