Tuesday, August 24, 2010

ERC with CSF Firewall

ERC with CSF Firewall

Source of csf.php

Note: BlogSpot don't let me use ">>" in code, so I had to remove the PHP tags from the source code, please add them by yourself, thanks !
while(1) {

 $today = getdate();
 $denied = 'Denied-'.$today["mday"].'-'.$today["mon"].'-'.$today["year"];

 if(file_exists('/var/www/csf/bad.csf')){

  $list = file('/var/www/csf/bad.csf', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
  
  for($i = 0; $i < count($list); $i++ ) {
   system('csf -d '.$list[$i]);
   system('echo '.$list[$i].' >> /var/www/csf/'.$denied);
   unlink($path.'locked-'.$list[$i]);
  }

 unlink('/var/www/csf/bad.csf');

 }
 
 sleep(10);
}


Source of erc.php
 $clps) {
  if($list[$last - $clps] != $list[$last]) $ban = 0;
 } else $ban = 0;

 if($ban) {
  $in = $_SERVER['REMOTE_ADDR']."\n";
  $lock = fopen($path.'bad.csf','a');
  fwrite($lock, $in);
  fclose($lock);
  
  $lock = fopen($path.'locked-'.$_SERVER['REMOTE_ADDR'],'a');
  fclose($lock);
  
  unlink($path.'erc-'.$_SERVER['REMOTE_ADDR'].'.log');
 }

 if($last > 5) unlink($path.'erc-'.$_SERVER['REMOTE_ADDR'].'.log');
 $ban = 1;
}

* Deploy instruction:
- make /var/www/csf directory
- put erc.php and csf.php in to /var/www/csf/
- edit the php.ini:
auto_prepend_file = /var/www/erc.php
Then restart the webserver
# service httpd restart

And now run the csf.php in the command line with root:
# php -n /var/www/csf/csf.php &

Now just view the Denied-xxx log to know who has been blocked by CSF in day :D

No comments:

Post a Comment