Hello, I've noticed lately that my server is being loaded by many automated scanners and scrapers, I've got some nginx and opensmtpd filters in place which can reliably catch them, though I've also noticed that there are entire ASNs usually associated with them.
Currently, I am banning them manually more or less - once a day I check the logs, look for any suspect lines and then lookup the CIDRs and ban manually. I would like to automate this, though I'm somewhat stuck with how to implement the action (the filter is actually the easy part). All I've managed to come up with for now is this script: http://0x0.st/Pb4E.sh It takes an IP address and spits out the CIDRs of its ASN/the entire range associated with it - line by line. I hope someone can help me on how to integrate this into a custom ban action. -- Kind Regards, Wael Karram.
pgpy3ZyW8YzY4.pgp
Description: OpenPGP digital signature
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
