Re: [Exim] Sed Regex help

Top Page
Delete this message
Reply to this message
Author: Wakko Warner
Date:  
To: Eli
CC: 'Paul', 'Marc Perkel', exim-users
Subject: Re: [Exim] Sed Regex help
> Kinda off topic, but...
>
> Why not just use SSI and store the IP into a text file which can be
> retrieved easily by Exim? :)
>
> Simply use lsearch or search or whatever to pick up the data, and yer done!
> Way easier than opening a potentially huuge log file (especially if it got
> attacked). You could even get more advanced and make it a Perl script and
> save to a DB file, this way you can program against getting duplicate ips in
> the list. You could even call the Perl script with the SSI code - the user
> would never know (especially if you added .html or whatever as an SSI parsed
> file).


You could do:
#!/bin/sh
echo $REMOTE_ADDR >> /etc/exim/webblacklist
echo "Content-type: text/html"
echo

make sure the webserver can run it. you could name it index.cgi and add
index.cgi as a candidate for directory listing. I've done this.

1) you need to watch for the same IP hitting it more than once (could DoS
you/fill up the drive)
2) youcould add an email generator for fake email addresses.
 a) better: setup a domain pointing to your host that is for spam traps and
    blacklist/teergrub those IPs.
3) if you name it add.cgi, you can access:
  http://somehost/some/path/add.cgi/somefile.html


> -----Original Message-----
> From: exim-users-admin@??? [mailto:exim-users-admin@exim.org] On Behalf
> Of Paul
> Sent: Tuesday, January 06, 2004 9:45 PM
> To: Marc Perkel; exim-users@???
> Subject: Re: [Exim] Sed Regex help
>
> Hi Marc,
>
> tail -f logfile | grep webpage | gawk ` { print $1 } ` | xargs blockip
>
> $1 can be changed to what ever argument u want from the incoming pipe
>
> xargs will pass any command line fed arguments as arguments to the new
> command
>
> ----- Original Message -----
> From: "Marc Perkel" <marc@???>
> To: <exim-users@???>
> Sent: Wednesday, January 07, 2004 1:31 PM
> Subject: [Exim] Sed Regex help
>
>
> > I'm a little slow that this so I can use the help of someone smarter
> > than me.
> >
> > I'm needing to write a script so that if someone hits a specific web
> > page - it locks out their IP address. I have part of it written. So this
> > should be simple. The IP address is the first field in the lines that
> > I'm looking at.
> >
> > So I'm going to run:
> >
> > tail -f logfile|grep webpage| something | blockip <the ip address>
> >
> > So - the "something" has to cut out the IP address for the lines coming
> > through and run blockip with the ip adress as the parameter.
> >
> > I have a hacker problem and I think I can trap him with this.
> >
> > So - thanks in advance for your help.
> >
> >
> >
> >
> > --
> >
> > ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
> details at http://www.exim.org/ ##
> >
> >
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
> details at http://www.exim.org/ ##
>
> ---
> [This E-mail scanned for viruses]
>
>
>
> ---
> [This E-mail scanned for viruses]
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>

--
Lab tests show that use of micro$oft causes cancer in lab animals