CDNWiki - View Source: KnowledgeBase/FreeBSD/SiteBan

Note: You are viewing an old version of this page. View the current version.
Set up a webserver on a local IP alias. Preferrably something nobody else listens on. I use 127.0.0.44.

I wrote a tiny, quick webserver to serve static pages. It's written in PHP, and can serve nearly a million pages per minute. It's available under [PartyVan].

[StopGrinding]

ban:
<verbatim>
#!/bin/sh

# IPFW binary
ipfw="/sbin/ipfw"
# Index prefix of autoban rules
prefix="44???"

if [ -z "${1}" ]
then
        echo "Usage: ${0} <ip>"
        exit 64
fi

if [ "$(id -u)" -ne 0 ]
then
        echo "Must be run as root."
        exit 32
fi

luser="${1}"

# Determine if the IP is already banned
banned=$( ${ipfw} list | egrep "^${prefix}" | grep "from ${luser}" | cut -d" " -f1 | sort )

if [ -n "${banned}" ]
then
        echo "Already banned, in rule(s): ${banned}"
        exit 16
fi

# Obtain biggest index
last=$( ${ipfw} list | egrep "^${prefix}" | cut -d" " -f1 | sort | tail -n 1 )

# Is it an index?
if [ -z "${last}" ]
then
        # Populate it with a sane value
        index="$( echo "${prefix}" | tr '?' '0' )"
else
        # Increment
        index="$(( "${last}" + 1 ))"
fi

rule="${index} fwd 127.0.0.44 tcp from "${luser}" to any in recv fxp0"

${ipfw} add ${rule}
</verbatim>

unban:
<verbatim>
#!/bin/sh

# IPFW binary
ipfw="/sbin/ipfw"
# Index prefix of autoban rules
prefix="44???"

if [ -z "${1}" ]
then
        echo "Usage: ${0} <ip>"
        exit 64
fi

if [ "$(id -u)" -ne 0 ]
then
        echo "Must be run as root."
        exit 32
fi

luser="${1}"

# Determine if the IP is already banned
banned=$( ${ipfw} list | egrep "^${prefix}" | grep "from ${luser}" | cut -d" " -f1 | sort )

if [ -z "${banned}" ]
then
        echo "Not banned. Check rulesets manually."
        exit 16
fi

# Unban
echo "Unbanning: ${banned}"
${ipfw} del ${banned}
</verbatim>

banlist:
<verbatim>
#!/bin/sh

# IPFW binary
ipfw="/sbin/ipfw"
# Index prefix of autoban rules
prefix="44???"

if [ "$(id -u)" -ne 0 ]
then
        echo "Must be run as root."
        exit 32
fi

# Get list of banned IPs
${ipfw} list | egrep "^${prefix}" | cut -d" " -f1,6 | sort | while read number ip
do
        echo "${number} -> ${ip}"
done
</verbatim>

autoban:
<verbatim>
#!/bin/bash

# autoban <ip> <template|default>

pv_base="/home/admin/siteban/asshats"

if [ "$(id -u)" -ne "0" ]
then
        echo "Run me as root."
        exit 32
fi

ip="${1}"
template="${2:-autoban}"

# Parameter check
if [ -z "${ip}" ]
then
        echo "Usage: $(basename "${0}") <ip> [template]"
        echo "Executes banishment of the specified IP, optionally using template"
        echo " as the ban message, or autoban if unspecified."
        exit 64
fi

cd "${pv_base}"

# Template validity check
if [ ! -f "htdocs/${template}.html" ]
then
        echo "Template ${template} doesn't exist. Defaulting to 'autoban'."
        template="autoban"
fi

echo "$(date "+%Y-%m-%d:%H:%M:%S") autoban: banned ${ip} using template ${template}" >> autoban.log
logger -p security.notice -t autoban "banned ${ip} using template ${template}"
ln -svf "${template}.html" "htdocs/${ip}.html"
touch ".autoban/${ip}"
./ban "${ip}"
</verbatim>

ab_expire:
<verbatim>
#!/bin/bash

# Run me from cron every few minutes or hours or whatever to auto-expire bans

# Bans expire after one day
expiry=86400
pv_base="/home/admin/siteban/asshats"

if [ "$(id -u)" -ne "0" ]
then
        echo "Run me as root."
        exit 32
fi

cd "${pv_base}"

now="$(date "+%s")"

#logger -p security.notice -t autoban "Running ban expiry at $(date -r "${now}" "+%Y-%m-%d:%H:%M:%S")"

ls -1 .autoban/* 2>/dev/null | while read ip
do
        ip="$(basename "${ip}")"
        then="$(stat -f "%m" ".autoban/${ip}")"
        age="$(( ${now} - ${then} ))"
        consider
#       logger -p security.notice -t autoban "Considering ${ip} (${age}, $(date -r "${then}" "+%Y-%m-%d:%H:%M:%S") )"

        if [ "${age}" -ge "${expiry}" ]
        then
                echo "$(date "+%Y-%m-%d:%H:%M:%S") autoban: unbanned ${ip}" >> autoban.log
                logger -p security.notice -t autoban "autoban expired for ${ip}"
                ./unban "${ip}"
                rm -f ".autoban/${ip}"
                rm -vf "htdocs/${ip}.html"
        fi
done
</verbatim>

kerban.php:
<verbatim>
<?php

// Place a line similar to the following into sudoers to allow this to function:
// www = (root) NOPASSWD: /usr/home/admin/siteban/asshats/autoban *
// You must specify the full path to the autoban script, and NOPASSWD must be in effect, as www doesn't (or shouldn't) have a valid password.


$ip=$_SERVER['REMOTE_ADDR'];

shell_exec(sprintf('/usr/local/bin/sudo /usr/home/admin/siteban/asshats/autoban %s', escapeshellarg($ip)));

header("Location: http://www.lslwiki.net/lslwiki/");

?>
</verbatim>