How to : Auto ban Illegal CCcam Users in Debian

**master G** · Jul 4th 2011

After some time, You see peers that don't delete you're line once removed or worse, they hand out the line to all kind of people who try to gain access to you're server.

For this i took the basic idea of a script from Unlocker-al and put together this little ban script.

PHP

#!/bin/sh
###########################
## Auto Ban script       ##
## Illegal CCcam Users   ##
## Written By CC_Share   ##
## Thanks to Unlocker-AL ##
## For the Basic idea    ##
###########################
workdir="/"                        #This is there the debug info from CCcam is dumped
firewall="/"          #The saved firewall rules
logdir="/emu/log"                       #The logfile directory
EMAIL=""                 #Email adres to mail result to
SUBJECT="Illegal Userlist CCcam"        #Subject title of the email
EMAILMESSAGE="/emu/log/illegaluser.txt" #List that contains the Illegal users
rm $workdir/debug.old
cp $workdir/debug.txt $workdir/debug.old
cp $logdir/iptables-save.new $logdir/iptables-save.old
cat $workdir/debug.old|grep illegal > $logdir/illegaluser.log
grep 'illegal' $logdir/illegaluser.log | awk -F" " '{print $5,$7}' > $logdir/illegaluser.txt
grep 'illegal' $logdir/illegaluser.log | awk -F" " '{print $7}' | grep -o '^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' > $logdir/badIP.out
awk '
{s[$0]++}
END {
for(i in s) {
if(s[i]>1) {
print i
}
 }
 }' $logdir/badIP.out > $logdir/badIP.block
while IFS= read -r EachLine
do
command="iptables -A INPUT -s "$EachLine" -j DROP"
echo $command
$command
done < $logdir/badIP.block
rm $logdir/badIP.block
if [ -s $logdir/illegaluser.txt ] ; then
iptables-save -c > $logdir/iptables-save.new
/usr/bin/nail -s "$SUBJECT" "$EMAIL" < $EMAILMESSAGE
else
echo "No Illegal Users found right now"
fi
sleep 1
> $workdir/debug.txt
exit 0

Display More

This script will scan you're debug file for illegal users, sort out the username and ip and insert the IP in ip-tables.

If you want, the script can also mail you the result so you know what users are put in ip-tables and gives you the advantage to check if it's not a valid user.

You can put this script in the crontab to enable automatic checking.
The following is an example how to install.

PHP

./CCcam.x86 -dv > /home/debug.txt

Then change the following lines in the script to match the debug file and it's location.

PHP

workdir="/"

Should be :

PHP

workdir="/home"

and this line :

PHP

firewall="/"

Should be changed to where you want the firewall rules to be saved Code:

PHP

firewall="/emu/log/"

To insert it in the crontab, edit it and insert this line:

PHP

00 */1  * * * root /emu/script/./illegal.sh

This will run the script every whole hour.

For the mail function to work, you have to do the following:

PHP

apt-get install nail
apt-get install exim4
dpkg-reconfigure exim4-config

Insert here a valid email address

PHP

EMAIL=""

It will mail you every time it runs and finds an illegal user. If no user is found, it will not mail you.

Not my work, thanks to the original author.

newtolinux · Jul 4th 2011

be careful when using this script. If a connected peer has an ip change whilst being an idle peer then requests an ecm under his recently changed ip address this script will ban him/her as it will see a double login / illegal user attempt

new2

hislitermos · Feb 7th 2012

Hi,
It fails at my end.
Could anybody explain the function of this line?
./CCcam.x86 -dv > /home/debug.txt

Thanks

**master G** · Feb 7th 2012

Quote from hislitermos

Hi,
It fails at my end.
Could anybody explain the function of this line?
./CCcam.x86 -dv > /home/debug.txt

Thanks

Start CCcam and log to /home/debug.txt

hislitermos · Feb 7th 2012

Quote from Ten Below

Start CCcam and log to /home/debug.txt

Hi,
Thanks for your reply.
I am struggling with fail2ban and not working.
I see failed peer in emu/log/debug.txt file but I can not see his IP as "banned".
Also check /var/log/auth.log and fail2ban.log files.

PC: Debian 5.0

illegal.sh :

Bash

#!/bin/sh
###########################
## Auto Ban script       ##
## Illegal CCcam Users   ##
## Written By CC_Share   ##
## Thanks to Unlocker-AL ##
## For the Basic idea    ##
###########################
workdir="/emu/log/"                        #This is there the debug info from CCcam is dumped
firewall="/emu/log/"          #The saved firewall rules
logdir="/emu/log/"                       #The logfile directory
EMAIL=""                 #Email adres to mail result to
SUBJECT="Illegal Userlist CCcam"        #Subject title of the email
EMAILMESSAGE="/emu/log/illegaluser.txt" #List that contains the Illegal users
rm $workdir/debug.old
cp $workdir/debug.txt $workdir/debug.old
cp $logdir/iptables-save.new $logdir/iptables-save.old
cat $workdir/debug.old|grep illegal > $logdir/illegaluser.log
grep 'illegal' $logdir/illegaluser.log | awk -F" " '{print $5,$7}' > $logdir/illegaluser.txt
grep 'illegal' $logdir/illegaluser.log | awk -F" " '{print $7}' | grep -o '^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' > $logdir/badIP.out
awk '
{s[$0]++}
END {
for(i in s) {
if(s[i]>1) {
print i
}
 }
 }' $logdir/badIP.out > $logdir/badIP.block
while IFS= read -r EachLine
do
command="iptables -A INPUT -s "$EachLine" -j DROP"
echo $command
$command
done < $logdir/badIP.block
rm $logdir/badIP.block
if [ -s $logdir/illegaluser.txt ] ; then
iptables-save -c > $logdir/iptables-save.new
/usr/bin/nail -s "$SUBJECT" "$EMAIL" < $EMAILMESSAGE
else
echo "No Illegal Users found right now"
fi
sleep 1
> $workdir/debug.txt
exit 0

Display More

CCcam.cfg file:

Code

CHANNELINFO FILE : /var/etc/CCcam.channelinfo
PROVIDERINFO FILE : /var/etc/CCcam.providers
LOG WARNINGS : /emu/log/debug.txt
CAID PRIO FILE : /var/etc/CCcam.prio
DEBUG : yes
WEBINFO USERNAME : admin
WEBINFO PASSWORD : password
WEBINFO LISTEN PORT : 9222
SERVER LISTEN PORT : 9999
SHOW TIMING : YES

rc.local :

Code

/var/bin/CCcam.x86 -dv > /emu/log/debug.txt -C /var/etc/CCcam.cfg &

Thanks in advance
Hislitermos

How to : Auto ban Illegal CCcam Users in Debian

master G Feb 5th 2022

master G Feb 5th 2022

Participate now!

Share

Tags