Fork me on Github
Fork me on Github

Joe Dog Software

Proudly serving the Internets since 1999

up arrow Block IP Addresses With, um, block

Last night we told you that ISIS assholes were attacking America and its WordPress blogs. Have no fear, kids. In the War Against Internet Dickbags, Your JoeDog is here to help. Whenever he’s attacked by these people, i.e., all the time, he grabs their IP addresses from the logs and blocks their asses. He feeds those addresses to a script called block which, um, blocks them.

The script is just a convenience which makes your life easier. iptables does the heavy lifting. If you’re running a linux system — and why aren’t you? — then you probably have iptables.

Let’s block some dickwads now! (Continued after the jump)

The first thing we’ll do is grab the offending jerk balls from the error log:

$ tail -200 joedog-error_log | grep 'client denied' > haha

The entries in that file look like this:

[Tue Apr 07 21:36:58.835794 2015] [access_compat:error] [pid 17853] [client 192.77.245.171:29205] AH01797: client denied by server configuration: /var/www/joedog.org/wp-login.php, referer: http://www.joedog.org/

Now we’ll use some vi magic to reduce the file to a column of IP addresses:

:1,$ s/^.*[client //
:1,$ s/:.*$//

The first regex looped through the file and removed everything on the line before the IP address. The second regex stripped everything after it. Now we have a file which contains a single column of IP addresses. Many of them are redundant. We can delete redundant file entries like this:

$ sort haha | uniq -u > papa

At this point we can feed papa to our block script:

$ block ./papa

You can also block a single IP address like this:

$ block 94.153.8.126

NOTE: You might want to search that file for your own IP address before you run the script. The last thing you want to do is lock the door while your keys are still inside….

Download block (Requires JoeDog::Config