My Experiments for Truth.

#!/bin/bash ################################################### # Script Name : StopDdosAttack # Created By : Jino Joseph # Created Date : 20-Mar-2013 # Last Modified : 21-Mar-2013 # Purpose : Finds the IPs with connections higher than 80 and block in firewall & # Also send notification mails with the blocked IP(s). ################################################### netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr | head -5 | sed -e 's/^[ \t]*//' | sed -e 's/ /#/g' > result.txt CSF=/usr/sbin/csf FIREWALL=0 IPCOUNT=`cat result.txt | wc -l` ITERATION=0 # Key to check if the loop is finished for restarting the firewall for i in `cat result.txt`; do echo $i > temp.txt; No=$(cat temp.txt | gawk -F '#' '{print $1}'); IP=$(cat temp.txt | gawk -F '#' '{print $2}'); Num=${No/\.*} if [ $Num -gt 80 ] && [ $IP != '127.0.0.1' ] then $CSF

First install expect in your local machine. For ubuntu : apt-get install expect. For Centos : yum install expect. Create a file sshlogin chmod +x sshlogin #!/usr/bin/expect set timeout 10 log_user 0 spawn ssh -p 1707 sshadmin@ipaddress expect "*?assword:*" send -- "sshadminPassword\r" expect "*sshadmin@*" send "su -\n" expect "*?assword:*" send -- "rootPassword\r" send "uptime\n" interact 1. Where 1707 is the ssh port, 2. ipaddress is the IP address of your server to which you need to login. 3. Replace "sshadminPassword" with your sshadmin password. 4. Replace "rootPassword" with your root password. 5. uptime is the command to execute after login to the server. You can give any command here. You can also try ( MTputty ) in Windows machine for this purpose. After installing the Mtputty Go to Server Menu >> Add Server >> Script Tab Enter the