Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Access_log parsing and blocking ip
Top Forums Shell Programming and Scripting Access_log parsing and blocking ip Post 302915385 by Chubler_XL on Tuesday 2nd of September 2014 04:43:23 PM
Old 09-02-2014
You can add as many patterns (in / / ) as you like they have || in-between. Also note that all / characters must be escaped with \

So to and "POST /wp-config.php and "POST /xmlrpc.com we add the text in red below:

Code:
awk '
  /"GET \/\// || /"GET \/\?/ || /"POST \/wp-config.php/ || /"POST \/xmlrpc.com/ {BL[$1]}
  END{for (ip in BL) print "csf --deny ip " ip }' access_log > ban_ips
if [ -s ban_ips ]
then
    chmod +x ban_ips
    ./ban_ips
fi

 

10 More Discussions You Might Find Interesting

1. Cybersecurity

/var/log/httpd/access_log

Yesterday I happened to check /var/log/httpd/access_log and found some funny things like these, 209.127.62.159 - - "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 210 209.127.62.159 - - "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 208 209.127.62.159 - - "GET /c/winnt/system32/cmd.exe?/c+dir... (3 Replies)
Discussion started by: eddie
3 Replies

2. UNIX for Dummies Questions & Answers

mail access_log

i am trying to figure a way to email my access_log twice a month to myself right before the system zeros it. using crontab is the way to go, but the command to get mail to do the job is my problem. #------------------------------------------- #0-59 0-23 1-31 1-12 0-6 (0=Sunday) #min hour... (3 Replies)
Discussion started by: dayglow
3 Replies

3. UNIX for Dummies Questions & Answers

Deleting access_log.processed in crontab

Hi, I've worked out that my server was getting clogged with the access_log.processed file. I deleted it using the command > /var/www/vhosts/domain.com/statistics/logs/access_log.processed I also set that up as a crontab job for every Wednesday. What I was wondering is the version using... (4 Replies)
Discussion started by: chickenhouse
4 Replies

4. Shell Programming and Scripting

Perl parsing compared to Ksh parsing

#! /usr/local/bin/perl -w $ip = "$ARGV"; $rw = "$ARGV"; $snmpg = "/usr/local/bin/snmpbulkget -v2c -Cn1 -Cn2 -Os -c $rw"; $snmpw = "/usr/local/bin/snmpwalk -Os -c $rw"; $syst=`$snmpg $ip system sysName sysObjectID`; sysDescr.0 = STRING: Cisco Internetwork Operating System Software... (1 Reply)
Discussion started by: popeye
1 Replies

5. Shell Programming and Scripting

Parsing of file for Report Generation (String parsing and splitting)

Hey guys, I have this file generated by me... i want to create some HTML output from it. The problem is that i am really confused about how do I go about reading the file. The file is in the following format: TID1 Name1 ATime=xx AResult=yyy AExpected=yyy BTime=xx BResult=yyy... (8 Replies)
Discussion started by: umar.shaikh
8 Replies

6. Solaris

how to grep or egrep pattern of apache access_log file

Hi I need to look for the range dates of access_log for example: between 02/May/2009:14:56:20 and 05/May/2009:18:46:06 then write the content to another file. Date and time is very important for me to concatenate them into access_log later. Thanks (2 Replies)
Discussion started by: lamoul
2 Replies

7. Web Development

Include CFTOKEN and CFID in apache access_log

hi folks, how to write CFID and CFTOKEN cookie in apache logs ? can you give me a link or howtos in doing this. thanks in advance (0 Replies)
Discussion started by: linuxgeek
0 Replies

8. UNIX for Advanced & Expert Users

ps blocking

Hi Folks I have been debugging a script that is called every thirty seconds. Basically it is doing a ps, well two actually, one to file (read by the getline below) and the other into a pipe. The one into the pipe is: - V_SYSVPS=/usr/sysv/bin/ps $V_SYSVPS -p$PIDLIST -o$PSARGS... (0 Replies)
Discussion started by: steadyonabix
0 Replies

9. Linux

Finding IP info from access_log file

I found the /var/www/logs/access_log file (access log in order to find specific information about IP, And when users last logged in.) but in my fedora the access_log file is is in my /var/log/cups and it looks different from what it should be. Why is that? my goal is to get a list of IP... (4 Replies)
Discussion started by: bugenhagen_
4 Replies

10. Programming

Which are blocking and non-blocking api's in sockets in C ?

among the below socket programming api's, please let me know which are blocking and non-blocking. socket accept bind listen write read close (2 Replies)
Discussion started by: VSSajjan
2 Replies

LEARN ABOUT DEBIAN

bbmessage.cgi

BBMESSAGE.CGI(8)					      System Manager's Manual						  BBMESSAGE.CGI(8)

NAME

       bbmessage.cgi - CGI utility used for proxying Xymon data over HTTP

SYNOPSIS

       bbmessage.cgi

DESCRIPTION

       bbmessage.cgi(8)  is the server-side utility receiving Xymon messages sent by the bb(1) utility over an HTTP transport. The bb utility nor-
       mally sends data over a dedicated TCP protocol, but it may use HTTP to go through proxies or through restrictive firewalls. In  that  case,
       the  webserver  must  have this CGI utility installed, which takes care of receiving the message via HTTP, and forwards it to a local Xymon
       server through the normal Xymon transport.

       The CGI expects to be invoked from an HTTP "POST" request, with the POST-data being the status-message.	bbmessage.cgi simply collects  all
       of  the	POST  data,  and  send	it  off  as a message to the Xymon daemon running on IP 127.0.0.1. This destination IP currently cannot be
       changed.

       The CGI will return any output provided by the Xymon daemon back to the requestor as the response to the HTTP POST, so this allows for  all
       normal Xymon commands to work.

SECURITY

       bbmesage.cgi will only send data to a Xymon server through the loopback interface, i.e. IP-address 127.0.0.1.

       Access  to  the	CGI  should  be  restricted through webserver access controls, since the CGI provides no authentication at all to validate
       incoming messages.

       If possible, consider using the bbproxy(8) utility instead for native proxying of Xymon data between networks.

SEE ALSO

       bb(1), bbproxy(8), xymon(7)

Xymon							    Version 4.2.3:  4 Feb 2009						  BBMESSAGE.CGI(8)
All times are GMT -4. The time now is 07:56 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy