On 25 Nov 2024, Warpslide said the following...
Solution? Block their ass!
For some reason this person has decided to change the name they use when sending mail with binkp, so updated this script to handle multiple cases:
#!/bin/bash
BINKLOG="/path/to/binkd.log"
BLOCK=(
"ZYZ John Doe$"
"ZYZ Jane Doe$"
"ZYZ j0hnd03$"
"addr: 1:234/567@fidonet"
"addr: 21:3/999@fsxnet"
)
for i in "${BLOCK[@]}"; do
# Find the latest log entry matching the pattern
getpoll=$(tac "$BINKLOG" | grep -m 1 "$i")
if [[ -n $getpoll ]]; then
# Extract the PID from the log entry using bash string manipulation
pollpid="${getpoll#*[}"
pollpid="${pollpid%%]*}"
# Find the full log entry associated with the PID
poll=$(grep "\[$pollpid\] incoming session with" "$BINKLOG")
ip=$(echo "$poll" | sed -n 's/.*\[\([^]]*\)\]$/\1/p')
# Extract the IPv4 address from the log entry
if [[ "$ip" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; then
# Convert to CIDR format
cidr="${ip%.*}.0/24"
# Check if the CIDR is already in the block4 IP set
if ! sudo ipset test block4 "$cidr" >/dev/null 2>&1; then
# Add the CIDR to the block4 IP set and save changes
sudo ipset add block4 "$cidr"
sudo ipset save > /etc/iptables/ipsets
fi
# Extract the IPv6 address from the log entry
elif [[ "$ip" =~ ^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$ || "$ip" == *"::"* ]]; then
# Convert to CIDR format
cidr=`echo "$ip" | cut -d: -f1-4`\:\:\/64
# Check if the CIDR is already in the block6 IP set
if ! sudo ipset test block6 "$cidr" >/dev/null 2>&1; then
# Add the CIDR to the block6 IP set and save changes
sudo ipset add block6 "$cidr"
sudo ipset save > /etc/iptables/ipsets
fi
fi
fi
done
Since adding these rules on the 25th, I already have three IPv4 address ranges and several hundred hits:
pkts bytes target prot opt in out source dest
392 13680 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set block4 src
Updated version also available at:
https://nrbbs.net/binkblock.sh.txt
Jay
... What musical instrument is found in the bathroom? A tuba toothpaste
--- Mystic BBS v1.12 A49 2024/05/29 (Linux/64)
* Origin: Northern Realms (21:3/110)