block
To install - first off make sure you have Redis available to you. Then:
gem install block
From there, here's how you run it:
NAME
block - Ruby Gem to block IP addresses that are requesting URLs you determine are bad.
SYNOPSIS
block [global options] command [command options] [arguments...]
VERSION
0.0.x
GLOBAL OPTIONS
-d, --[no-]disable - Disable adding firewall rules
-e, --expiry=10 - Expiry time in seconds (default: 10)
-f, --file=filename.txt - The filename to watch (default: none)
--help - Show this message
-r, --redis=redis://127.0.0.1:6379 - Redis server location (default: redis://127.0.0.1:6379)
-s, --search=passwd,acunetrix - The searches - separated by commas. (default: none)
-t, --threshold=30 - Block threshold number (default: 30)
--version -
COMMANDS
help - Shows a list of commands or help for one command
watch - Watch and (optionally) block bad IP addresses
Monitor an Apache logfile and block IP addresses that are requesting pages that match strings you pass on the command line.
block -f logfile-to-watch.txt -s passwd,acunetrix watch
We watch the logs and increment a counter each time there's a match for a particular IP address and string, once they hit a certain number of matches they're blocked using Linux's iptables.
If you're not sure whether it's tuned correctly, you can run it with the -d
flag and watch what would happen.
Requires
Ruby 1.8.7 or 1.9.x
Redis