A shell script that grabs a number of spam block-lists such as Spamhaus DROP & EDROP Lists, DSheild, and Abuse.ch Free Hosts and Bad IPs and adds them to iptables to cut down on spam and other malicious activity.
- Secure public facing servers to common treats by blacklisting IP's known for absue
- Anti-DDOS to some level based on key threats
- Speed and Realibility using a number of sources to secure servers
Spamhaus DROP List: https://www.spamhaus.org/drop/drop.txt Spamhaus EDROP List: https://www.spamhaus.org/drop/edrop.txt Dsheild Block List: http://feeds.dshield.org/block.txt Abuse.ch Block List: https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist
Place the script somewhere on your server.
# Download the script curl -LO https://github.com/koconder/autosecure/raw/master/autosecure.sh ### make it executable chmod +x autosecure.sh ### set it loose sudo ./autosecure.sh ### confirm the rules have been added sudo iptables -L Autosecure -n
To run without output "quite mode", usefull for cronjobs you can use:
./autosecure.sh -q
In order for the list to automatically update each day, you'll need to setup a cron job with crontab.
# fire up the crontab (no sudo)
crontab -e
### run the script every day at 3am
0 3 * * * /{install location}/autosecure.sh -q
If you need to remove all the Autosecure rules, run the following:
sudo iptables -F Autosecure sudo iptables -F AutosecureAct
If you find something interesting or would like to contribute, please open issue and start disccussion. Feel free to fork and pull request. If this repo has helped you out feel free to donate via BTC/ETH or to the EFF
- BTC: 14v9knBDAmJAMxWovuLfy7YkLDyfq8phNb
- ETH: 0xe6fbd8de8157934767867022b7a8e8691d8df3dc
- EFF: (https://supporters.eff.org/donate/button)
This script is licenced under GNU GPL v3, please read LICENCE.md for more information.
Based on the initial work from @cowgill and Vivek Gite (nixCraft). The initial work has been since updated with a number of additional sources. All contributions and merges from:
David @cowgill Vincent Koc @koconder Volkan @volkan-k Anasxrt @Anasxrt ShamimIslam @ShamimIslam