Grab the Internet Trouble Makers!

There are a lot of people trying to crack or spam others’ web sites (in vain)… What they usually do can be categorized into two types: one is trying to post their articles (usually advertisements for drugs and so on) automatically to a lot of forums; the other one is trying to download files that the web masters might put there carelessly (for example, *.mdb,, etc.).

I don’t care about this too much, unless they keep doing this all the time, which consumes my band width. In order to grab them out and filter their requests out using a firewall, I did the follows:

First, in Apache’s configuration file, filter all these suspecious requests into a separate log file. For example, I am using Apache in Linux, but if someone requests for /forum/post.asp, or /data.mdb, then it’s for sure that they are from crackers or spammers. I put all of these in a file called worm_log (these things used to be from worms…).

Then I wrote a small script to calculate the number of hostile requests:




cat worm* | cut -d ' ' -f 1 | sort > $allIPFile

cat $allIPFile | uniq > $ipListFile

lines=`cat $ipListFile`

rm -f $myTmpFile > /dev/null 2>&1

for ip in $lines ; do
        n=`grep $ip $allIPFile | wc -l`
        echo "$ip: $n" >> $myTmpFile

cat $myTmpFile | sort -nr -k 2,2 > spammers.txt

The output is something as follows: 404 355 351 314 140 117 56 48

Now we are very clear about who are the top trouble makers and should be blocked out of the firewall.

Leave a comment

Your email address will not be published. Required fields are marked *