Tech Tip
The Linux Journal web site, like others, is getting a lot of traffic from the Windows worm du jour. Here's the cron job our sysadmin team is using to block them from our Apache-based site.
#!/bin/sh
#
# Block sites which originate Nimba queries from Apache server
# Apache must be configured with HostnameLookups Off
LOGS=/var/log/httpd
cd $LOGS
grep '^[0-9]*.[0-9]*.[0-9]*.[0-9]* ' * 2>/dev/null |
awk '/system32/cmd.exe/ {sub(/[^:]*:/,"");print $1}' |
sort -u |
while read host
do
if ! fgrep $host /var/tmp/blocked >/dev/null
then
echo $host >>/var/tmp/blocked
/sbin/ipchains -I input -s $host -j DENY -l
fi
done