#!/bin/sh
LOGS=/var/log/httpd
PATH="/usr/local/sbin:/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin"
cd $LOGS
grep '^[0-9]*\.[0-9]*\.[0-9]*\.[0-9]* ' * 2>/dev/null |
awk '/system32\/cmd\.exe/ {sub(/[^:]*:/,"");print $1}' |
sort -u |
while read host
do
if ! fgrep $host /var/tmp/blocked >/dev/null
then
echo $host >>/var/tmp/blocked
iptables -A INPUT -s $host -j DROP
# ipchains -I input -s $host -j DENY -l
fi
done
===========================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
