StopForumSpam.com -> iptables
Posted: 20 Mar 2014, 05:37
In a recent post here viking60 mentioned SFS and I decided to go have a look at it. I found this post in their forums which shows how to automagically download their list and block spammers using .htaccess files, but as someone points out in the thread, .htaccess is a slow and resource intensive way to do that. Not too long ago I started playing with ipset (and iptables) to block large lists of IP's and ranges - and thought that it might work well for SFS too. Here's what I came up with...
Start with the dependencies:
Then add this to your existing iptables firewall script:
Then a script that updates the ipset:
The script can just be cron'ed daily to keep it reasonably updated... hopefully someone will find that helpful. :-)
NOTE: I selected a number of IP's from the list and whois'ed them to see what I would find. Some of them were hosting providers (infected webapps and plugins no doubt) so I would suggest not blocking them from legitimate services that may be running in a hosted environment (like SMTP for example).
S.
Start with the dependencies:
Code: Select all
apt-get install zip unzip ipset
Then add this to your existing iptables firewall script:
Code: Select all
ipset create sfs_block hash:net
iptables -I FORWARD -p tcp --dport 80:443 -m set --match-set sfs_block src -j DROP
Then a script that updates the ipset:
Code: Select all
ipset destroy tempset
ipset create tempset hash:net
cd /tmp
wget -N http://www.stopforumspam.com/downloads/listed_ip_7.zip
unzip listed_ip_7.zip
sed 's:^:add tempset :' listed_ip_7.txt > listed_ip_7_importfile.txt
ipset restore < listed_ip_7_importfile.txt
rm listed_ip_7_importfile.txt
ipset swap tempset sfs_block
The script can just be cron'ed daily to keep it reasonably updated... hopefully someone will find that helpful. :-)
NOTE: I selected a number of IP's from the list and whois'ed them to see what I would find. Some of them were hosting providers (infected webapps and plugins no doubt) so I would suggest not blocking them from legitimate services that may be running in a hosted environment (like SMTP for example).
S.