Questions? Feedback? powered by Olark live chat software
Knowledgebase
Author Avatar

Blocking Countries & Exploited IPs

Written by: on 27 May 2016 07:18 PM 27 May 2016 07:18 PM

Learn to block a specific country known exploited IPs. Step by step tutorial will help you learn fast and apply.

If you want to block a specific country known exploited IPs you can do so quite easily by running the below script on a daily basis in a cron job.

1. First you need to SSH into your server

2. You need to install dos2unix

a. On Ubuntu/Debian type: apt-get install dos2unix

b. On CentOS/Fedora type: yum install dos2unix

3. Create a file and paste the below text into it, type: pico /root/blockips 

#!/bin/bash

# Blacklist's names & URLs arrays
bl_name=([0]='spyware')
bl_url=([0]='http://list.iblocklist.com/?list=bt_spyware&fileformat=p2p&archiveformat=gz')
bl_name=(${bl_name[*]} [1]='webexploit')
bl_url=(${bl_url[*]} [1]='http://list.iblocklist.com/?list=ghlzqtqxnzctvvajwwag&fileformat=p2p&archiveformat=gz')
bl_name=(${bl_name[*]} [2]='spider')
bl_url=(${bl_url[*]} [2]='http://list.iblocklist.com/?list=bt_spider&fileformat=p2p&archiveformat=gz')
bl_name=(${bl_name[*]} [3]='hijacked')
bl_url=(${bl_url[*]} [3]='http://list.iblocklist.com/?list=bt_hijacked&fileformat=p2p&archiveformat=gz')
bl_name=(${bl_name[*]} [4]='dshield')
bl_url=(${bl_url[*]} [4]='http://list.iblocklist.com/?list=bt_dshield&fileformat=p2p&archiveformat=gz')
bl_name=(${bl_name[*]} [5]='bogon')
bl_url=(${bl_url[*]} [5]='http://list.iblocklist.com/?list=bt_bogon&fileformat=p2p&archiveformat=gz')
bl_name=(${bl_name[*]} [6]='nigeria')
bl_url=(${bl_url[*]} [6]='http://list.iblocklist.com/?list=ng&fileformat=p2p&archiveformat=gz')

# For each blacklist set above
for i in {0..6}; do
# Download blacklist
wget --output-document=/tmp/blacklist_${bl_name[$i]}.gz -w 3 ${bl_url[$i]} -q

# Delete current iptables chain link
iptables -D INPUT -j ${bl_name[$i]}
# Flush current iptables chain
iptables -F ${bl_name[$i]}
# Delete current iptables chain
iptables -X ${bl_name[$i]}
# Create current iptables chain
iptables -N ${bl_name[$i]}
# Link current iptables chain to INPUT chain
iptables -A INPUT -j ${bl_name[$i]}

# Read blacklist
while read line; do
# Drop description, keep only IP range
ip_range=`echo -n $line | sed -e 's/.*:\(.*\)-\(.*\)/\1-\2/'`;
# Test if it's an IP range
if [[ $ip_range =~ ^[0-9].*$ ]]; then
# Add to the blacklist
iptables -A ${bl_name[$i]} -m iprange --src-range $ip_range -j DROP
fi
done < <(zcat /tmp/blacklist_${bl_name[$i]}.gz | iconv -f latin1 -t utf-8 - | dos2unix)
done

# Delete files
rm /tmp/blacklist*

exit 0

4. You can modify that file so that it blocks any countries you would like. To do that you would add a new bl_name and bl_url entry and increase the number (from 6 to 7 for example), then you need to change the "for i in {0..6}; do" line to read "for i in {0..7}; do". To get the URLs for country and other blacklists please visit https://www.iblocklist.com/lists.php select the free p2p file format in a gz archive and copy the update url.

5. Press Ctrl O to Save

6. Press Ctrl X to Quit

7. Type: chmod 755 /root/blockips

8. To make this update daily, type: crontab -e

9. If requested choose nano or pico as your editor

10. At the bottom of the file paste the following

0 5 * * 1 /root/blockips

11. Press Ctrl O to Save

12. Press Ctrl X to Quit

13. You can also run the script now by typing: /root/blockips

14. Once the script is complete you can view iptables entries by typing: iptables -L

* Note the first time you run it you may see the below errors. This is normal and can be safely ignored (it occurs when it tries to delete existing entries for each blacklist specified and none exist).

iptables v1.4.12: Couldn't load target `nigeria':No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.

(2 vote(s))
Helpful
Not helpful