I wanted to announce a little script project I'm starting called 'bantcp'.
I got frustrated by a dictionary attack on one of my domains. Tonix' CHKUSER patch did it's job in repelling the offending IPs (who were not already RBLd) but I wanted more.
I wanted a (semi-)automated way to extract the attacking IPs from my qmail logs and insert them into my tcp.smtp file using selection criteria based upon how many attacks had been made from an IP during a specific window of time. I felt this was a way to prevent further abuse from these IPs.
bantcp is version 0.01 It's a cobbling of bash and perl to provide the output suitable for pasting into your tcp.smtp file. It's not terribly elegant yet, but I'm hoping for some suggestions.
Flames are welcome too, though please be kind. I'm not a coder. I'm also guessing that a 'sed/awk' guru could tighten bantcp up a lot - maybe kill off the perl jumps altogether.
Thanks,
Dave.
D.E.R. Management - IT Project Management Consulting
I got frustrated by a dictionary attack on one of my domains. Tonix' CHKUSER patch did it's job in repelling the offending IPs (who were not already RBLd) but I wanted more.
I wanted a (semi-)automated way to extract the attacking IPs from my qmail logs and insert them into my tcp.smtp file using selection criteria based upon how many attacks had been made from an IP during a specific window of time. I felt this was a way to prevent further abuse from these IPs.
bantcp is version 0.01 It's a cobbling of bash and perl to provide the output suitable for pasting into your tcp.smtp file. It's not terribly elegant yet, but I'm hoping for some suggestions.
Flames are welcome too, though please be kind. I'm not a coder. I'm also guessing that a 'sed/awk' guru could tighten bantcp up a lot - maybe kill off the perl jumps altogether.
Thanks,
Dave.
D.E.R. Management - IT Project Management Consulting
