Hey all,
Trying to figure out the best way to handle all the scripted bash attempts, currently I am just looking at the audit trail and finding a lot of connects from an ip in a row and adding it to the blocklist.
Is there a way to automate this or a better way to go about it? or am I looking at a python script to automate this for me based on matches in the wgsaudit.adt?
Thank you,
m@
Blocklist.txt
Re: Blocklist.txt
Create a text file called hostdeny.txt and add the offending IPs to it. Not automated, but effective.
The Control module also has some options listed under Rodent Control that is more automated.
The Control module also has some options listed under Rodent Control that is more automated.
Re: Blocklist.txt
Ragtop wrote:
> Create a text file called hostdeny.txt and add the offending IPs to it. Not
> automated, but effective.
>
> The Control module also has some options listed under Rodent Control that
> is more automated.
Hay, thanks this is a helper!
Learn something new everyday...
> Create a text file called hostdeny.txt and add the offending IPs to it. Not
> automated, but effective.
>
> The Control module also has some options listed under Rodent Control that
> is more automated.
Hay, thanks this is a helper!
Learn something new everyday...
Re: Blocklist.txt
I wrote this in python to automate this task, I have it tested and working on my system but use at your own risk obv. here is what it does and how you can use it:
- reads the wgsaudit.adt file and and creates a dump of all the IP Addresses listed in "output.xlsx"
- checks the output.xlsx file for ips that show up consecutively in the column and puts them in a "matched.xlsx"(default is 10 matches = matches.xlsx, change this with the consecutive_threshold variable)
- compares matched.xlsx with current hostdeny.txt file and adds any ip address that do not already exist in hostdeny.txt and will let you know how many ip's it blocked
- excludes any matches it finds on the 192.168(change this to your ipschema i.e. 10.1 etc) because of some router forwarding
1. install python on your system(python.org)
2. make sure to install the environment variable path, depending on your version of windows you may need to open a cmd prompt and type "python" to take you to the windows store to install
3. from a cmd prompt type "pip install pandas" and "pip install openpyxl" (these are the module dependencies needed to run this)
4. Download blockthebaddies from git repo https://github.com/epidemik81/Blockthebaddies.git and place the file in your MBBS dir
5. add this line to your wgsclean.bat
@echo off
python blockthebaddies.py
timeout /t 10 >nul
6. you may also add this to a single bat if you want to run it manually
7. enjoy
Note: This all could have been buffered into memory and read but I wanted traceability, that said keep an eye on your "matched and output.xlsx" files to make sure they aren't getting to big
as an additional failsafe I would like to reference account id's to ip and if an account has an IP that matches then do not add, is anyone aware of a file I can see both of those?
If you have any contributions to this please speak up! I have a good understanding of python but unfortunately my bbs knowledge is rusty so I may be missing some important variables here?
Thanks,
M@
- reads the wgsaudit.adt file and and creates a dump of all the IP Addresses listed in "output.xlsx"
- checks the output.xlsx file for ips that show up consecutively in the column and puts them in a "matched.xlsx"(default is 10 matches = matches.xlsx, change this with the consecutive_threshold variable)
- compares matched.xlsx with current hostdeny.txt file and adds any ip address that do not already exist in hostdeny.txt and will let you know how many ip's it blocked
- excludes any matches it finds on the 192.168(change this to your ipschema i.e. 10.1 etc) because of some router forwarding
1. install python on your system(python.org)
2. make sure to install the environment variable path, depending on your version of windows you may need to open a cmd prompt and type "python" to take you to the windows store to install
3. from a cmd prompt type "pip install pandas" and "pip install openpyxl" (these are the module dependencies needed to run this)
4. Download blockthebaddies from git repo https://github.com/epidemik81/Blockthebaddies.git and place the file in your MBBS dir
5. add this line to your wgsclean.bat
@echo off
python blockthebaddies.py
timeout /t 10 >nul
6. you may also add this to a single bat if you want to run it manually
7. enjoy
Note: This all could have been buffered into memory and read but I wanted traceability, that said keep an eye on your "matched and output.xlsx" files to make sure they aren't getting to big
as an additional failsafe I would like to reference account id's to ip and if an account has an IP that matches then do not add, is anyone aware of a file I can see both of those?
If you have any contributions to this please speak up! I have a good understanding of python but unfortunately my bbs knowledge is rusty so I may be missing some important variables here?
Thanks,
M@