From b222e9cd763597cc9fc98aca429ffe2c66ad5d27 Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 11 Sep 2024 22:55:26 -0600 Subject: [PATCH] fix --- bots.txt | 285 +++++++++++++++++++++++++++++++++++++++++++++++++++ firewall2.sh | 16 +-- 2 files changed, 293 insertions(+), 8 deletions(-) diff --git a/bots.txt b/bots.txt index 32f38dd..67d2af2 100644 --- a/bots.txt +++ b/bots.txt @@ -602,3 +602,288 @@ 85.208.96.196 85.208.96.205 94.23.7.187 +154.54.249.218 +185.191.171.4 +217.113.194.182 +217.113.194.184 +217.113.194.190 +217.113.194.233 +217.113.194.235 +217.113.194.240 +217.113.194.251 +217.113.194.254 +47.128.39.121 +47.128.63.124 +57.141.5.18 +66.220.149.31 +94.23.7.187 +154.54.249.213 +154.54.249.218 +173.252.70.113 +173.252.83.31 +185.191.171.7 +217.113.194.183 +217.113.194.184 +217.113.194.234 +217.113.194.238 +217.113.194.239 +217.113.194.241 +217.113.194.251 +47.128.56.124 +47.128.63.108 +5.255.231.35 +66.249.66.74 +69.171.249.112 +69.171.249.33 +85.208.96.207 +85.208.96.209 +94.23.7.187 +217.113.194.182 +217.113.194.183 +217.113.194.188 +217.113.194.190 +217.113.194.232 +217.113.194.233 +217.113.194.238 +217.113.194.239 +47.128.127.245 +47.128.97.228 +66.249.68.39 +85.208.96.193 +94.23.7.187 +185.191.171.18 +185.191.171.9 +217.113.194.188 +217.113.194.189 +217.113.194.190 +217.113.194.233 +217.113.194.234 +217.113.194.235 +217.113.194.238 +217.113.194.239 +217.113.194.241 +47.128.115.94 +47.128.55.5 +66.249.66.74 +66.249.68.33 +94.23.7.187 +217.113.194.185 +217.113.194.186 +217.113.194.187 +217.113.194.191 +217.113.194.233 +217.113.194.241 +217.113.194.254 +47.128.122.103 +47.128.24.107 +57.141.5.13 +57.141.5.15 +57.141.5.22 +85.208.96.210 +94.23.7.187 +185.191.171.4 +185.191.171.9 +20.102.46.152 +217.113.194.191 +217.113.194.232 +217.113.194.235 +217.113.194.251 +217.113.194.254 +47.128.119.223 +47.128.45.81 +57.141.5.29 +57.141.5.5 +69.171.230.5 +85.208.96.201 +85.208.96.211 +94.23.7.187 +114.119.131.136 +154.54.249.213 +154.54.249.218 +172.104.14.163 +20.102.46.152 +217.113.194.232 +217.113.194.235 +217.113.194.238 +217.113.194.251 +47.128.118.108 +47.128.54.117 +66.249.66.73 +66.249.66.74 +73.89.173.228 +94.23.7.187 +154.54.249.218 +17.241.75.170 +217.113.194.185 +217.113.194.191 +217.113.194.232 +217.113.194.234 +217.113.194.236 +47.128.112.130 +47.128.119.44 +52.159.142.96 +57.141.5.27 +65.92.196.239 +66.249.66.11 +69.171.249.47 +94.23.7.187 +154.54.249.213 +17.246.15.187 +17.246.15.22 +17.246.19.118 +17.246.19.23 +17.246.19.239 +17.246.23.169 +17.246.23.238 +185.224.128.187 +217.113.194.186 +217.113.194.188 +217.113.194.189 +217.113.194.233 +217.113.194.235 +217.113.194.236 +217.113.194.239 +217.113.194.241 +47.128.124.104 +47.128.36.35 +47.128.48.10 +66.249.68.35 +94.23.7.187 +154.54.249.213 +154.54.249.218 +17.241.227.5 +217.113.194.190 +217.113.194.232 +217.113.194.236 +217.113.194.238 +217.113.194.241 +47.128.118.206 +47.128.98.67 +57.141.5.7 +85.208.96.204 +94.23.7.187 +213.180.203.52 +217.113.194.182 +217.113.194.183 +217.113.194.186 +217.113.194.234 +217.113.194.235 +217.113.194.238 +217.113.194.240 +217.113.194.254 +47.128.17.235 +47.128.23.144 +85.208.96.207 +85.208.96.211 +94.23.7.187 +17.241.219.181 +17.241.219.190 +17.241.219.219 +17.241.227.211 +17.241.75.125 +17.241.75.16 +17.241.75.88 +217.113.194.182 +217.113.194.183 +217.113.194.187 +217.113.194.188 +217.113.194.232 +217.113.194.234 +217.113.194.235 +217.113.194.236 +217.113.194.237 +217.113.194.241 +47.128.115.193 +47.128.57.121 +85.208.96.203 +94.23.7.187 +114.119.135.232 +154.54.249.213 +185.191.171.17 +20.171.206.254 +217.113.194.186 +217.113.194.238 +47.128.28.164 +47.128.53.163 +52.159.142.96 +68.183.103.169 +69.171.249.17 +85.208.96.206 +17.241.219.220 +17.241.227.230 +17.241.227.32 +17.241.227.66 +17.241.75.122 +17.241.75.171 +47.128.113.6 +47.128.121.137 +66.220.149.48 +66.249.68.39 +85.208.96.196 +85.208.96.202 +180.191.166.138 +47.128.41.105 +47.128.59.148 +66.249.66.11 +173.252.70.113 +47.128.109.67 +47.128.119.63 +47.128.58.78 +173.252.107.30 +185.191.171.12 +185.191.171.19 +185.191.171.2 +185.191.171.3 +185.191.171.4 +185.191.171.5 +47.128.111.172 +47.128.112.63 +47.128.33.131 +47.128.47.142 +69.171.249.116 +85.208.96.198 +85.208.96.199 +217.30.11.246 +47.128.113.46 +47.128.121.36 +47.128.49.19 +47.128.59.82 +85.208.96.210 +17.241.219.252 +17.241.219.28 +47.128.120.61 +47.128.25.240 +47.128.34.164 +47.128.98.27 +66.249.68.32 +185.156.46.172 +47.128.16.222 +47.128.32.134 +47.128.33.96 +47.128.99.174 +151.115.74.224 +185.191.171.9 +47.128.118.41 +47.128.124.100 +47.128.58.51 +74.48.200.174 +85.208.96.201 +185.26.156.162 +202.172.26.7 +47.128.19.83 +47.128.31.249 +5.161.195.229 +65.92.196.239 +175.139.248.221 +47.128.27.180 +47.128.31.252 +47.128.41.168 +174.138.53.241 +47.128.109.55 +47.128.122.162 +5.161.198.104 +38.45.65.254 +47.128.19.152 +47.128.20.209 +47.128.49.188 +85.208.96.211 diff --git a/firewall2.sh b/firewall2.sh index a0479ae..85e53b1 100755 --- a/firewall2.sh +++ b/firewall2.sh @@ -57,7 +57,7 @@ blockCountry() { echo "Blocking $i" DB=( $(curl $i) ) for j in "${DB[@]}"; do - $NFT add rule ip filter input position 1 ip saddr $j $NFT_DROP + $NFT add rule ip filter input position 8 ip saddr $j $NFT_DROP done done @@ -93,7 +93,7 @@ bot-search() { CHECK=$( cat $NFT_CACHE | grep $i) if [ "$CHECK" = "" ]; then - $NFT add rule ip filter input position 1 ip saddr $i $NFT_DROP + $NFT add rule ip filter input position 8 ip saddr $i $NFT_DROP echo $i >> $SAVED_BOTS else echo @@ -114,7 +114,7 @@ pedo-search() { echo "No Pedos Found" else IP=$(echo $PEDO_SEARCH | cut -d ' ' -f1) - $NFT add rule ip filter input position 1 ip saddr $IP $NFT_DROP + $NFT add rule ip filter input position 8 ip saddr $IP $NFT_DROP message "[Pedo Alert] $QUERY" fi @@ -421,7 +421,7 @@ module-go(){ GO_SPAM=$( grep $2 $NGINX_ACCESS | grep -E "Go-http-client" | wc -l) if [[ "$GO_SPAM" -gt 20 ]]; then - $NFT add rule ip filter input position 1 ip saddr "$1" $NFT_DROP + $NFT add rule ip filter input position 8 ip saddr "$1" $NFT_DROP echo $1 >> $TMP_BLOCK message "Go Spam Attack!" fi @@ -431,7 +431,7 @@ module-get-spam(){ GET_SPAM=$( grep $2 $NGINX_ACCESS | grep -E "GET / HTTP" | wc -l) if [[ "$GET_SPAM" -gt 20 ]]; then - $NFT add rule ip filter position 1 input ip saddr "$1" $NFT_DROP + $NFT add rule ip filter input position 8 ip saddr "$1" $NFT_DROP echo $1 >> $TMP_BLOCK message "GET Spam Attack!" fi @@ -441,7 +441,7 @@ module-php(){ PHP_SPAM=$( grep $2 $NGINX_ACCESS | grep -E "defaults.php|config.php|upgrade.php|plugins.php|xmrlpc|cgi-bin|wp-content|wp-admin|wp-includes" | wc -l) if [[ "$PHP_SPAM" -gt 2 ]]; then - $NFT add rule ip filter position 1 input ip saddr "$1" $NFT_DROP + $NFT add rule ip filter input position 8 ip saddr "$1" $NFT_DROP echo $1 >> $TMP_BLOCK message "Wordpress Attack!" fi @@ -451,7 +451,7 @@ module-lightning(){ LN_SPAM=$( grep $2 $NGINX_ACCESS | grep "lnurlp/verita84" | wc -l) if [[ "$LN_SPAM" -gt 5 ]]; then - $NFT add rule ip filter input position 1 ip saddr "$1" $NFT_DROP + $NFT add rule ip filter input position 8 ip saddr "$1" $NFT_DROP message "Lightning Spam Attack!" echo $1 >> $TMP_BLOCK fi @@ -483,7 +483,7 @@ watch() { echo "Blocking IP: $i Count: $COUNT" logger "Blocking IP: $i with a count of: $COUNT" echo $i >> $TMP_BLOCK - $NFT add rule ip filter input position 1 ip saddr $i $NFT_DROP + $NFT add rule ip filter input position 8 ip saddr $i $NFT_DROP message "Blocking IP: $i with a count of: $COUNT" else echo