Automatically blocking spam bots
I installed a forum on my website, but there was no way to force manage the addition of new users. I then got busy and ignored it till my amazon EC2 bill came in and it was 10x normal. Seems that the site was being inundated with spam of some sort (not sure the nature of it, I took it down before spending too much time on it). However, after a couple weeks, the traffic did not stop and I got sick of it. So I threw together a quick script to pull the IP address from anyone trying to look at the (now removed) forum and add it to my list of blocked IP addresses. It seems fairly useful so I thought I would share..
use strict;
use File::Tail;my %ips = ();
my $ref = tie *FH,"File::Tail",(name=>”<YOUR APACHE LOG FILE>");
while (<FH>) {
if (m/<URL TO LOOK FOR>/) {
my @list = split(‘ ‘, $_);
my $ip = $list[0];
if ($ips{$ip} != 1) {
$ips{$ip} = 1;
print "iptables -I INPUT -s $ip -j DROP\n";
system("iptables -I INPUT -s $ip -j DROP");
}
}
}
You’ll need to install File::Tail and Time::HiRes to get it to work.