Here are some quick scripts I wrote when I got annoyed
by this on my home machine. The first one is a script
that will get run when it gets a webrequest for it and
log the ip address. There is probably a better way to
do it, but it worked well for me (Adelphia started
blocking port 80 a month or so ago, so I never see
this stuff anymore.)
#!/usr/bin/perl
# file /var/www/html/scripts/root.exe
##
$ip_log = "/tmp/ips.to.process";
foreach $var (sort(keys(%ENV))) {
$val = $ENV{REMOTE_ADDR};
}
open(IPLOG,">>$ip_log")||die"Cannot write to
logfile!";
flock(IPLOG,2);
print IPLOG "$val\n";
flock(IPLOG,8);
close(IPLOG);
sleep 120;
# end /var/www/html/scripts/root.exe
This is a cron that runs every minute
#!/bin/sh
# file /root/bin/update.firewall
cat /tmp/ips.to.process | while read line
do
/sbin/iptables -A INPUT -s "$line" -p tcp
--source-port 80 -j LOG
/sbin/iptables -A INPUT -s "$line" -j REJECT
done
/bin/rm /tmp/ips.to.process
# end /root/bin/update.firewall
I found that by sleeping for two minutes and holding
open the connection until the address goes in the
firewall, you get only one entry in the apache logs
instead of the dozen or so you would normally get.
Oh, and I had to add these to
/etc/httpd/conf/httpd.conf
AddHandler cgi-script .exe
<Directory "/var/www/html/scripts">
AllowOverride None
Options ExecCGI
Order allow,deny
Allow from all
</Directory>
Kerry.
__________________________________________________
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/
