Le Mardi 21 Novembre 2006 15:38, David De Rosa a écrit : > #! /bin/sh > # clam-ip-drop.sh > > ip=`tail -n 4 /var/log/httpd/error_log | grep "virus daemon" | grep -v > "cannot > create" | cut -d " " -f8-8 | cut -d "]" -f1-1`; > date=`date`; > > iptables -n -L INPUT > /tmp/iptList > > > for i in $ip ; do > while read IPs > if [ $ip != $IPs ]; > then > $duplicate = 0; > else $duplicate = 1; > fi > done > > if [ $duplicate == 0 ]; > then > echo $date." Drop de l'IP : "$i >> /var/log/messages; > /sbin/iptables -I INPUT -s $i -j DROP; > fi > > done
Oh ! I'm very confused ! I wasn't see your code.... :) :) Many thanks ! :) The conclusion of this : 1/2 of my visitors try put virus when they are on site. (I had loose 1/2 of my visitor/day after a(p)ply this code, confirmed by webalizer) I think that it was someone with virus witch try to infect other... I'm trying your code NOW ! Thank's a lot PS : If my english is too bad, don't hesite to tell to me ! ;) _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
