#!/bin/sh LOGS=/var/log/httpd PATH="/usr/local/sbin:/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin" cd $LOGS grep '^[0-9]*\.[0-9]*\.[0-9]*\.[0-9]* ' * 2>/dev/null | awk '/system32\/cmd\.exe/ {sub(/[^:]*:/,"");print $1}' | sort -u | while read host do if ! fgrep $host /var/tmp/blocked >/dev/null then echo $host >>/var/tmp/blocked iptables -A INPUT -s $host -j DROP # ipchains -I input -s $host -j DENY -l fi done =========================================================================== A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers) http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora