<20080124025203.GA26793@saga.tampabay.rr.com>
In-Reply-To: <20080124025203.GA26793@saga.tampabay.rr.com>
Due to majordomo's admin filtering, this message was caught and had to be
fixed. Hopefully it won't break the thread too badly.
----- Forwarded message from slug@nks.net -----
From: Matthew Rogers <matt@runithard.com>
Date: Wed, 23 Jan 2008 22:15:52 -0500
Sure add_me up. Thanks for the input on the system call, ooops I wrote
it on a windows box and by default move all my pl files in ASCII so I
didn't notice. I fixed the download and increased it a version number :-)
It's been running for 24 hours on both of my mail servers.
/var/log/syslog doesn't show hundreds of "relay request rejected"
anymore. I've had 4 in the past could of hours, usually I'd had 50+
attempts, it seems like 2-5 a minute so I'm pretty happy to see that bad
traffic drop off. It's only a matter of time before they get in if you
keep letting them knock. It's hard to believe I've blocked 503 hosts
since yesterday......
matt@crazyhorse:/var/log/apache2$ wc -l /etc/hackerips.txt
503 /etc/hackerips.txt
matt@crazyhorse:/var/log/apache2$
Dylan William Hardison wrote:
> Spake Matthew Rogers on Wednesday, January 23, 2008 at 03:02PM -0500:
>
>> I just wrote an anti-spam tool that can key off anything in syslog
to block
>> crackers from dictionary attacking / being annoying. I got tired
of seeing
>> Relay Denied Requests 1000's of times a day on my servers so I wrote this
>> program.
>> It uses iptables to just drop cracker traffic... GPL if anyone wants to
>> contribute, I'm going to have the next version have a sync capability and
>> maybe something else and a better way to config other than opening up the
>> program source.
>>
>
> I notice you have a blog. Would you like me to add you to much-neglected
"planet slug"
> aggregator? (http://hardison.net/slug/planet/)
>
> Nice idea!
>
> There's a few issues: Your script is using Windows/DOS line endings (\r\n)
> instead of unix line endings, which means it will not run if you execute
it as a
> script (./denythem.pl).
>
> The only other issue I notice is that you're using system(STRING)
rather than
> system(LIST). If you're aware of the difference, that's okay, but incase
you are
> not: system("magic pants") executes the string using the system's shell
(/bin/sh
> typically), where as system("magic", "pants") executes the "magic"
executable
> (presumably somewhere in your $PATH) with one argument: "pants".
>
> There's nothing terribly wrong with using /bin/sh, but if you're not
careful
> sanitizing input, interesting things can happen.
>
>
----- End forwarded message -----
-- Paul M. Foster ----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:25:04 EDT