I wanted to announce a little script project I'm starting called 'bantcp'.
I got frustrated by a dictionary attack on one of my domains. Tonix'
CHKUSER patch did it's job in repelling the offending IPs (who were not
already RBLd) but I wanted more.
I wanted a (semi-)automated way to extract the attacking IPs from my qmail
logs and insert them into my tcp.smtp file using selection criteria based
upon how many attacks had been made from an IP during a specific window of
time. I felt this was a way to prevent further abuse from these IPs.
bantcp is version 0.01 It's a cobbling of bash and perl to provide the
output suitable for pasting into your tcp.smtp file. It's not terribly
elegant yet, but I'm hoping for some suggestions.
Flames are welcome too, though please be kind. I'm not a coder. I'm also
guessing that a 'sed/awk' guru could tighten bantcp up a lot - maybe kill
off the perl jumps altogether.