Set up a webserver on a local IP alias. Preferrably something nobody else listens on. I use 127.0.0.44.
I wrote a tiny, quick webserver to serve static pages. It's written in PHP, and can serve nearly a million pages per minute. It's available under PartyVan.
ban:
#!/bin/sh
# IPFW binary
ipfw="/sbin/ipfw"
# Index prefix of autoban rules
prefix="44???"
if [ -z "${1}" ]
then
echo "Usage: ${0} <ip>"
exit 64
fi
if [ "$(id -u)" -ne 0 ]
then
echo "Must be run as root."
exit 32
fi
luser="${1}"
# Determine if the IP is already banned
banned=$( ${ipfw} list | egrep "^${prefix}" | grep "from ${luser}" | cut -d" " -f1 | sort )
if [ -n "${banned}" ]
then
echo "Already banned, in rule(s): ${banned}"
exit 16
fi
# Obtain biggest index
last=$( ${ipfw} list | egrep "^${prefix}" | cut -d" " -f1 | sort | tail -n 1 )
# Is it an index?
if [ -z "${last}" ]
then
# Populate it with a sane value
index="$( echo "${prefix}" | tr '?' '0' )"
else
# Increment
index="$(( "${last}" + 1 ))"
fi
rule="${index} fwd 127.0.0.44 tcp from "${luser}" to any 80 in recv fxp0"
${ipfw} add ${rule}
unban:
#!/bin/sh
# IPFW binary
ipfw="/sbin/ipfw"
# Index prefix of autoban rules
prefix="44???"
if [ -z "${1}" ]
then
echo "Usage: ${0} <ip>"
exit 64
fi
if [ "$(id -u)" -ne 0 ]
then
echo "Must be run as root."
exit 32
fi
luser="${1}"
# Determine if the IP is already banned
banned=$( ${ipfw} list | egrep "^${prefix}" | grep "from ${luser}" | cut -d" " -f1 | sort )
if [ -z "${banned}" ]
then
echo "Not banned. Check rulesets manually."
exit 16
fi
# Unban
echo "Unbanning: ${banned}"
${ipfw} del ${banned}
banlist:
#!/bin/sh
# IPFW binary
ipfw="/sbin/ipfw"
# Index prefix of autoban rules
prefix="44???"
if [ "$(id -u)" -ne 0 ]
then
echo "Must be run as root."
exit 32
fi
# Get list of banned IPs
${ipfw} list | egrep "^${prefix}" | cut -d" " -f1,6 | sort | while read number ip
do
echo "${number} -> ${ip}"
done
autoban:
#!/bin/bash
# autoban <ip> <template|default>
pv_base="/home/admin/siteban/asshats"
if [ "$(id -u)" -ne "0" ]
then
echo "Run me as root."
exit 32
fi
ip="${1}"
template="${2:-autoban}"
# Parameter check
if [ -z "${ip}" ]
then
echo "Usage: $(basename "${0}") <ip> [template]"
echo "Executes banishment of the specified IP, optionally using template"
echo " as the ban message, or autoban if unspecified."
exit 64
fi
cd "${pv_base}"
# Template validity check
if [ ! -f "htdocs/${template}.html" ]
then
echo "Template ${template} doesn't exist. Defaulting to 'autoban'."
template="autoban"
fi
echo "$(date "+%Y-%m-%d:%H:%M:%S") autoban: banned ${ip} using template ${template}" >> autoban.log
logger -p security.notice -t autoban "banned ${ip} using template ${template}"
ln -svf "${template}.html" "htdocs/${ip}.html"
touch ".autoban/${ip}"
./ban "${ip}"
ab_expire:
#!/bin/bash
# Run me from cron every few minutes or hours or whatever to auto-expire bans
# Bans expire after one day
expiry=86400
pv_base="/home/admin/siteban/asshats"
if [ "$(id -u)" -ne "0" ]
then
echo "Run me as root."
exit 32
fi
cd "${pv_base}"
now="$(date "+%s")"
#logger -p security.notice -t autoban "Running ban expiry at $(date -r "${now}" "+%Y-%m-%d:%H:%M:%S")"
ls -1 .autoban/* 2>/dev/null | while read ip
do
ip="$(basename "${ip}")"
then="$(stat -f "%m" ".autoban/${ip}")"
age="$(( ${now} - ${then} ))"
consider
# logger -p security.notice -t autoban "Considering ${ip} (${age}, $(date -r "${then}" "+%Y-%m-%d:%H:%M:%S") )"
if [ "${age}" -ge "${expiry}" ]
then
echo "$(date "+%Y-%m-%d:%H:%M:%S") autoban: unbanned ${ip}" >> autoban.log
logger -p security.notice -t autoban "autoban expired for ${ip}"
./unban "${ip}"
rm -f ".autoban/${ip}"
rm -vf "htdocs/${ip}.html"
fi
done
kerban.php:
<?php
// Place a line similar to the following into sudoers to allow this to function:
// www = (root) NOPASSWD: /usr/home/admin/siteban/asshats/autoban *
// You must specify the full path to the autoban script, and NOPASSWD must be in effect, as www doesn't (or shouldn't) have a password.
$ip=$_SERVER['REMOTE_ADDR'];
shell_exec(sprintf('/usr/local/bin/sudo /usr/home/admin/siteban/asshats/autoban %s', escapeshellarg($ip)));
header("Location: http://www.lslwiki.net/lslwiki/");
?>