Script to block IPs based on error log?

[Alexandre Paulo]

Hi everyone,

I keep getting people looking for backdoors on my websites. It's hundreds if not thousands per day on just one website.


[Fri Dec 30 00:31:19.784165 2022] [:error] [pid 46696:tid 47373873145600] [client 194.146.24.93:0] File does not exist: /home/(...)/shell.php
[Fri Dec 30 00:31:19.115738 2022] [:error] [pid 46696:tid 47373902563072] [client 194.146.24.93:0] File does not exist: /home/(...)/upload.php
[Fri Dec 30 00:31:18.389894 2022] [:error] [pid 46911:tid 47373879449344] [client 194.146.24.93:0] File does not exist: /home/(...)/up.php
[Fri Dec 30 00:31:10.948368 2022] [:error] [pid 46911:tid 47373871044352] [client 194.146.24.93:0] File does not exist: /home/(...)/wso.php
[Fri Dec 30 00:31:10.161048 2022] [:error] [pid 46911:tid 47373900461824] [client 194.146.24.93:0] File does not exist: /home/(...)/indoxploit.php
....
[Thu Dec 29 15:15:46.369656 2022] [:error] [pid 46911:tid 47373902563072] [client 46.101.26.151:0] File does not exist: /home/(...)/wp-login.php
...



I am wondering if it is possible to write a script to add IPs to the block list based on failed requests.
Basically, my goal is: if you ask for "shell.php", "upload.php", etc - your IP gets blocked!

Many thanks. Happy 2023!

 

[GOT]

If you use CSF/LFD it can do this for you automatically. LFD can be set to block an IP after XX 404 log entries.

 

[cPRex]

Using CSF/LFD as mentioned, while not a cPanel product, is likely the easiest way to go about this. Let us know if that works for you!