My other scripts
Switch to Polish

The BAN-HACKERS script

Actual version

1.04 (21 May 2008)

Description

The BAN-HACKERS is a PERL script which enables blocking access to your WWW server for potential hackers. It cooperates with the ModSecurity web application firewall. Every IP address catched by the firewall is automatically added to the "iptables" netfilter and to a SQLite database. This database also remebers when the IP was added, so after specified time every IP address can be purged from the database and from "iptables". You can also define a "whitelist" - its elements are never added to the DB and to iptables.

Installation

Notice: I assume that your WWW server is run as the "apache" user and you want to install my script in /usr/local/apache2/bin directory

Configuration

Default, IP addresses which were added to the database 120 hours (5 days) ago or ealier are purged from the DB and from iptables, when the number of elements in the DB doesn't exceed 200. If the number of elements in the DB exceeds 200, then IP addresses which were added 24 hour or ealier are purged. If you want to disable the first possibility, edit my script and assign value 0 to the $standard_period variable. Purging when the number of elements exceeds the limit can be disabled by assignment value 0 to the $max_elements variable. If you want to change the limit, assign a value greater than 0.

Database is stored in /usr/local/apache2/logs/hackers.sqlite file. If you want to change it, edit my script and change the value of the $dbname variable.

If you want to define the whitelist, edit my script and modify the content of the %whitelist hash. Every IP address which shouldn't be added to the DB (iptables) must be a key in the hash and the value can be whatever.

Document last modified:



Stanislaw Polak,