Skip to content

Instantly share code, notes, and snippets.

@gelinger777

gelinger777/gist:71c623c9227058459f1daeaed37bba4a

Created September 15, 2019 09:52
Show Gist options
  • Save gelinger777/71c623c9227058459f1daeaed37bba4a to your computer and use it in GitHub Desktop.
Save gelinger777/71c623c9227058459f1daeaed37bba4a to your computer and use it in GitHub Desktop.
Download ZIP
banBadIps.sh
Raw
gistfile1.txt
# GNU nano 2.5.3 File: badIpBan.sh
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#===============================================================================
# Location of ipset binary
bin=/sbin/ipset # REQUIRED!
# This is how long ago at most an ip must have last been reported to
# badips.com. Values follow the format ##a where '##' is some non-
# This is how long ago at most an ip must have last been reported to
# badips.com. Values follow the format ##a where '##' is some non-
# zero positive number and 'a' is either h, d, w, m, or y for hours,
# days, weeks, months, or years.
#
# NOTE: comment out for all results - not recommended
# NOTE2: this script should be executed more often than this value.
#age=10y
# Block level (1-5):
# 0 - not so bad/false report
# 3 - confirmed bad
# 5 - quite aggressively bad
# (see www.badips.com)
level=4 # REQUIRED!
# Logged service or "any"
# (see www.badips.com/get/categories {JSON})
service=any # REQUIRED!
timeout=604800 # REQUIRED! - default is 7 days
# Name of ipset to use
ipset=superblacklist # REQUIRED!
# This is how long (in seconds) an ip will remain in the ipset after it
# stops showing up in the configured badips query result. It should be
# longer than the time between executions of this script (double, at
# least) and long enough when combined with age above that occasional
# offenders don't get removed from the ipset prematurely.
#
# IMPORTANT: this script should be executed more often than this setting.
##################
## BEGIN SCRIPT ##
##################
# required parameters
if [[ ! ${ipset} || ! ${timeout} || ! ${bin} || ! ${level} || ! ${service} ]]
then
echo "$0: Required parameter is missing! Edit this file for further info." >&2
exit 1
fi
### Test an IP address for validity:
# Usage:
# valid_ip IP_ADDRESS
function valid_ip()
{
local _tip=$1
local _stat=1
if [[ ${_tip} =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
local _oifs=$IFS
IFS='.'
local _ipa=(${_tip})
IFS=${_oifs}
if [[
(
# Check that all sections are between (but not including) 0 and
# 256.
${_ipa[0]} -lt 256 &&
${_ipa[1]} -lt 256 &&
${_ipa[2]} -lt 256 &&
${_ipa[3]} -lt 256 &&
${_ipa[0]} -gt 0
) && (
# Check that ip address is not 10.x.x.x
${_ipa[0]} -ne 10
) && (
# Check that ip address is not 192.168.x.x
${_ipa[0]} -ne 192 || ${_ipa[1]} -ne 168
) && (
# Check that ip address is not 172.16.x.x - 172.31.x.x
${_ipa[0]} -ne 172 || (
${_ipa[1]} -lt 16 || ${_ipa[1]} -gt 31
)
)
]]; then
_stat=0
fi
fi
return $_stat
}
### Setup our black list ###
# Create ipset if it does not exist
if ! ${bin} list ${ipset} -name 2>&1 >/dev/null
then
echo "creating blacklist db"
${bin} create ${ipset} hash:ip timeout ${timeout} maxelem 10300000 -exist || { echo "$0: Unable to create ipset: ${ipset}" >&2; exit 2; }
fi
list=("ssh" "postfix" "dovecot-pop3imap" "apache" "apache-defensible" "apache-404" "apache-noscript" "apache-nohome" "apache-overflows" "apache-scriddies" "apacheddos" "apache-php-url-fopen" "apache-spamtrap" "phpids" "Php-url-fopen" "rfi-attack" "sql" "sql-injection" "sql-attack" "ddos" "qmail-smtp" "screensharingd" "ftp" "dovecot-pop3" "exim" "sshd" "pop3" "imap" "sip" "sasl" "courierpop3" "ssh-ddos" "nginxproxy" "nginx" "pureftp" "dovecot" "w00t" "vsftpd" "asterisk" "asterisk-sec" "courierauth" "smtp" "nginxpost" "php-cgi" "spamdyke" "rdp" "vnc" "cms" "wordpress" "drupal" "telnet" "spam" "http" "pureftpd" "proftpd" "unknown" "ssh-blocklist" "apache-dokuwiki" "wp" "apache-phpmyadmin" "badbots" "sshddos" "ssh-auth" "username-notfound" "local-exim" "apache-w00tw00t" "apache-modsec" "owncloud" "named" "dns" "plesk-postfix" "xmlrpc" "default" "postfix-sasl" "apache-wordpress" "cyrusauth" "proxy" "squid" "assp" "bruteforce" "voip" )
declare -i var=1
for k in "${list[@]}"
do
:
# do whatever on $i
### Query badips.com
# compile url
_url="https://www.badips.com/get/list/${k}/${level}"
if [ $age ]; then _url+="?age=${age}"; fi
echo "${url}"
# Get the bad IPs and store in an array
_badips=( $( wget -qO- ${_url} ) ) || { echo "$0: Unable to download ip list from \'${_url}\'." >&2; exit 1; }
#declare -i var =1
# Add all retrieved ips to $_ipset, updating the timeout on duplicates
for _ip in ${_badips[@]}
do
# validate first
if ! valid_ip ${_ip}
then
echo "Invalid IP Address (${_ip}) from BadIPs query. Report this to https://badips.com . Continuing..." >&2
continue
fi
let "var=var+1"
echo "${var} ----->adding ${_ip}"
# add/update ipset
$bin add ${ipset} ${_ip} timeout ${timeout} -exist || { echo "$0: Unable to add ${_ip} to ${ipset}, exiting early." >&2; exit 2; }
done
#end big loop
done
exit 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment