From: <yar...@us...> - 2010-06-22 14:33:12
|
Revision: 760 http://fail2ban.svn.sourceforge.net/fail2ban/?rev=760&view=rev Author: yarikoptic Date: 2010-06-22 14:33:05 +0000 (Tue, 22 Jun 2010) Log Message: ----------- ENH: adding gen_badbots script to generate apache-badbots.conf Modified Paths: -------------- trunk/config/filter.d/apache-badbots.conf Added Paths: ----------- trunk/files/gen_badbots Modified: trunk/config/filter.d/apache-badbots.conf =================================================================== --- trunk/config/filter.d/apache-badbots.conf 2010-05-01 13:26:02 UTC (rev 759) +++ trunk/config/filter.d/apache-badbots.conf 2010-06-22 14:33:05 UTC (rev 760) @@ -1,7 +1,7 @@ # Fail2Ban configuration file # # List of bad bots fetched from http://www.user-agents.org -# Generated on Sun Feb 11 01:09:15 EST 2007 by ./badbots.sh +# Generated on Sun Feb 11 01:09:15 EST 2007 by gen_badbots # # Author: Yaroslav Halchenko # Added: trunk/files/gen_badbots =================================================================== --- trunk/files/gen_badbots (rev 0) +++ trunk/files/gen_badbots 2010-06-22 14:33:05 UTC (rev 760) @@ -0,0 +1,83 @@ +#!/bin/bash +#-------------------------- =+- Shell script -+= -------------------------- +# +# @file badbots.sh +# @date Sun Feb 11 00:49:53 2007 +# @brief +# +# +# Yaroslav Halchenko CS@UNM, CS@NJIT +# web: http://www.onerussian.com & PSYCH@RUTGERS +# e-mail: yo...@on... ICQ#: 60653192 +# +# DESCRIPTION (NOTES): +# +# Script to fetch list of agent strings from http://www.user-agents.org +# which are known to be from mailicious bots, and create apache-badbots.conf +# filter for fail2ban +# +# COPYRIGHT: Yaroslav Halchenko 2007-2010 +# +# LICENSE: +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the +# Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. +# +# On Debian system see /usr/share/common-licenses/GPL for the full license. +# +#-----------------\____________________________________/------------------ + +url=http://www.user-agents.org/index.shtml +badbots=$( +for f in "" "?g_l" "?m" "?n_s" "?t_z"; do + wget -q -O- $url$f; +done \ +| grep -h -B4 '<td class="smallcell" nowrap>S </td>'\ +| sed -e 's/ //g' \ +| awk '/^--/{getline; gsub(" ",""); print $0}' \ +| sed -e 's/\([.\:|()]\)/\\\1/g' \ +| tr '\n' '|' \ +| sed -e 's/|$//g' +) + +echo $badbots >| /tmp/badbots.tmp + +cat >| apache-badbots.conf <<EOF +# Fail2Ban configuration file +# +# List of bad bots fetched from http://www.user-agents.org +# Generated on `date` by $0 +# +# Author: Yaroslav Halchenko +# +# + +[Definition] +badbotscustom = EmailCollector|WebEMailExtrac +badbots = $badbots + +# Option: failregex +# Notes.: Regexp to catch known spambots and software alike. Please verify that +# it is your intent to block IPs which were driven by abovementioned bots +# Values: TEXT +# +failregex = ^(?P<host>\S*) -.*"GET.*HTTP.*"(?:%(badbots)s|%(badbotscustom)s)"\$ + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = +EOF Property changes on: trunk/files/gen_badbots ___________________________________________________________________ Added: svn:executable + * This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |