{"id":334,"date":"2014-01-08T00:01:58","date_gmt":"2014-01-07T23:01:58","guid":{"rendered":"http:\/\/www.timokorthals.de\/?p=334"},"modified":"2016-12-28T00:14:05","modified_gmt":"2016-12-27T23:14:05","slug":"blocking-bad-ips-using-badips-com-api","status":"publish","type":"post","link":"https:\/\/www.timokorthals.de\/?p=334","title":{"rendered":"Blocking bad IPs using badips.com API"},"content":{"rendered":"

Regarding this post http:\/\/www.badips.com\/blog\/scores-are-here<\/a> now the API for scores work. Now it is possible to use it for e.g. enhance your iptables<\/em>\u00a0to block all the bad IPs which have been reported to http:\/\/www.badips.com\/<\/a>.
\nAfterwards you’ll find two \u00a0scripts which are able to use the API and block the reported IPs. The first one is able to use the hosts.deny<\/em> file. The second one defines rules in iptables<\/em>. Another way could be the use of ipset<\/em>, but for now you can choose between these two ways.<\/p>\n

Script for hosts.deny<\/em>:<\/strong><\/p>\n

#!\/bin\/bash\r\n# Script for blocking IPs which have been reported to www.badips.com\r\n# Usage: Just execute with root privileges\r\n# ---------------------------\r\n\r\n_file=\/etc\/hosts.deny  # Location of the hosts.deny files (might be correct)\r\n_input=badips.db       # Name of database (will be downloaded with this name)\r\n_level=5               # Blog level: not so bad\/false report (0) over confirmed bad (3) to qui$\r\n_service=ssh           # Logged service (see www.badips.com for that)\r\n_tmp=tmp               # Name of temporary file\r\n\r\n# Get the bad IPs\r\nwget -qO- http:\/\/www.badips.com\/get\/list\/${_service}\/$_level > $_input || { echo \"$0: Unable to download ip list.\"; exit 1; }\r\n\r\n# Define some start and end quotes for detecting the IPs defined by this script\r\n_start=\"# ##### start block list -- DO NOT EDIT #####\"\r\n_end=\"# ##### end block list #####\"\r\n\r\n# Delete the old entries\r\n_line_start=`grep -x -n \"$_start\" $_file | cut -f1 -d:`\r\n_line_end=`grep -x -n \"$_end\" $_file | cut -f1 -d:`\r\n_lines=`wc -l < $_file`\r\n\r\n# Chop the old block if it exists\r\nif [[ \"$_line_start\" != \" \" ]]\r\nthen\r\n    head -n`expr $_line_start - 1` $_file > $_tmp\r\n    tail -n`expr $_lines - $_line_end` $_file >> $_tmp\r\nelse\r\n    cp $_file $_tmp\r\nfi\r\n\r\n# Add the new entries\r\necho $_start >> $_tmp\r\ncat $_input | sed \"s\/^\/ALL\\:\\ \/g\" >> $_tmp\r\necho $_end >> $_tmp\r\n\r\n# Replace and cleanup the old file\r\nmv $_tmp $_file\r\nrm $_input\r\n\r\nexit 0<\/pre>\n
Script for iptables<\/em>:<\/strong><\/p>\n
#!\/bin\/bash\r\n# Script for blocking IPs which have been reported to www.badips.com\r\n# Usage: Just execute by e.g. cron every day\r\n# ---------------------------\r\n\r\n_ipt=\/sbin\/iptables    # Location of iptables (might be correct)\r\n_input=badips.db       # Name of database (will be downloaded with this name)\r\n_pub_if=eth0           # Device which is connected to the internet (ex. $ifconfig for that)\r\n_droplist=droplist     # Name of chain in iptables (Only change this if you have already a chain with this name)\r\n_level=5               # Blog level: not so bad\/false report (0) over confirmed bad (3) to quite aggressive (5) (see www.badips.com for that)\r\n_service=ssh           # Logged service (see www.badips.com for that)\r\n\r\n# Get the bad IPs\r\nwget -qO- http:\/\/www.badips.com\/get\/list\/${_service}\/$_level > $_input || { echo \"$0: Unable to download ip list.\"; exit 1; }\r\n\r\n### Setup our black list ###\r\n# First flush it\r\n$_ipt --flush $_droplist\r\n# Create a new chain\r\n$_ipt -N $_droplist\r\n\r\n# Filter out comments and blank lines\r\n# store each ip in $ip\r\nfor ip in `cat $_input`\r\ndo\r\n    # Append everything to $_droplist\r\n    $_ipt -A $_droplist -i ${_pub_if} -s $ip -j LOG --log-prefix \"Drop Bad IP List\"\r\n    $_ipt -A $_droplist -i ${_pub_if} -s $ip -j DROP\r\ndone\r\n\r\n# Finally, insert or append our black list\r\n$_ipt -I INPUT -j $_droplist\r\n$_ipt -I OUTPUT -j $_droplist\r\n$_ipt -I FORWARD -j $_droplist\r\n\r\nexit 0<\/pre>\n","protected":false},"excerpt":{"rendered":"
Regarding this post http:\/\/www.badips.com\/blog\/scores-are-here now the API for scores work. Now it is possible to use it for e.g. enhance your iptables\u00a0to block all the bad IPs which have been reported to http:\/\/www.badips.com\/. Afterwards you’ll find two \u00a0scripts which are able to use the API and block the reported IPs.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1,4],"tags":[],"_links":{"self":[{"href":"https:\/\/www.timokorthals.de\/index.php?rest_route=\/wp\/v2\/posts\/334"}],"collection":[{"href":"https:\/\/www.timokorthals.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.timokorthals.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.timokorthals.de\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.timokorthals.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=334"}],"version-history":[{"count":1,"href":"https:\/\/www.timokorthals.de\/index.php?rest_route=\/wp\/v2\/posts\/334\/revisions"}],"predecessor-version":[{"id":403,"href":"https:\/\/www.timokorthals.de\/index.php?rest_route=\/wp\/v2\/posts\/334\/revisions\/403"}],"wp:attachment":[{"href":"https:\/\/www.timokorthals.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=334"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.timokorthals.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=334"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.timokorthals.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=334"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}