Kategoriearchive: Firewall

Joomla Contact Spam 1

At the moment we see spamming mails, which are sent via the contact form, on many customer servers running a current Joomla and OS. The logs contain lines like: – – [08/Sep/2017:20:01:37 +0200] “POST /index.php/kontakt HTTP/1.1” 302 483 “http://www.WEBSEITE.de/index.php/kontakt” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) […]

php-class for blocklist.de

I have developed a PHP class to call the API from blocklist.de. Reports can be created and sent in PHP. $log = $blocklist->create_http_log($ip, $date); $log .= “\n\n”.$blocklist->create_comment(‘Spam-Comment’, $comment, $mail); $report = $blocklist->send_report($ip, ‘badbots’, $log); The last entries are very easy to query: $last_added = $blocklist->get_last_added(‘-60s’); or $last_added = $blocklist->get_last_added(‘-1m’, ‘badbots’); […]

handle xt_recent from syslog-ng 2

The solution from Block outdated clients won´t work with syslog-ng 3.4.2, because syslog-ng syslog-ng uses “lseek()” to get the end of /proc/net/xt_recent/something while the program() destination just starts the program. Withe the destination file you get log-entries like: Aug 29 00:00:44 mx03.schaal-24.de syslog-ng[20351]: Error suspend timeout has elapsed, attempting to […]

[Update] Add blocklists from blocklist.de to iptables 25

Martin Kos pointed out to me that my Add blocklists from blocklist.de to iptables does not work when DNAT is used because the INPUT rules do not access or too late. It should be better to drop the packets not only in INPUT, but already in the mangle PREROUTING table. […]

Add blocklists from blocklist.de to iptables 2

UPDATE: http://blog.schaal-24.de/?p=2683&lang=en I use some blocklists from blocklist.de, to minimize potential attacks. Every list contains one IP per line, so the lists can easily added to the firewall using xt_recent. I use a simple Bash-Script which runs daily via cron to compare my firewall with the lists. Some definitions for […]

Postfix / Postscreen – add IP to the firewall

Robert Schetterer´s post (Botnet-Angriffe mit rsyslog und iptables recent module abwehren) to immediately add a IP by rsyslog to the firewall when they were rejected by postscreen has led me to present my solution here for syslog-ng. I do not use a pipe, but contribute about syslog-ng the appropriate IP […]

fail2ban with xt_recent reloaded 1

Here is the addition to fail2ban mit xt_recent. Fail2ban can ban ip only until the server restarts. I therefore add the bans not only in the firewall, but store them also into a mysql database. Basics I´ve created the database systemlog which containing two tables – one for the configs […]

limit traffic on clamav-mirror 1

I´m running a mirror for clamav. Since some clients always download the main.cvd instead of diffs and that results in a traffic up to 150 MB per day for each client. So i searched for a solution, to reduce the current monthly traffic of ~2TB. Fortunately apache sends already the […]