[Script] Auto ban Illegal CCcam Users in Debian

After some time, You see peers that don't delete you're line once removed or worse, they hand out the line to all kind of people who try to gain access to you're server.

For this i took the basic idea of a script from Unlocker-al and put together this little ban script.

Code:

#!/bin/sh
###########################
## Auto Ban script       ##
## Illegal CCcam Users   ##
## Written By CC_Share   ##
## Thanks to Unlocker-AL ##
## For the Basic idea    ##
###########################
workdir="/"                        #This is there the debug info from CCcam is dumped
firewall="/"          #The saved firewall rules
logdir="/emu/log"                       #The logfile directory
EMAIL=""                 #Email adres to mail result to
SUBJECT="Illegal Userlist CCcam"        #Subject title of the email
EMAILMESSAGE="/emu/log/illegaluser.txt" #List that contains the Illegal users
rm $workdir/debug.old
cp $workdir/debug.txt $workdir/debug.old
cp $logdir/iptables-save.new $logdir/iptables-save.old
cat $workdir/debug.old|grep illegal > $logdir/illegaluser.log
grep 'illegal' $logdir/illegaluser.log | awk -F" " '{print $5,$7}' > $logdir/illegaluser.txt
grep 'illegal' $logdir/illegaluser.log | awk -F" " '{print $7}' | grep -o '^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' > $logdir/badIP.out
awk '
{s[$0]++}
END {
for(i in s) {
if(s[i]>1) {
print i
}
 }
 }' $logdir/badIP.out > $logdir/badIP.block
while IFS= read -r EachLine
do
command="iptables -A INPUT -s "$EachLine" -j DROP"
echo $command
$command
done < $logdir/badIP.block
rm $logdir/badIP.block
if [ -s $logdir/illegaluser.txt ] ; then
iptables-save -c > $logdir/iptables-save.new
/usr/bin/nail -s "$SUBJECT" "$EMAIL" < $EMAILMESSAGE
else
echo "No Illegal Users found right now"
fi
sleep 1
> $workdir/debug.txt
exit 0

This script will scan you're debug file for illegal users, sort out the username and ip and insert the IP in ip-tables.

If you want, the script can also mail you the result so you know what users are put in ip-tables and gives you the advantage to check if it's not a valid user.

You can put this script in the crontab to enable automatic checking.
The following is an example how to install.

Code:

./CCcam.x86 -dv > /home/debug.txt

then change the following lines in the script to match the debug file and it's location.

Code:

workdir="/"

Should be

Code:

workdir="/home"

and this line

Code:

firewall="/"

Should be changed to where you want the firewall rules to be saved

Code:

firewall="/emu/log/"

To insert it in the crontab, edit it and insert this line:

Code:

00 */1  * * * root /emu/script/./illegal.sh

This will run the script every whole hour.



For the mail function to work, you have to do the following:

Code:

apt-get install nail
apt-get install exim4
dpkg-reconfigure exim4-config

Insert here a valid email adress

Code:

EMAIL=""

and it will mail you every time it runs and finds an illegal user. If no user is found, it will not mail you.