Code: Select all
#!/usr/bin/perl
my $cftoken = 'YOURTOKEN';
my $cfuser = 'YOUREMAIL';
my $linesinloglast = `wc -l < /var/log/httpd/access_log`; # USE YOUR APACHE LOG LOCATION
while(1){
my $newlines = 0;
$linesinlog = `wc -l < /var/log/httpd/access_log`; # USE YOUR APACHE LOG LOCATION
if($linesinloglast < $linesinlog){
$newlines = $linesinlog - $linesinloglast;
} elsif ($linesinloglast > $linesinlog){
$newlines = $linesinlog;
}
my $logfile = `tail -n $newlines /var/log/httpd/access_log`;
my @ips = $logfile =~ /^(\S+)/gm;
my %dedupehash = map { $_ => 1 } @ips;
@ips = keys %dedupehash;
my $ipcount = scalar(@ips);
my $totalbanned = 0;
foreach my $ip (@ips){
my $whois = `timeout 5 whois $ip`;
$whois = lc($whois);
my $blockflag = 0;
if (index($whois, 'highwinds') != -1) { $blockflag = 1; print "\nHIGHWINDS\n";}
if (index($whois, 'strongvpn') != -1) { $blockflag = 1; print "\nSTRONGVPH\n";}
if (index($whois, 'stackpath') != -1) { $blockflag = 1; print "\nSTACKPATH\n";}
if (index($whois, 'ipvanish') != -1) { $blockflag = 1; print "\nIPVANISH \n"; }
if (index($whois, 'strongtechnology') != -1) { $blockflag = 1; print "\nSTRONGTECHNOLOGY\n"; }
if (index($whois, 'strong technology') != -1) { $blockflag = 1; print "\nSTRONGTECHNOLOGY\n"; }
if (index($whois, 'm247') != -1) { $blockflag = 1; print "\nM247\n"; }
if (index($whois, 'bandcon') != -1) { $blockflag = 1; print "\BANDCON\n"; }
if (index($whois, 'netprotect') != -1) { $blockflag = 1; print "\nNETPROTECT\n"; }
if ( $blockflag == 1) {
print "IP: $ip\n";
my $cfaction = "curl -s -o /dev/null -X POST -H 'X-Auth-Email: $cfuser' -H 'X-Auth-Key: $cftoken' -H 'Content-Type: application/json' -d '{ \"mode\": \"block\", \"configuration\": { \"target\": \"ip\", \"value\": \"$ip\" } }' https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules";
#print $cfaction."\n\n";
system($cfaction);
} else {
}
}
$linesinloglast = $linesinlog;
#sleep 1;
select(undef, undef, undef, 0.05);
}