I have been thinking about how you can block people on your server, without hassle.
Below is a script I have "modded" all you have to do is copy and paste into the box.
I have been running it for the past 3 weeks and it's rock steady.
Script: Anything in below in BLUE is cut and paste.
#!/bin/sh
###########################
## Auto Ban script ##
## Illegal CCcam Users ##
## Modified by Prioryman ##
## Thanks to Unlocker-AL ##
## for the idea and code ##
###########################
workdir="/var/log" #This is there the debug info from CCcam is dumped
firewall="/var/log" #The saved firewall rules
logdir="/var/log" #The logfile directory
EMAIL="" #Email adres to mail result to ( unless you know what you doing here, Only for PC server NOT Dreambox.
SUBJECT="Illegal Userlist CCcam" #Subject title of the email
EMAILMESSAGE="/emu/log/illegaluser.txt" #List that contains the Illegal users
rm $workdir/debug.old
cp $workdir/debug.txt $workdir/debug.old
cp $logdir/iptables-save.new $logdir/iptables-save.old
cat $workdir/debug.old|grep illegal > $logdir/illegaluser.log
grep 'illegal' $logdir/illegaluser.log | awk -F" " '{print $5,$7}' > $logdir/illegaluser.txt
grep 'illegal' $logdir/illegaluser.log | awk -F" " '{print $7}' | grep -o '^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' > $logdir/badIP.out
awk '
{s[$0]++}
END {
for(i in s) {
if(s[i]>1) {
print i
}
}
}' $logdir/badIP.out > $logdir/badIP.block
while IFS= read -r EachLine
do
command="iptables -A INPUT -s "$EachLine" -j DROP"
echo $command
$command
done < $logdir/badIP.block
rm $logdir/badIP.block
if [ -s $logdir/illegaluser.txt ] ; then
iptables-save -c > $logdir/iptables-save.new
/usr/bin/nail -s "$SUBJECT" "$EMAIL" < $EMAILMESSAGE
else
echo "No Illegal Users found right now"
fi
sleep 1
> $workdir/debug.txt
exit 0
The script above will scan you're debug file ( in Var/log ) for illegal users, sort out the user-name and IP and insert the IP in IP-tables.
If for some reason the file locations are different on your server change them in script ie: /var/log/
It will also email you the result, so you know what users are put in IP-tables. This only works on a PC server and is fiddly to set-up.
Now you will need to edit crontab - please do NOT use command crontab -e
Edit in folder Var using command Nano crontab to finish CTRL + X say Yes press enter/return
Add below:
*/59 * * * * root /var/script/illegal.sh >> /var/cccamlog/illegalPrats.log
This will every 59 minutes run the script and leave a text file in the folder Var/cccamlog
If you do not want to install the above script there is a way to block users manually, however it's slow and a pain.
Within putty or what ever you use to access your PC server or Dreambox server at the prompt type this:
iptables -I INPUT -s xxxxxxxxxxxxxx -j DROP
The xxxxxxxxxxxxxxxx is the IP address of the "pain in the ass" Peer, whom you want to block completely
On the other hand you can allow access again ( say you want to allow them back ) by doing this:
iptables -I INPUT -s xxxxxxxxxxxxxx -j ACCEPT
Notice that the last word has changed - this unblocks him.
I hope this helps you - It works for my I no longer even check the log files.
My server is a little faster as I don't have old peers "hammering" my IP address trying to access the Server.
