I can’t stop playing this remix, here’s the file page at mybloop.com
May 2008
CD3 The Future – Chilled – Afterhours Ibiza GU (Global Underground)
CD2 Electronic – Afterhours Ibiza GU (Global Underground)
Script to automatically detect and ban malicious IPs that try to brute force SSH accounts
We’ve noticed that most of our servers have been under heavy attack from random IP addresses to break via SSH.
With the help of the last post on how to ban an IP, and the following python script, you’ll be able to have a cronjob that runs once or twice a day and automagically bans all the offending ips from ever trying to brute force their way in ever again.
touch and make executable a file called “detect_ssh_hostiles”
touch detect_ssh_hostiles chmod +x detect_ssh_hostiles
Then copy the following code inside:
# Usage: # python detect_ssh_hostiles [auth.log file path] # # Requirement: There should be "ban_ip" and "unban_ip" command availability on the path # # Note: you gotta have read permissions on the auth.log file and sudo # permissions for the script to ban the ips. #If an IP meets this number of failed login attemmpts it will be banned BAN_THRESHOLD = 7 SUSPECTS = {} #Put here IP addresses you trust, could be making genuine login errors SAFE_IPS = ['81.73.111.49','101.73.111.160','72.31.171.235','72.36.23.234','82.36.180.210','202.132.82.16'] import os import sys import re BANNED = {} def loadBanned(): ''' This function will load all the banned IPS into the BANNED Dict. It will also count how many times (by mistake) the same IP has been banned, and it will unban it, so that it will appear only once. ''' global BANNED command = 'sudo iptables --list --numeric' try: p = os.popen(command,'rb') except Exception,e: print e sys.exit(1) line = '-' while line != '': line = p.readline().strip() if line.startswith("DROP"): parts = line.split() ip = parts[3] #add hit or register banned ip if BANNED.has_key(ip): BANNED[ip]+=1 else: BANNED[ip]=1 #Make sure banned IPs are banned only once for ip in BANNED: if BANNED[ip] > 1: print "IP %s has been banned %d times" % (ip, BANNED[ip]) n=BANNED[ip]-1 while n > 0: os.system("unban_ip %s" % ip) print ("unban_ip %s" % ip) n=n-1 p.close() # ---- here we go ---- loadBanned() #read auth log logfile = '/var/log/auth.log' if len(sys.argv)==2: logfile = sys.argv[1] command = 'grep "Failed password for " %s' % logfile #print command try: p = os.popen(command,'rb') except Exception,e: print e sys.exit(1) line = "123" while line != '': line = p.readline() #Sample line: # May 25 03:29:49 main sshd[6933]: Failed password for root from 202.118.236.132 port 54863 ssh2 pattern = "(.*)(froms)(d+.d+.d+.d+)(.*)" matchObject = re.match(pattern, line) suspect = None if matchObject is not None: suspect = matchObject.groups()[2] #skip safe IPs if suspect in SAFE_IPS: continue if SUSPECTS.has_key(suspect): #add a hit SUSPECTS[suspect] += 1 else: #add first hit SUSPECTS[suspect] = 1 p.close() #close the pipe print "=="*30 import time t = time.localtime() #(2008, 6, 6, 9, 35, 21, 4, 158, 1) timestr = "%d-%d-%d@%d:%d:%d" % (t[0],t[1],t[2],t[3],t[4],t[5]) print timestr print "--"*30 if len(SUSPECTS) > 0: for suspect in SUSPECTS: if SUSPECTS[suspect] >= BAN_THRESHOLD and not BANNED.has_key(suspect): print "Banning %s with %d attempts" % (suspect,SUSPECTS[suspect]) BANNED[suspect]=1 os.system("ban_ip %s" % suspect) elif BANNED.has_key(suspect): print "Ip %s has already been banned" % (suspect) else: print "Suspect candidate? %s with %d attempts" % (suspect,SUSPECTS[suspect]) else: print "Found no suspects to ban" print "=="*30
Then add this as a cronjob of your root user, and it will automatically ban all those IPs that have tried to break in. See the script for configuration. You can always make some IPs immune to banning by adding them on the SAFE_IPS list.
How to ban/unban ips in linux
In case you’re not an iptables guru, you might want to create a couple scripts and put em somewhere on your $PATH. I’ve created two scripts called ban_ip and unban_ip.
Create a file called ban_ip
touch ban_ip chmod +x ban_ip
Edit it and copy the following code inside:
#!/bin/bash sudo iptables -A INPUT -s $1 -j DROP echo IP Address $1 has been banned echo
To ban an IP, you must invoke
ban_ip <someIpAddressHere>
e.g.
ban_ip 211.32.44.111
And the IP will be banned.
Do the same now for the unban_ip script
touch unban_ip chmod +x unban_ip
Open your fav. text editor and copy the following code inside:
#!/bin/bash iptables -D INPUT -s $1 -j DROP echo Unbanned ip $1 echo
Save it, and use it.
To unban an IP, you must invoke
unban_ip <someIpAddressHere>
e.g.
unban_ip 211.32.44.111
Requirements
Have sudo access, have iptables installed.
CD1 Eclectic – Afterhours Ibiza GU (Global Underground).blp
Google Maps tests Public Transit Directions
Hawaii seems to be a lucky place where Google has already released the “Public Transit Directions” feature for their Google Maps service. We wonder when they will release this for New York City.
From Russia With Hate, Racism takes over Russia
How much RAM can your 64-bit CPU address?
Your old 32-bit CPU, could address up to 2^32 memory addresses, that’s 4294967296 different memory addresses, better said, “only” 4GB, something that 15 to 20 years ago was 1000 larger than any memory created at the time.
Now we have 64-bit CPUs, that means they can address up to 2^64, that’s 18446744073709551616 different memory addresses, better said, 16.8 million terabytes which is the same as 16 exabytes, which as of now (May 2008), represents way more than the total RAM ever created for all computers summed together.
Let’s see if in 20 years, 16 exabytes will be enough, I personally don’t think so, it never is, we always laugh at the tech limitations of the past, in no time we’ll end up with 128-bit processors and I’ll leave you the homework to find out how much memory those CPUs will be able to address.
Blooploader 0.7 available
Mostly a bug fix release, no new functionality has been added, we’re aiming for decent stability before going after new features.
What is the Blooploader?
A cross platform desktop application to Upload an unlimited number of files from your computer to your MyBloop.com account with simple drag and drop.