fix

2024-09-10 22:21:25 -06:00 · 2024-09-10 22:21:25 -06:00 · d3265031d7
commit d3265031d7
parent f07059538b
5 changed files with 2674 additions and 13244 deletions
--- a/bots.txt
+++ b/bots.txt
--- a/crawlers.txt
+++ b/crawlers.txt
@ -129,3 +129,5 @@ FediList
 WhatsApp
 Go-http-client
 Yakihonne
+GNUsocialBot
+ONEPLUS
--- a/firewall2.sh
+++ b/firewall2.sh
@ -1,6 +1,6 @@
 #!/bin/bash
 MY_IP="47.5.112.50"
-ATTACK_THRESHOLD="50"
+ATTACK_THRESHOLD="75"
 SERVER_IP='192.168.0.55'
 NGINX_ACCESS="/tmp/access.log"
 #WIREGUARD=(51820)
@ -300,7 +300,7 @@ start() {
 		cups
 		syncthingServer
 		syncthing
-		#blockCountry
+		blockCountry
 		jellyfin
 		wireguard-networking
 		uptimeKuma
@ -315,11 +315,15 @@ start() {
 }

 research(){
+	DATE="$(date +%d/%b/%Y:%H:%M -d '1 min ago' )"
 	STATS=( $( cat $TMP_BLOCK | sort -u) )
 	for i in "${STATS[@]}"; do
 		echo $MENU_TOP	
 		echo "                   [Researching $i]                  "
-		grep $i $NGINX_LOG | grep -Evi -f $SAFE_TRAFFIC
+		echo
+		grep $DATE $NGINX_LOG | grep $i | grep -Evi -f $SAFE_TRAFFIC 
+		echo 
+		echo "Count: $COUNT"
 		echo $MENU_BOTTOM
 		echo	
 		read -p 'Press Enter to Continue ' -e 
@ -420,16 +424,17 @@ module-go(){
 		if [[ "$GO_SPAM" -gt 5  ]];
 			then
 				$NFT add rule ip filter input ip saddr "$1" $NFT_DROP
+				echo $1 >> $TMP_BLOCK
 		fi
-		echo $1 >> $TMP_BLOCK
 }
+
 module-wordpress(){
 		WP_SPAM=$( grep $2 $NGINX_ACCESS | grep -E "cgi-bin|wp-content|wp-admin|wp-includes" | wc -l)
 		if [[ "$WP_SPAM" -gt 2  ]];
 			then
 				$NFT add rule ip filter input ip saddr "$1" $NFT_DROP
+				echo $1 >> $TMP_BLOCK
 		fi
-		echo $1 >> $TMP_BLOCK
 }

 module-lightning(){
@ -437,35 +442,42 @@ module-lightning(){
 		if [[ "$LN_SPAM" -gt 5  ]];
 			then
 				$NFT add rule ip filter input ip saddr "$1" $NFT_DROP
+				echo $1 >> $TMP_BLOCK
 		fi
-		echo $1 >> $TMP_BLOCK
 }

 watch() {
 	DATE="$(date +%d/%b/%Y:%H:%M -d '1 min ago' )"
 	echo "Scanning $DATE"
 	echo
-	IP=( $( grep $DATE $NGINX_ACCESS | grep -Evi -f $SAFE_TRAFFIC | grep -vi $MY_IP | grep -vi '127.0.0.1' | cut -d ' ' -f1 | sort -u  ) )
+	IP=( $( grep $DATE $NGINX_ACCESS | grep -Evi -f $CRAWLER_DB | grep -Evi -f $SAFE_TRAFFIC | grep -vi $MY_IP | grep -vi '127.0.0.1' | cut -d ' ' -f1 | sort -u  ) )
+
 	for i in "${IP[@]}"; do
-		COUNT=$( grep $DATE $NGINX_ACCESS | grep "$i" | wc -l) 
-		CHECK=$( cat $NFT_CACHE | grep $i)
-	
 		module-lightning "$i" "$DATE"
 		module-wordpress "$i" "$DATE"
 		module-go "$i" "$DATE"
-
-		if [ "$CHECK" = "" ];
-			then
-				if [[ "$COUNT" -gt "$ATTACK_THRESHOLD" ]]; then
-					echo "Blocking IP: $i"
+		
+		COUNT=$( grep $DATE $NGINX_ACCESS | grep $i | wc -l) 
+		CHECK=$( cat $NFT_CACHE | sort -u | grep $i )
+ 	
+		if [[ "$COUNT" -gt $ATTACK_THRESHOLD ]]; then
+			echo "Danger!"
+			echo "$IP $CHECK $COUNT"
+				if [ "$CHECK" = "" ]; then
+					echo "Blocking IP: $i Count: $COUNT"
 					logger "Blocking IP: $i"
 					echo $i >> $TMP_BLOCK
 					$NFT add rule ip filter input ip saddr $i $NFT_DROP
-			 	fi
-			else
-				echo 
-				echo "Skipping Duplicate IP $i"
-				echo
+				else
+					echo
+					echo "Skipping Duplicate IP"
+					echo
+					
+		 		fi
+		else
+			echo 
+			echo "$i count: $COUNT below Threshhold: $ATTACK_THRESHOLD"
+			echo
 		fi	
 	done
 }
--- a/nft.rules
+++ b/nft.rules
--- a/safe.txt
+++ b/safe.txt
@ -32,3 +32,6 @@ ActivityRelay
 detroit
 Momostr
 GuzzleHttp
+FoundKey
+ShitPissCum
+poa.st