fix

2024-09-23 22:08:38 -06:00 · 2024-09-23 22:08:38 -06:00 · 1d0af7ed69
commit 1d0af7ed69
parent 54b65abdf4
6 changed files with 2814 additions and 2917 deletions
--- a/bots.txt
+++ b/bots.txt
@ -3302,3 +3302,36 @@
 188.165.212.137
 194.35.122.77
 213.180.203.193
+5.255.231.120
+95.108.213.197
+195.154.122.241
+152.53.15.22
+87.250.224.48
+87.250.224.82
+20.55.86.191
+20.55.213.185
+40.69.22.175
+54.36.148.169
+172.200.199.191
+20.55.14.245
+65.21.113.246
+95.108.213.88
+87.250.224.43
+5.255.231.177
+87.250.224.16
+66.249.79.235
+66.249.79.237
+5.255.231.169
+65.108.78.33
+213.180.203.109
+134.195.90.93
+87.250.224.235
+95.108.213.242
+2a03:2880:22ff:70::face:b00c
+213.180.203.229
+20.102.199.101
+205.210.31.172
+172.200.199.166
+74.249.14.173
+168.119.6.104
+35.203.211.198
--- a/firewall.service
+++ b/firewall.service
@ -1,6 +1,6 @@
 [Unit]
 Description=iptables firewall service
-After=gdm.service
+After=redis.service

 [Service]
 Type=oneshot
--- a/firewall.sh
+++ b/firewall.sh
@ -45,16 +45,13 @@ VIRT_BRIDGE="virbr0"
 #
 NFT='/usr/bin/nft'
 NFT_CACHE='/tmp/nft.cache'
-TMP_BLOCK='/tmp/tmp-blocked.txt'
+TMP_BLOCK=($(redis-cli --raw SMEMBERS tmp_block))
 #Log Files 
 #
-SAVED_BOTS='/opt/firewall/bots.txt'
-CRAWLER_DB='/opt/firewall/crawlers.txt'
-SAFE_TRAFFIC='/opt/firewall/safe.txt'
-PEDO_DB='/opt/firewall/pedo.txt'
-PEDO_LOG='/opt/firewall/pedo-log.txt'
+SAVED_BOTS=($(redis-cli --raw SMEMBERS bots))
+CRAWLER_DB=($(redis-cli --raw SMEMBERS crawlers))
+SAFE_TRAFFIC=($(redis-cli --raw SMEMBERS safe_traffic))
 BOT_ACCOUNT="blockbot@detroitriotcity.com"
-CRAWLER_TMP='/tmp/crawlers.txt'
 RULE_SET='/opt/firewall/nft.rules'
 MENU_TOP="=============================FireWall================================="
 MENU_BOTTOM="====================================================================="
@ -127,7 +124,7 @@ attacker-protection() {
 }

 bot-search() {
-	CRAWLERS=($(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep -Evi 'Guro|spank|report|rape|block' | grep -Ei -f $CRAWLER_DB | grep -Evi -f $SAFE_TRAFFIC | cut -d "-" -f1 | sort -u))
+	CRAWLERS=($(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep -Evi 'Guro|spank|report|rape|block' | grep -Ff <(printf '%s\n' "${CRAWLER_DB[@]}") | grep -Fivf <(printf '%s\n' "${SAFE_TRAFFIC[@]}") | cut -d "-" -f1 | sort -u))

 	echo
 	echo "Processing Web Crawler list into NFT....."
@ -136,7 +133,7 @@ bot-search() {
 		CHECK=$(cat $NFT_CACHE | grep $i)
 		if [ "$CHECK" = "" ]; then
 			ipBlockParser $i
-			echo $i >>$SAVED_BOTS
+			redis-cli SADD bots $i
 		else
 			echo
 			echo "Skipping Duplicate IP $i"
@ -145,29 +142,6 @@ bot-search() {
 	done
 }

-drc-alert() {
-	toot activate $BOT_ACCOUNT
-	toot post ":emergency: :hacker_p: :hacker_e: :hacker_d: :hacker_o: :trans: :hacker_a: :hacker_l: :hacker_e: :hacker_r: :hacker_t: :emergency2:  $1" -m /root/detroit/akkoma/blockbot/pedo.png
-}
-
-pedo-search() {
-	echo
-	PEDO_SEARCH=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep -Ei 'tag|search' | grep -Evi -f $CRAWLER_DB | grep -Ei -f $PEDO_DB | head -1)
-	echo $PEDO_SEARCH
-	if [ "$PEDO_SEARCH" ]; then
-		echo "Pedo Found!"
-		echo "Processing Pedo Searches into NFT....."
-		IP=$(echo $PEDO_SEARCH | cut -d ' ' -f1)
-		ipBlockParser $IP 
-		message "[Pedo Alert] $PEDO_SEARCH"
-		#drc-alert "$PEDO_SEARCH"
-		echo $IP >> $PEDO_LOG
-	else
-		echo
-		echo "No Pedos Found"
-		echo
-	fi
-}

 basic-security() {
 	$NFT flush ruleset
@ -206,8 +180,7 @@ trust() {

 import-saved() {

-	STATS=($(cat $SAVED_BOTS | sort -u))
-	for i in "${STATS[@]}"; do
+	for i in "${SAVED_BOTS[@]}"; do
 		ipBlockParser $i 
 	done
 }
@ -231,12 +204,12 @@ start() {
 }

 research() {
-	STATS=($(cat $TMP_BLOCK | sort -u))
+	STATS=($(redis-cli --raw SMEMBERS tmp_block  | sort -u))
 	for i in "${STATS[@]}"; do
 		echo $MENU_TOP
 		echo "                   [Researching $i]                  "
 		echo
-		DATA=$(grep $i $NGINX_LOG | grep -Evi -f $SAFE_TRAFFIC)
+		DATA=$(grep $i $NGINX_LOG | grep -Fivf <(printf '%s\n' "${SAFE_TRAFFIC[@]}"))
 		echo "$DATA"
 		echo
 		echo $MENU_BOTTOM
@ -260,7 +233,7 @@ status() {
 	NOT_FOUND=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep 404 | wc -l)
 	GATEWAY=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep 502 | wc -l)
 	SUCCESS=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep 200 | wc -l)
-	CRAWL=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep -Ei -f $CRAWLER_DB | wc -l)
+	CRAWL=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep -Fivf  <(printf '%s\n' "${CRAWLER_DB[@]}") | wc -l)
 	echo $MENU_TOP
 	echo "Attack Threshold: $ATTACK_THRESHOLD"
 	echo "Firewall Rules: $($NFT list table filter | wc -l)"
@ -279,7 +252,8 @@ status() {
 	#echo "Dropped Traffic: $($NFT list table filter | grep -Ei 'log counter packets' | cut -d ' ' -f6)"
 	echo
 	echo "Rate-limited IP's:"
-	cat $TMP_BLOCK | sort -u
+	echo
+	redis-cli --raw SMEMBERS tmp_block | sort -u
 	echo $MENU_BOTTOM
 }

@ -302,24 +276,25 @@ stop() {
 }

 forgive() {
-	IP=($(grep -vi $MY_IP $TMP_BLOCK | sort -u))
+	IP=($(redis-cli --raw SMEMBERS tmp_block | sort -u))
 	echo $IP
 	for i in "${IP[@]}"; do
 		HANDLE=$(nft -n -a list ruleset | grep $i | grep handle | cut -d '#' -f2 | cut -d ' ' -f3)
 		echo "Removing: $i Handle: $HANDLE"
 		echo $NFT delete rule ip filter input handle $HANDLE
 		ipDeleteParser $HANDLE
+		redis-cli SREM tmp_block $i
 	done

 	echo "Clearing old $TMP_BLOCK"
-	echo >$TMP_BLOCK
+	redis-cli DEL tmp_blocked
 }

 module-go() {
 	GO_SPAM=$(grep $2 $NGINX_ACCESS | grep -E "Go-http-client" | wc -l)
 	if [[ "$GO_SPAM" -gt 10 ]]; then
 		ipBlockParser "$1"
-		echo $1 >>$TMP_BLOCK
+		redis-cli SADD tmp_block $i
 		message "Go Spam Attack!"
 	fi
 }
@ -332,7 +307,7 @@ module-akkoma() {
 	echo "$IP $CHECK $COUNT"
 			if [ "$CHECK" = "" ]; then
 				ipBlockParser "$1"
-				echo $1 >>$TMP_BLOCK
+				redis-cli SADD tmp_block $i
 				message "module-akkoma: Spam Attack! $i"
 				echo "module-akkoma: Spam $1"
 			else 
@ -345,7 +320,7 @@ module-get-spam() {
 	GET_SPAM=$(grep $2 $NGINX_ACCESS | grep -E "GET / HTTP" | wc -l)
 	if [[ "$GET_SPAM" -gt 5 ]]; then
 		ipBlockParser "$1"
-		echo $1 >>$TMP_BLOCK
+		redis-cli SADD tmp_block $i
 		message "GET Spam Attack! $1"
 	fi
 }
@ -354,8 +329,8 @@ module-php() {
 	PHP_SPAM=$(grep $2 $NGINX_ACCESS | grep -E ".php|cgi-bin|wp-content|wp-admin|wp-includes" | wc -l)
 	if [[ "$PHP_SPAM" -gt 1 ]]; then
 		ipBlockParser "$1"
-		echo $1 >>$TMP_BLOCK
 		message "PHP Attack!"
+		redis-cli SADD tmp_block $i
 	fi
 }

@ -364,7 +339,7 @@ module-lightning() {
 	if [[ "$LN_SPAM" -gt 5 ]]; then
 		ipBlockParser "$1"
 		message "Lightning Spam Attack!"
-		echo $1 >>$TMP_BLOCK
+		redis-cli SADD tmp_block $i
 	fi
 }

@ -375,8 +350,8 @@ message() {
 watch() {
 	echo "Scanning $DATE"
 	echo
-	IP=($(grep $DATE $NGINX_ACCESS | grep -Evi -f $SAFE_TRAFFIC | grep -Evi -f $CRAWLER_DB | grep -Evi -f $SAVED_BOTS |grep -vi $MY_IP | grep -vi '127.0.0.1' | cut -d ' ' -f1 | sort -u))
-
+	IP=($(grep $DATE $NGINX_ACCESS | grep -Fivf <(printf '%s\n' "${SAFE_TRAFFIC[@]}") |  grep -Fivf  <(printf '%s\n' "${CRAWLER_DB[@]}") | grep -Fivf <(printf '%s\n' "${SAVED_BOTS[@]}")| grep -vi $MY_IP | grep -vi '127.0.0.1' | cut -d ' ' -f1 | sort -u))
+	
 	for i in "${IP[@]}"; do
 		module-akkoma "$i" "$DATE"
 		module-lightning "$i" "$DATE"
@ -384,14 +359,13 @@ watch() {
 		module-go "$i" "$DATE"
 		module-get-spam "$i" "$DATE"

-		COUNT=$(grep $DATE $NGINX_ACCESS | grep $i | grep -Evi -f $SAFE_TRAFFIC | grep -Evi -f $SAVED_BOTS | wc -l)
-
+		COUNT=$(grep $DATE $NGINX_ACCESS | grep $i | grep -Fivf <(printf '%s\n' "${SAFE_TRAFFIC[@]}") | grep -Fivf <(printf '%s\n' "${SAVED_BOTS[@]}") | wc -l)
 		CHECK=$(cat $NFT_CACHE | sort -u | grep $i)
 		if [[ "$COUNT" -gt $ATTACK_THRESHOLD ]]; then
 			if [ "$CHECK" = "" ]; then
 				echo "Danger! Blocking IP: $i Count: $COUNT"
 				logger "Blocking IP: $i with a count of: $COUNT"
-				echo $i >>$TMP_BLOCK
+				redis-cli SADD tmp_block $i
 				ipBlockParser $i
 				message "Blocking IP: $i with a count of: $COUNT"
 			else
@ -421,9 +395,8 @@ module-nostr(){
 }

 test-bots() {
-	TEST=($(cat $SAVED_BOTS))
-	for i in "${TEST[@]}"; do
-		DATA=$(grep $i $NGINX_ACCESS | grep -Evi -f $CRAWLER_DB)
+	for i in "${SAVED_BOTS[@]}"; do
+		DATA=$(grep $i $NGINX_ACCESS | grep -Fivf <(printf '%s\n' "${CRAWLER_DB[@]}"))
 		if [ "$DATA" = "" ]; then
 			echo "No Data. Probably OK"
 		else
@ -481,7 +454,7 @@ menu() {
 		status
 		read -p 'Press Enter to Continue ' -e
 	elif [ "$CHOICE" = "6" ]; then
-		tail -f $NGINX_ACCESS | grep -Evi -f $SAFE_TRAFFIC | grep -Evi -f $CRAWLER_DB
+		tail -f $NGINX_ACCESS | grep -Fivf <(printf '%s\n' "${SAFE_TRAFFIC[@]}") | grep -Fivf <(printf '%s\n' "${CRAWLER_DB[@]}")
 		read -p 'Press Enter to Continue ' -e
 	elif [ "$CHOICE" = "7" ]; then
 		test-bots
--- a/nft.rules
+++ b/nft.rules
--- a/pedo-log.txt
+++ b/pedo-log.txt
@ -1,179 +0,0 @@
-
-37.120.150.98
-178.175.141.229
-5.146.249.163
-169.150.254.88
-169.224.4.185
-207.113.193.191
-135.134.170.213
-51.89.153.112
-159.203.73.253
-57.129.1.102
-160.16.228.67
-185.132.53.12
-164.90.134.114
-164.90.134.114
-164.90.134.114
-164.90.134.114
-164.90.134.114
-159.89.185.5
-160.16.228.67
-159.89.185.5
-160.16.228.67
-159.89.185.5
-194.37.97.38
-160.16.228.67
-194.37.97.38
-160.16.228.67
-149.88.20.139
-2001:b07:6467:9a64:18e3:c102:a5ac:414e
-93.35.128.41
-216.145.134.37
-216.145.134.37
-124.243.188.150
-124.243.188.150
-128.31.0.13
-149.102.244.110
-128.31.0.13
-149.102.244.110
-128.31.0.13
-149.102.244.110
-128.31.0.13
-149.102.244.110
-128.31.0.13
-149.102.244.110
-128.31.0.13
-149.102.244.110
-128.31.0.13
-149.102.244.110
-128.31.0.13
-149.102.244.110
-128.31.0.13
-149.102.244.110
-92.24.58.171
-174.214.49.139
-142.93.65.129
-159.203.73.253
-159.89.185.5
-160.16.228.67
-174.214.49.139
-203.118.131.219
-92.24.58.171
-198.98.52.24
-162.247.74.206
-162.247.74.216
-198.98.48.35
-23.129.64.140
-109.207.115.111
-2804:54d0:bb20:131b::2
-23.244.150.2
-159.203.73.253
-216.145.134.37
-160.16.228.67
-2001:ac8:84:43::2
-37.120.234.130
-45.83.138.18
-45.88.200.57
-77.237.112.88
-84.146.205.242
-98.224.44.129
-149.40.62.39
-71.218.119.239
-124.243.188.150
-198.98.48.31
-223.82.109.173
-99.2.205.88
-159.203.73.253
-199.195.248.184
-45.11.59.28
-149.40.62.39
-216.145.134.37
-62.20.62.210
-124.243.150.207
-159.203.73.253
-79.153.36.75
-81.243.77.203
-92.40.174.42
-192.141.128.14
-128.31.0.13
-149.102.244.110
-169.150.231.246
-142.93.65.129
-159.203.73.253
-159.89.185.5
-160.16.228.67
-174.214.49.139
-203.118.131.219
-84.210.80.99
-84.210.80.99
-24.205.203.160
-24.205.203.160
-24.205.203.160
-24.205.203.160
-24.205.203.160
-46.229.93.74
-93.91.148.34
-176.9.28.121
-169.150.201.10
-176.9.28.121
-5.189.130.42
-176.9.28.121
-193.77.192.154
-188.165.192.99
-172.104.209.44
-165.227.173.137
-158.51.210.75
-190.72.102.42
-121.8.215.106
-190.72.102.42
-167.86.99.29
-167.86.99.29
-176.9.28.121
-176.9.28.121
-176.9.28.121
-176.9.28.121
-176.9.28.121
-169.150.201.10
-169.150.201.10
-111.11.109.11
-199.195.253.213
-199.195.253.213
-121.101.135.94
-172.233.254.134
-210.61.207.92
-41.223.234.116
-178.211.130.186
-138.204.20.160
-172.233.155.25
-172.233.25.232
-195.234.201.34
-119.39.109.233
-51.158.173.222
-103.200.20.56
-119.39.109.233
-208.87.243.199
-111.11.109.11
-194.164.206.37
-194.164.206.37
-208.87.243.199
-158.178.203.159
-158.178.203.159
-5.189.130.42
-119.39.109.233
-103.200.20.56
-103.200.20.56
-77.242.21.186
-77.242.21.186
-60.217.33.47
-15.235.12.19
-119.39.109.233
-60.217.33.47
-15.235.12.19
-103.200.20.56
-203.177.39.182
-172.104.129.235
-173.249.60.246
-170.150.209.40
-172.233.25.232
-158.178.203.159
-91.195.36.100
--- a/pedo.txt
+++ b/pedo.txt
@ -1,17 +0,0 @@
-pedo
-childporn
-child porn
-childfucking
-child fucking
-babycon
-baby con
-kiddie porn
-kiddieporn
-underage
-toddler
-toddlercon
-toddler con
-toddler porn
-map
-csam
-naked children