Skip to main content

Stop DDOS. Shell script to find IPs with connections higher than 80 and block in firewall & Also send notification mails with the blocked IP(s).


#!/bin/bash

###################################################
# Script Name : StopDdosAttack
# Created By : Jino Joseph
# Created Date : 20-Mar-2013
# Last Modified : 21-Mar-2013
# Purpose : Finds the IPs with connections higher than 80 and block in firewall &
# Also send notification mails with the blocked IP(s).
###################################################

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr | head -5 | sed -e 's/^[ \t]*//' | sed -e 's/ /#/g' > result.txt
CSF=/usr/sbin/csf
FIREWALL=0
IPCOUNT=`cat result.txt | wc -l`
ITERATION=0 # Key to check if the loop is finished for restarting the firewall
for i in `cat result.txt`;
do
echo $i > temp.txt;
No=$(cat temp.txt | gawk -F '#' '{print $1}');
IP=$(cat temp.txt | gawk -F '#' '{print $2}');
Num=${No/\.*}
if [ $Num -gt 80 ] && [ $IP != '127.0.0.1' ]
then

$CSF -d $IP # Adding the ip in firewall rule.
FIREWALL=1 # This is a key to confirm that the firewall rule is added.
echo -e " $IP : $Num \n " >> /tmp/ips.txt
else
echo "Normal connections : $Num";
fi
ITERATION=`expr $ITERATION + 1`
# Check whether rule is added in the firewall && also check all the ips are checked for exceeding threshold.
if [ $FIREWALL == 1 ] && [ $ITERATION == $IPCOUNT ]
then
$CSF -r # Restart Firewall
echo "Restart Firewall & Sending Mail";

#######################
# Mail Sending Section
#######################

# email subject
SUBJECT="IPs are Blocked in Server!!"
# Email To ?
EMAIL="example@example.com"
# Email text/message
BLOCKEDIPS="`cat /tmp/ips.txt`"
EMAILMESSAGE="/tmp/emailmessage.txt"
echo "Hi Team, " > $EMAILMESSAGE
echo " " >> $EMAILMESSAGE
echo " " >> $EMAILMESSAGE
echo -e "The Blocked IPs are \n \n$BLOCKEDIPS">> $EMAILMESSAGE
echo -e "\n This is a notification. Please close it." >>$EMAILMESSAGE
echo " " >> $EMAILMESSAGE
echo " " >> $EMAILMESSAGE
echo "Regards," >> $EMAILMESSAGE
echo "System Admin" >> $EMAILMESSAGE
# send an email using /bin/mail
/bin/mail -s "$SUBJECT" "$EMAIL" < $EMAILMESSAGE
cat /dev/null > /tmp/ips.txt

## End of Mail###
fi
done



If you want to send the mail with smtp auth , use the below command:

echo $EMAILMESSAGE | mailx -s "DDOS Attack IP Blocked" -S smtp=smtp://xyz.net:587 -S smtp-auth=login -S smtp-auth-user=alerts@xyz.net -S smtp-auth-password=9879ljouhkh888 -S from="DDOS Attack IP Blocked " admin@xyz.net
Here we are using the smtp login details of the email id alerts@xyz.net.

Comments

Post a Comment

Popular posts from this blog

Password reset too simplistic/systematic issue

Some time when we try to reset the password of our user in linux it will show as simple and systematic as below: BAD PASSWORD: it is too simplistic/systematic no matter how hard password you give it will show the same. Solution: ######### Check if your password is Ok with the below command, jino@ndz~$ echo 'D7y8HK#56r89lj&8*&^%&^%#56rlKJ!789l' | cracklib-check D7y8HK#56r89lj&8*&^%&^%#56rlKJ!789l: it is too simplistic/systematic Now Create a password with the below command : jino@ndz~$ echo $(tr -dc '[:graph:]' 7\xi%!W[y*S}g-H7W~gbEB4cv,9:E:K; You can see that this password will be ok with the cracklib-check. jino@ndz~$ echo '7\xi%!W[y*S}g-H7W~gbEB4cv,9:E:K;' | cracklib-check                 7\xi%!W[y*S}g-H7W~gbEB4cv,9:E:K;: OK Thats all, Thanks.
Post a Comment
Read more

Setting /etc/hosts entries during the initial deployment of an Application using k8s yaml file

Some times we have to enter specific hosts file entries to the container running inside the POD of a kubernetes deployment during the initial deployment stage itself. If these entries are not in place, the application env variables mentioned in the yaml file , as hostnames , will not resolve to the IP address and the application will not start properly. So to make sure the /etc/hosts file entries are already there after the spin up of the POD you can add the below entries in your yaml file. cat > api-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: spec:   template:     metadata:     spec:       volumes:       containers:       - image: registryserver.jinojoseph.com:5000/jinojosephimage:v1.13         lifecycle:           postStart:             exec:               command:...
Post a Comment
Read more

Running K8s cluster service kubelet with Swap Memory Enabled

For enabling swap memory check the below link : https://jinojoseph.blogspot.com/2019/10/enable-swap-memory-using-swapfile-in.html # sudo vi /etc/systemd/system/kubelet.service.d/10-kubeadm.conf Add the KUBELET_EXTRA_ARGS line as below: ---------------------------------------- Environment="KUBELET_EXTRA_ARGS=--fail-swap-on=false" ExecStart= ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS Now kubelet.service changed on disk. Run 'systemctl daemon-reload' to reload units # sudo systemctl daemon-reload # sudo systemctl restart kubelet # sudo systemctl status kubelet That is all cheers :p
Post a Comment
Read more