Tweet
[Script] Auto ban Illegal CCcam Users in Debian
This script will scan you're debug file for illegal users, sort out the username and ip and insert the IP in ip-tables.
If you want, the script can also mail you the result so you know what users are put in ip-tables and gives you the advantage to check if it's not a valid user.
You can put this script in the crontab to enable automatic checking.
The following is an example how to install.
then change the following lines in the script to match the debug file and it's location.
Should be
and this line
Should be changed to where you want the firewall rules to be saved
To insert it in the crontab, edit it and insert this line:
This will run the script every whole hour.
For the mail function to work, you have to do the following:
Insert here a valid email adress
and it will mail you every time it runs and finds an illegal user. If no user is found, it will not mail you.
PHP Code:
#!/bin/sh
###########################
## Auto Ban script ##
## Illegal CCcam Users ##
## Written By CC_Share ##
## Thanks to Unlocker-AL ##
## For the Basic idea ##
###########################
workdir="/" #This is there the debug info from CCcam is dumped
firewall="/" #The saved firewall rules
logdir="/emu/log" #The logfile directory
EMAIL="" #Email adres to mail result to
SUBJECT="Illegal Userlist CCcam" #Subject title of the email
EMAILMESSAGE="/emu/log/illegaluser.txt" #List that contains the Illegal users
rm $workdir/debug.old
cp $workdir/debug.txt $workdir/debug.old
cp $logdir/iptables-save.new $logdir/iptables-save.old
cat $workdir/debug.old|grep illegal > $logdir/illegaluser.log
grep 'illegal' $logdir/illegaluser.log | awk -F" " '{print $5,$7}' > $logdir/illegaluser.txt
grep 'illegal' $logdir/illegaluser.log | awk -F" " '{print $7}' | grep -o '^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' > $logdir/badIP.out
awk '
{s[$0]++}
END {
for(i in s) {
if(s[i]>1) {
print i
}
}
}' $logdir/badIP.out > $logdir/badIP.block
while IFS= read -r EachLine
do
command="iptables -A INPUT -s "$EachLine" -j DROP"
echo $command
$command
done < $logdir/badIP.block
rm $logdir/badIP.block
if [ -s $logdir/illegaluser.txt ] ; then
iptables-save -c > $logdir/iptables-save.new
/usr/bin/nail -s "$SUBJECT" "$EMAIL" < $EMAILMESSAGE
else
echo "No Illegal Users found right now"
fi
sleep 1
> $workdir/debug.txt
exit 0
If you want, the script can also mail you the result so you know what users are put in ip-tables and gives you the advantage to check if it's not a valid user.
You can put this script in the crontab to enable automatic checking.
The following is an example how to install.
PHP Code:
./CCcam.x86 -dv > /home/debug.txt
PHP Code:
workdir="/"
PHP Code:
workdir="/home"
PHP Code:
firewall="/"
PHP Code:
firewall="/emu/log/"
PHP Code:
00 */1 * * * root /emu/script/./illegal.sh
This will run the script every whole hour.
For the mail function to work, you have to do the following:
PHP Code:
apt-get install nail
apt-get install exim4
dpkg-reconfigure exim4-config
Insert here a valid email adress
PHP Code:
EMAIL=""
Comment