diff options
| author | Kaz Kylheku <kaz@kylheku.com> | 2013-11-29 21:38:31 -0800 |
|---|---|---|
| committer | Kaz Kylheku <kaz@kylheku.com> | 2013-11-29 21:38:31 -0800 |
| commit | 37599023787d2a6d793c6b73ccaa35c5269e27d2 (patch) | |
| tree | 20bd75731a053c14a1a4a60c72ccfaaaa7c3038e | |
| download | txrban-37599023787d2a6d793c6b73ccaa35c5269e27d2.tar.gz txrban-37599023787d2a6d793c6b73ccaa35c5269e27d2.tar.bz2 txrban-37599023787d2a6d793c6b73ccaa35c5269e27d2.zip | |
Tracking this stuff.
| -rw-r--r-- | apache.txr | 21 | ||||
| -rw-r--r-- | sample-config.txr | 2 | ||||
| -rw-r--r-- | txrban.txr | 47 |
3 files changed, 70 insertions, 0 deletions
diff --git a/apache.txr b/apache.txr new file mode 100644 index 0000000..12d6a9f --- /dev/null +++ b/apache.txr @@ -0,0 +1,21 @@ +@(load "txrban") +@(next @(open-tail "/var/log/apache2/www.kylheku.com.log" "r" nil)) +@#(next "/var/log/apache2/www.kylheku.com.log") +@(repeat) +@ (block badguys) +@ (all) +@ip - - [@(n day)/@month/@(n year):@(n hour):@(n min):@(n sec) @nil] "@method @uri @proto/@ver" @err @bytes "@ref" "@agent" +@ (and) +@ (cases) +@ (require (search-regex agent #/Googlebot|bingbot|baidu/)) +@ (fail badguys) +@ (or) +@ (require (search-regex agent #/[Bb][Oo][Tt]|[Ss]pider|[Cc]rawler|[Yy]andex/)) +@ (end) +@ (end) +@ (do + (let ((time (make-time year (month-num month) day hour min sec :auto))) + (ban ip time 86400) + (expire time))) +@ (end) +@(end) diff --git a/sample-config.txr b/sample-config.txr new file mode 100644 index 0000000..73b05a5 --- /dev/null +++ b/sample-config.txr @@ -0,0 +1,2 @@ +@(do + (defvar *iface* "eth0")) diff --git a/txrban.txr b/txrban.txr new file mode 100644 index 0000000..89a070f --- /dev/null +++ b/txrban.txr @@ -0,0 +1,47 @@ +@(load "config") +@(do + (defvar *banned* (hash :equal-based)) + + (defvar *off* "") ;; set this to "#" to comment out commands + + (defun debug (arg . args) + [apply format '(t ,arg ,*args)]) + + (defun hrtime (time) + (cond + ((< time 60) + (format nil "~ss" time)) + ((< time 3600) + (format nil "~s.~sm" (trunc time 60) + (trunc (* (mod time 60) 10) 60))) + ((< time 86400) + (format nil "~s.~sh" + (trunc time 3600) + (trunc (* (mod time 3600) 10) 3600))) + (t + (format nil "~s.~sd" + (trunc time 86400) + (trunc (* (mod time 86400) 10) 86400))))) + + (defun ban (ip time howlong) + (if (not [*banned* ip]) + (let ((pipe (open-command `@{*off*}iptables -I INPUT 1 -s @ip -i @{*iface*} -j DROP` "r"))) + (close-stream pipe) + (debug "banned ~a for ~a starting on ~a\n" ip + (hrtime howlong) (time-string-local time "%c")) + (set [*banned* ip] '(,(+ time howlong) ,*time))))) + + (defun expire (now-time) + (dohash (ip timeinfo *banned*) + (if (<= (car timeinfo) now-time) + (let ((pipe (open-command `@{*off*}iptables -D INPUT -s @ip -i @{*iface*} -j DROP` "r"))) + (close-stream pipe) + (debug "unbanned ~a\n" ip) + (del [*banned* ip]))))) + + (defun month-num (month) + (cdr (assoc (downcase-str month) + '(("jan" . 1) ("feb" . 2) ("mar" . 3) ("apr" . 4) + ("may" . 5) ("jun" . 6) ("jul" . 7) ("aug" . 8) + ("sep" . 9) ("oct" . 10) ("nov" . 11) ("dec" . 12)))))) +@(define n (a))@(local n)@{n /\d+/}@(bind a @(int-str n))@(end) |