nixlists wrote:
spamd is great, but I need to filter other traffic. I still wonder how
people manage to download and convert blocklists for loading into pf
in an automated way as a cron job. Has anyone attempted to do this?
Often there are syntax errors in the lists, sometimes transfers fail.
IOW it's unreliable, and I have to do it manually. I guess I could do
it such that if a list fails download or conversion, then leave the
old list alone, but that sucks too. Also, which lists do you use?
Thanks.
I scan apache error log for entries that I know are undesirable.
That script immediately adds that IP to badhosts table in PF.
I do not believe that any botlist will be very effective for apache
attacks, although I could be wrong.
But all of this is based on personal experience in scanning my error log.
There are also many bots that scan software that some people may use.
The ones I don't use get added to that list.
Pretty simple perl script with a sleep 1; entry. Always runs to stop
those particularly heavy handed intruders quickly.
I also use spamd, but apart from any lists I use, I have a script that
scans spamdb for known evildoers and traps them. I have a continuing
problem with one botnet but their spam never changes usernames, so easy
to thwart.
--
A human being should be able to change a diaper, plan an invasion,
butcher a hog, conn a ship, design a building, write a sonnet, balance
accounts, build a wall, set a bone, comfort the dying, take orders,
give orders, cooperate, act alone, solve equations, analyze a new
problem, pitch manure, program a computer, cook a tasty meal, fight
efficiently, die gallantly. Specialization is for insects.
-- Robert Heinlein
