• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Stop Forum Spam - Attack

Adam Howard

Well-known member
#7
Anyone with a VPS or Dedicate Server could use this

Command: crontab -e

0 12 * * * /home/spam.sh >/dev/null 2>&1

PHP:
#!/bin/bash
 
IPT=”/sbin/iptables”
 
FILE=”/tmp/drop.lasso”
 
URL=”http://www.spamhaus.org/drop/drop.lasso”
 
echo “”
 
echo -n “Deleting DROP list from existing firewall…”
 
#This will delete all dropped ips from firewall
 
ipdel=$(cat $FILE  | egrep -v ‘^;’ | awk ‘{ print $1}’)
 
for ipblock in $ipdel
 
do
 
$IPT -D spamhaus-droplist -s $ipblock -j DROP
 
$IPT -D droplist -s $ipblock -j LOG –log-prefix “DROP Spamhaus List”
 
done
 
echo -n “Applying DROP list to existing firewall…”
 
#This will drop all ips from spamhaus list.
 
[ -f $FILE ] && /bin/rm -f $FILE || :
 
cd /tmp
 
wget $URL
 
blocks=$(cat $FILE  | egrep -v ‘^;’ | awk ‘{ print $1}’)
 
$IPT -N spamhaus-droplist
 
for ipblock in $blocks
 
do
 
$IPT -A droplist -s $ipblock -j LOG –log-prefix “DROP Spamhaus List”
 
$IPT -A droplist -s $ipblock -j DROP
 
done
 
$IPT -I INPUT -j droplist
 
$IPT -I OUTPUT -j droplist
 
$IPT -I FORWARD -j droplist
 
echo “…Done”
Now if I could figure out how to change this into an add-on for XenForo .... That would be cool. I've been playing with it, but I seem to have hit a wall.
 
#9
There wasn't a DoS or anything like that. PHP started to play up in that it was rejecting connections on the unix socket from the webserver. Once PHP restarted, mysql started to load way too much due to an issue with innodb is its lack of support for count(1), my mistake really. Once mysql restarted, the site was slow due to the caches being cold but once they warmed up, everything started working just fine. I've got new code coming that will remove a lot of these issues.