fix

2024-09-21 19:53:57 -06:00 · 2024-09-21 19:53:57 -06:00 · 53faaf3b1c
commit 53faaf3b1c
parent 8f7d1d4c53
5 changed files with 12532 additions and 1935 deletions
--- a/bots.txt
+++ b/bots.txt
@ -1,4 +1,3 @@
-
 167.172.244.121
 185.224.128.59
 66.249.66.9
@ -2222,3 +2221,97 @@
 184.72.104.129
 64.124.8.204
 3.94.89.109
+106.227.95.142
+168.119.6.104
+66.249.72.110
+167.172.244.121
+167.172.244.121
+20.186.10.2
+167.172.244.121
+167.172.244.121
+167.172.244.121
+167.172.244.121
+116.179.37.117
+116.179.37.148
+116.179.37.166
+116.179.37.53
+220.181.108.80
+74.80.208.73
+185.178.47.22
+2a01:4f9:c010:241b::1
+167.172.244.121
+2a01:4f9:c010:241b::1
+74.80.208.73
+167.172.244.121
+65.21.61.25
+2602:80d:1003::39
+52.234.33.254
+2a01:4f9:4a:3793:0:10:0:e16a
+2a01:4f9:4a:3793:0:10:0:e16a
+2a01:4f9:4a:3793:0:10:0:e16a
+2a01:4f9:4a:3793:0:10:0:e16a
+47.5.105.63
+172.183.132.97
+66.249.66.65
+167.172.244.121
+47.5.105.63
+5.255.231.198
+57.141.5.3
+2a01:4f9:c010:241b::1
+2a01:4f9:c010:241b::1
+173.252.107.24
+20.55.14.175
+172.183.79.3
+74.235.135.246
+40.76.254.131
+74.235.135.245
+44.214.187.82
+172.190.111.150
+47.5.115.173
+40.67.142.64
+167.94.146.60
+2a01:4f8:242:3ce9::2
+2a01:4f8:242:3ce9::2
+2a01:4f8:242:3ce9::2
+109.199.100.202
+167.172.244.121
+185.191.171.1
+172.183.113.201
+52.234.33.115
+2a03:90c0:114::2fb
+2a03:90c0:114::2fb
+188.165.194.82
+2a03:90c0:114::2fb
+2a03:90c0:114::2fb
+2a03:90c0:114::2fb
+2a03:90c0:114::2fb
+2a03:90c0:114::2fb
+2a03:90c0:114::2fb
+2a03:90c0:114::2fb
+2a03:2880:13ff:39::face:b00c
+54.36.149.52
+66.249.66.84
+52.234.38.129
+52.234.38.129
+185.230.138.50
+2a03:2880:22ff:73::face:b00c
+2a03:2880:22ff:73::face:b00c
+173.252.83.38
+2a03:2880:13ff:8::face:b00c
+66.249.66.12
+2a01:4f8:242:3ce9::2
+66.249.66.21
+66.249.66.85
+167.172.244.121
+185.191.171.13
+185.191.171.5
+85.208.96.199
+167.172.244.121
+185.191.171.13
+185.191.171.5
+85.208.96.194
+85.208.96.199
+2a03:2880:f800:a::
+2a01:4f9:c010:241b::1
+2a01:4f8:242:3ce9::2
+2606:a8c0:4:19::a
--- a/firewall2.sh
+++ b/firewall2.sh
@ -1,5 +1,5 @@
 #!/bin/bash
-MY_IP="47.5.112.50"
+MY_IP="47.5.115.173"
 ATTACK_THRESHOLD="50"
 SERVER_IP='192.168.0.55'
 NGINX_ACCESS="/tmp/access.log"
@ -38,11 +38,12 @@ ATTACKER_DB='/opt/firewall/attacker-db.txt'
 ATTACKER_LOG='/opt/firewall/attackers.txt'
 BOT_ACCOUNT="blockbot@detroitriotcity.com"
 CRAWLER_TMP='/tmp/crawlers.txt'
-DATE="$(date +%Y:%H: -d "1 hour ago")"
-#DATE="$(date +%Y:%H:)";
 RULE_SET='/opt/firewall/nft.rules'
 MENU_TOP="=============================FireWall================================="
 MENU_BOTTOM="====================================================================="
+DATE="$(date +%d/%b/%Y:%H:%M -d '15 seconds ago')"
+#DATE="$(date +%d/%b/%Y:%H:%M:%S -d '15 seconds ago')"
+echo $DATE
 COUNTRY=(
 	https://www.ipdeny.com/ipblocks/data/countries/il.zone
 	https://www.ipdeny.com/ipblocks/data/countries/cn.zone
@ -52,9 +53,9 @@ nft list table filter >$NFT_CACHE

 ipBlockParser(){
               if [[ "$1" == *":"* ]]; then
-                        $NFT add rule ip6 filter input position 8 ip6 saddr $1 $NFT_DROP &       
+                        $NFT add rule ip6 filter input position 8 ip6 saddr $1 $NFT_DROP        
               else
-                        $NFT add rule ip filter input position 8 ip saddr "$1" $NFT_DROP &
+                        $NFT add rule ip filter input position 8 ip saddr "$1" $NFT_DROP 
               fi
 }

@ -65,7 +66,7 @@ portOpenParser(){
 		$NFT6_UDP $i $NFT_ACCEPT
 }

-ipDeleteParse(){
+ipDeleteParser(){
               if [[ "$1" == *":"* ]]; then
 			$NFT delete rule ip6 filter input handle $HANDLE
               else
@ -97,15 +98,11 @@ wireguard-networking() {
 }

 attacker-protection() {
-	saved-attackers
 	watch
-	pedo-search
 	bot-search
-	module-nostr
 }

 bot-search() {
-	DATE="$(date +%d/%b/%Y:%H:%M -d '1 min ago')"
 	CRAWLERS=($(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep -Evi 'Guro|spank|report|rape|block' | grep -Ei -f $CRAWLER_DB | grep -Evi -f $SAFE_TRAFFIC | cut -d "-" -f1 | sort -u))

 	echo
@ -130,7 +127,6 @@ drc-alert() {
 }

 pedo-search() {
-	DATE="$(date +%d/%b/%Y:%H:%M -d '1 min ago')"
 	echo
 	PEDO_SEARCH=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep -Ei 'tag|search' | grep -Evi -f $CRAWLER_DB | grep -Ei -f $PEDO_DB | head -1)
 	echo $PEDO_SEARCH
@ -140,7 +136,7 @@ pedo-search() {
 		IP=$(echo $PEDO_SEARCH | cut -d ' ' -f1)
 		ipBlockParser $IP 
 		message "[Pedo Alert] $PEDO_SEARCH"
-		drc-alert "$PEDO_SEARCH"
+		#drc-alert "$PEDO_SEARCH"
 		echo $IP >> $PEDO_LOG
 	else
 		echo
@ -151,17 +147,17 @@ pedo-search() {

 basic-security() {
 	$NFT add rule filter input icmp type echo-request $NFT_DROP
-	$NFT add rule filter input log
-	$NFT rule filter input log $NFT_DROP
+	#$NFT rule filter input log $NFT_DROP
 	$NFT rule filter output $NFT_ACCEPT
 	$NFT rule filter forward $NFT_ACCEPT
 	$NFT insert rule filter input ct state established $NFT_ACCEPT
 	$NFT insert rule filter input iif lo $NFT_ACCEPT

-	#	$NFT -f /opt/firewall/ipv6-filter.nft
+	$NFT -f /opt/firewall/ipv6-filter.nft
 	#	$NFT add rule ip6 filter input icmpv6 type nd-neighbor-solicit $NFT_DROP
 	#	$NFT add rule ip6 filter input icmpv6 type nd-router-advert $NFT_DROP
 	$NFT add rule filter input drop
+	$NFT add rule ip6 filter input drop
 }

 virtualization() {
@ -266,6 +262,14 @@ trust() {
 	done
 }

+quickImport() {
+
+	STATS=($(cat /tmp/db.txt | sort -u))
+	for i in "${STATS[@]}"; do
+		ipBlockParser $i 
+	done
+}
+
 import() {

 	STATS=($(cat $SAVED_BOTS | sort -u))
@ -316,7 +320,6 @@ start() {
 }

 research() {
-	DATE="$(date +%d/%b/%Y:%H:%M -d '1 min ago')"
 	STATS=($(cat $TMP_BLOCK | sort -u))
 	for i in "${STATS[@]}"; do
 		echo $MENU_TOP
@ -339,7 +342,6 @@ automaticStatus() {

 status() {
 	clear
-	DATE="$(date +%d/%b/%Y:%H:%M -d '1 min ago')"
 	STATS=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | wc -l)
 	GET=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep GET | wc -l)
 	POST=$(grep $DATE $NGINX_ACCESS | grep -vi $MY_IP | grep POST | wc -l)
@ -421,25 +423,89 @@ saved-attackers() {

 module-go() {
 	GO_SPAM=$(grep $2 $NGINX_ACCESS | grep -E "Go-http-client" | wc -l)
-	if [[ "$GO_SPAM" -gt 20 ]]; then
+	if [[ "$GO_SPAM" -gt 10 ]]; then
 		ipBlockParser "$1"
 		echo $1 >>$TMP_BLOCK
 		message "Go Spam Attack!"
 	fi
 }

-module-get-spam() {
-	GET_SPAM=$(grep $2 $NGINX_ACCESS | grep -E "GET / HTTP" | wc -l)
-	if [[ "$GET_SPAM" -gt 20 ]]; then
+
+module-home() {
+	SEARCH_SPAM=$(grep $2 $NGINX_ACCESS | grep -E "timelines/public|timelines/home" | grep $1 | wc -l)
+	CHECK=$(cat $NFT_CACHE | sort -u | grep $1)
+	if [[ "$SEARCH_SPAM" -gt 10 ]]; then
+	echo "module-home: $IP $CHECK $COUNT"
+			if [ "$CHECK" = "" ]; then
 				ipBlockParser "$1"
 				echo $1 >>$TMP_BLOCK
-		message "GET Spam Attack!"
+				message "module-home Spam Attack! $1"
+				echo "module-home: Spam $1"
+			else 
+				echo "module-homhomee: Ignoring Duplicate IP: $1"	
+			fi
+	fi
+}
+
+module-christi() {
+	SEARCH_SPAM=$(grep $2 $NGINX_ACCESS | grep -E "ChristiJunior" | grep $1 | wc -l)
+	CHECK=$(cat $NFT_CACHE | sort -u | grep $1)
+	if [[ "$SEARCH_SPAM" -gt 10 ]]; then
+	echo "module-christi: $IP $CHECK $COUNT"
+			if [ "$CHECK" = "" ]; then
+				ipBlockParser "$1"
+				echo $1 >>$TMP_BLOCK
+				message "module-christi: Spam Attack! $1"
+				echo "module-christi: Spam $1"
+			else 
+				echo "module-christi: Ignoring Duplicate IP: $i"	
+			fi
+	fi
+}
+module-meow() {
+	SEARCH_SPAM=$(grep $2 $NGINX_ACCESS | grep -E "meow" | grep $1 | wc -l)
+	CHECK=$(cat $NFT_CACHE | sort -u | grep $i)
+	if [[ "$SEARCH_SPAM" -gt 5 ]]; then
+	echo "$IP $CHECK $COUNT"
+			if [ "$CHECK" = "" ]; then
+				ipBlockParser "$1"
+				echo $1 >>$TMP_BLOCK
+				message "module-meow: Spam Attack! $1"
+				echo "module-meow: Spam $1"
+			else 
+				echo "module-meow: Ignoring Duplicate IP: $1"	
+			fi
+	fi
+}
+
+module-search() {
+	SEARCH_SPAM=$(grep $2 $NGINX_ACCESS | grep -E "GET /api/v2/search" | grep $1 | wc -l)
+	CHECK=$(cat $NFT_CACHE | sort -u | grep $i)
+	if [[ "$SEARCH_SPAM" -gt 5 ]]; then
+	echo "$IP $CHECK $COUNT"
+			if [ "$CHECK" = "" ]; then
+				ipBlockParser "$1"
+				echo $1 >>$TMP_BLOCK
+				message "module-search: Spam Attack! $i"
+				echo "module-search: Spam $1"
+			else 
+				echo "module-search: Ignoring Duplicate IP: $i"	
+			fi
+	fi
+}
+
+module-get-spam() {
+	GET_SPAM=$(grep $2 $NGINX_ACCESS | grep -E "GET / HTTP" | wc -l)
+	if [[ "$GET_SPAM" -gt 5 ]]; then
+		ipBlockParser "$1"
+		echo $1 >>$TMP_BLOCK
+		message "GET Spam Attack! $1"
 	fi
 }

 module-php() {
 	PHP_SPAM=$(grep $2 $NGINX_ACCESS | grep -E ".php|cgi-bin|wp-content|wp-admin|wp-includes" | wc -l)
-	if [[ "$PHP_SPAM" -gt 2 ]]; then
+	if [[ "$PHP_SPAM" -gt 1 ]]; then
 		ipBlockParser "$1"
 		echo $1 >>$TMP_BLOCK
 		message "PHP Attack!"
@ -461,25 +527,26 @@ message() {
 }

 watch() {
-	DATE="$(date +%d/%b/%Y:%H:%M -d '1 min ago')"
 	echo "Scanning $DATE"
 	echo
-	IP=($(grep $DATE $NGINX_ACCESS | grep -Evi -f $CRAWLER_DB | grep -Evi -f $SAFE_TRAFFIC | grep -vi $MY_IP | grep -vi '127.0.0.1' | cut -d ' ' -f1 | sort -u))
+	IP=($(grep $DATE $NGINX_ACCESS | grep -Evi -f $CRAWLER_DB | grep -vi $MY_IP | grep -vi '127.0.0.1' | cut -d ' ' -f1 | sort -u))

 	for i in "${IP[@]}"; do
+		module-home "$i" "$DATE"
+		module-search "$i" "$DATE"
+		module-meow "$i" "$DATE"
+		module-christi "$i" "$DATE"
 		module-lightning "$i" "$DATE"
 		module-php "$i" "$DATE"
 		module-go "$i" "$DATE"
 		module-get-spam "$i" "$DATE"

 		COUNT=$(grep $DATE $NGINX_ACCESS | grep $i | grep -Evi -f $SAFE_TRAFFIC | wc -l)
-		CHECK=$(cat $NFT_CACHE | sort -u | grep $i)

+		CHECK=$(cat $NFT_CACHE | sort -u | grep $i)
 		if [[ "$COUNT" -gt $ATTACK_THRESHOLD ]]; then
-			echo "Danger!"
-			echo "$IP $CHECK $COUNT"
 			if [ "$CHECK" = "" ]; then
-				echo "Blocking IP: $i Count: $COUNT"
+				echo "Danger! Blocking IP: $i Count: $COUNT"
 				logger "Blocking IP: $i with a count of: $COUNT"
 				echo $i >>$TMP_BLOCK
 				ipBlockParser $i
@ -499,7 +566,6 @@ watch() {
 }

 module-nostr(){
-	DATE="$(date +%d/%b/%Y:%H:%M -d '1 min ago')"
 	IP=($(grep $DATE $NGINX_ACCESS | grep "/block=" | cut -d '=' -f2| cut -d ' ' -f1 | sed 's/"//'))
 	for i in "${IP[@]}"; do
 	echo $i
@ -612,6 +678,8 @@ elif [ "$1" = "test" ]; then
 	test-bots
 elif [ "$1" = "nostr" ]; then
 	module-nostr
+elif [ "$1" = "import" ]; then
+	quickImport
 elif [ "$1" = "saved" ]; then
 	saved-bots
 else
--- a/nft.rules
+++ b/nft.rules
--- a/pedo-log.txt
+++ b/pedo-log.txt
@ -111,3 +111,69 @@
 24.205.203.160
 24.205.203.160
 24.205.203.160
+46.229.93.74
+93.91.148.34
+176.9.28.121
+169.150.201.10
+176.9.28.121
+5.189.130.42
+176.9.28.121
+193.77.192.154
+188.165.192.99
+172.104.209.44
+165.227.173.137
+158.51.210.75
+190.72.102.42
+121.8.215.106
+190.72.102.42
+167.86.99.29
+167.86.99.29
+176.9.28.121
+176.9.28.121
+176.9.28.121
+176.9.28.121
+176.9.28.121
+169.150.201.10
+169.150.201.10
+111.11.109.11
+199.195.253.213
+199.195.253.213
+121.101.135.94
+172.233.254.134
+210.61.207.92
+41.223.234.116
+178.211.130.186
+138.204.20.160
+172.233.155.25
+172.233.25.232
+195.234.201.34
+119.39.109.233
+51.158.173.222
+103.200.20.56
+119.39.109.233
+208.87.243.199
+111.11.109.11
+194.164.206.37
+194.164.206.37
+208.87.243.199
+158.178.203.159
+158.178.203.159
+5.189.130.42
+119.39.109.233
+103.200.20.56
+103.200.20.56
+77.242.21.186
+77.242.21.186
+60.217.33.47
+15.235.12.19
+119.39.109.233
+60.217.33.47
+15.235.12.19
+103.200.20.56
+203.177.39.182
+172.104.129.235
+173.249.60.246
+170.150.209.40
+172.233.25.232
+158.178.203.159
+91.195.36.100
--- a/safe.txt
+++ b/safe.txt
@ -64,7 +64,6 @@ Deno
 notifications
 frontend_settings
 announcements
-?since_id
 Husky
 Amethyst
 sw.js
@ -76,8 +75,5 @@ nostr.json
 apple-touch
 damus
 ANNIHILATION
-notifications?since_id
-api/v1/notifications
-api/v1/accounts
 banner.png
 maxres.jpg