How to add someone to IPTABLES DROP list when they access a URL?
Added by Harry over 14 years ago
Basically, I have a ton of spambots hitting a directory on my site, at least 600 times per minute. All random IP addresses. Is there a way I can have when someone accesses a defined file, it will perm IP ban them from my site?
Something similar to:
$HTTP["scheme"] == "http" {
url.redirect = ("^/IPban(.*)" => "iptables -A INPUT -s IP-ADDRESS -j DROP",
"^/IPblock(.*)" => "iptables -A INPUT -s IP-ADDRESS -j DROP")
}
I guess, just some way for lighttpd to call external commands?........ like iptables........... help please, I need to easily stop these bots! :-)
Replies (2)
RE: How to add someone to IPTABLES DROP list when they access a URL? - Added by tx over 14 years ago
keep in mind this way is too dangerous
$HTTP["scheme"] == "http" {
url.rewrite = (
"^/IPban(.*)" => "/ipban.php",
"^/IPblock(.*)" => "/ipban.php"
)
}
ipban.php
`sudo iptables -A INPUT -s ${$_SERVER['REMOTE_ADDR']} -j DROP`;
?>
and in /etc/sudoers
www-data ALL:NOPASSWD: /sbin/iptables -A*
---
assume your php is running under user www-data
and you have sudo package
RE: How to add someone to IPTABLES DROP list when they access a URL? - Added by about 13 years ago
Use this script to block IPs. This script provides telnet interface to iptables.
http://spamcleaner.org/en/misc/modsec2ipt.html
Then, you write php script to communicate those service. You must use php socket to communicate.
http://www.php.net/manual/en/function.socket-connect.php
Note: spamclaner.org script has logging bugs, you must add flock command before write the log.