Great script: automatic generate spamers IP adress list.
Posted: Mon Feb 17, 2014 9:29 pm
I found this great work at http://joshaven.com/mikrotik-auto-updated-begones-list/, script is scheduled to download great list of subnets & attacker IP’s to drop traffic from.
Tnx. Joshaven!
Tnx. Joshaven!
The implementation is simple… paste the following code into the terminal of any MikroTik and your router will grab the newest copy of my script file and run it regular basis.
The following will not block anything, it only adds IP’s to your address list. You will still have to create a firewall rule which will match src-address-list=Begone and drop the traffic in your input and or forward chains.
OpenBL
# Script which will download the drop list as a text file
/system script add name="Download_openbl" source={
/tool fetch url="http://joshaven.com/openbl.rsc" mode=http;
:log info "Downloaded openbl.rsc from Joshaven.com";
}
# Script which will Remove old Begone list and add new one
/system script add name="Replace_openbl" source={
:foreach i in=[/ip firewall address-list find ] do={
:if ( [/ip firewall address-list get $i comment] = "OpenBL" ) do={
/ip firewall address-list remove $i
}
}
/import file-name=openbl.rsc;
:log info "Removal old openbl and add new";
}
# Schedule the download and application of the openbl list
/system scheduler add comment="Download openbl list" interval=7d name="DownloadBegoneList" on-event=Download_openbl start-date=jan/01/1970 start-time=01:05:00
/system scheduler add comment="Apply openbl List" interval=7d name="InstallBegoneList" on-event=Replace_openbl start-date=jan/01/1970 start-time=01:15:00
SpamHaus
# Script which will download the drop list as a text file
/system script add name="Download_spamhaus" source={
/tool fetch url="http://joshaven.com/spamhaus.rsc" mode=http;
:log info "Downloaded spamhaus.rsc from Joshaven.com";
}
# Script which will Remove old Begone list and add new one
/system script add name="Replace_spamhaus" source={
:foreach i in=[/ip firewall address-list find ] do={
:if ( [/ip firewall address-list get $i comment] = "SpamHaus" ) do={
/ip firewall address-list remove $i
}
}
/import file-name=spamhaus.rsc;
:log info "Removal old openbl and add new";
}
# Schedule the download and application of the spamhaus list
/system scheduler add comment="Download spamnaus list" interval=7d name="DownloadSpamhausList" on-event=Download_spamhaus start-date=jan/01/1970 start-time=02:02:00
/system scheduler add comment="Apply spamnaus List" interval=7d name="InstallSpamhausList" on-event=Replace_spamhaus start-date=jan/01/1970 start-time=02:12:00
Notes:
* I do not often use the dshield list often so I didn’t provide the copy/paste code…
* Let me know if you have any trouble implementing.
The code that generates the lists
Please only use the following update scripts sparingly because the source sites don’t need a bunch of unnecessary traffic. Anyway, the following script will run on a linux server (requires gawk & wget). I placed it in a file with 755 permissions in my /etc/cron.daily/ folder to be run daily.
#!/bin/sh
saveTo=/var/www
now=$(date);
echo "# Generated by Joshaven Potter on $now" > $saveTo/dshield.rsc
echo "/ip firewall address-list" > $saveTo/dshield.rsc
wget -q -O - http://feeds.dshield.org/block.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.0\t/ { print "add list=blacklist address=" $1 "/24 comment=DShield";}' >> $saveTo/dshield.rsc
echo "# Generated by Joshaven Potter on $now" > $saveTo/spamhaus.rsc
echo "/ip firewall address-list" >> $saveTo/spamhaus.rsc
wget -q -O - http://www.spamhaus.org/drop/drop.lasso | awk --posix '/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\// { print "add list=blacklist address=" $1 " comment=SpamHaus";}' >> $saveTo/spamhaus.rsc
echo "# Generated by Joshaven Potter on $now" > $saveTo/openbl.rsc
echo "/ip firewall address-list" >> $saveTo/openbl.rsc
wget -q -O - http://www.openbl.org/lists/base.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "add list=blacklist address=" $1 " comment=OpenBL";}' >> $saveTo/openbl.rsc