botblocker 1.74 KB
Newer Older
Alynna Trypnotk's avatar
Alynna Trypnotk committed
1 2 3 4 5 6 7 8 9 10 11
#!/bin/bash
iptables -t filter -D INPUT ! -s 10.0.0.0/8 -j BOTBLOCKER >/dev/null 2>&1 || true
iptables -t filter -F BOTBLOCKER >/dev/null 2>&1 || true
iptables -t filter -X BOTBLOCKER >/dev/null 2>&1 || true
iptables -t filter -N BOTBLOCKER >/dev/null 2>&1 || true
iptables -t filter -A INPUT ! -s 10.0.0.0/8 -j BOTBLOCKER
ip6tables -t filter -D INPUT ! -s 2603:300b:768:b000::/64 -j BOTBLOCKER >/dev/null 2>&1 || true
ip6tables -t filter -F BOTBLOCKER >/dev/null 2>&1 || true
ip6tables -t filter -X BOTBLOCKER >/dev/null 2>&1 || true
ip6tables -t filter -N BOTBLOCKER >/dev/null 2>&1 || true
ip6tables -t filter -A INPUT ! -s 2603:300b:768:b000::/64 -j BOTBLOCKER
Alynna Trypnotk's avatar
Alynna Trypnotk committed
12 13 14 15 16 17 18 19 20 21
iptables -t filter -D INPUT ! -s 10.0.0.0/8 -j RTBL >/dev/null 2>&1 || true
iptables -t filter -F RTBL >/dev/null 2>&1 || true
iptables -t filter -X RTBL >/dev/null 2>&1 || true
iptables -t filter -N RTBL >/dev/null 2>&1 || true
iptables -t filter -A INPUT ! -s 10.0.0.0/8 -j RTBL
ip6tables -t filter -D INPUT ! -s 2603:300b:768:b000::/64 -j RTBL >/dev/null 2>&1 || true
ip6tables -t filter -F RTBL >/dev/null 2>&1 || true
ip6tables -t filter -X RTBL >/dev/null 2>&1 || true
ip6tables -t filter -N RTBL >/dev/null 2>&1 || true
ip6tables -t filter -A INPUT ! -s 2603:300b:768:b000::/64 -j RTBL
22
tail -n 10000 /var/log/nginx/access.log | egrep -iv "google|yahoo|bing" | egrep -i "\(.*bot.*\)" | cut -d' ' -f1 | uniq > /var/cache/bots
Alynna Trypnotk's avatar
Alynna Trypnotk committed
23 24 25 26 27 28
for j in $(cat /var/cache/bots); do
 if [[ $j == *.*.*.* ]]; then
  iptables -I BOTBLOCKER -t filter -s $j -j DROP
 elif [[ $j == *:* ]]; then
  ip6tables -I BOTBLOCKER -t filter -s $j/64 -j DROP
 fi
Alynna Trypnotk's avatar
Alynna Trypnotk committed
29 30 31 32 33 34 35
done
for j in $(cat /etc/rtbl); do
 if [[ $j == *.*.*.* ]]; then
  iptables -I RTBL -t filter -s $j -j DROP
 elif [[ $j == *:* ]]; then
  ip6tables -I RTBL -t filter -s $j -j DROP
 fi
Alynna Trypnotk's avatar
Alynna Trypnotk committed
36
done