[Dxspider-support] badspotter badwords

Thu Sep 15 10:02:40 BST 2022

Hi Luigi,

No, it doesn't block the IP with iptables, it just does "set/badspotter".

To include the blocking with iptables, it would be enough to insert the 
following line after line 64 of the script:

         system("/usr/bin/iptables -A INPUT -s $ip -j DROP");

that is, here:

             say FH $msg;
             close(FH);

             system("/usr/bin/iptables -A INPUT -s $ip -j DROP"); # <-- HERE

             # # Send set/baddx to DXSpider
             # open (FH, '>', "/spider/cmd_import/EA3CV");

But think that most of the traffic that is being analyzed (spots) comes 
from other clusters, and therefore, the analyzed IP address belongs to 
the application layer, not to the network layer.
If what you want is to block all TOR IPs and/or PROXIES, there is a 
better method: make a script that creates a DROP rule for each IP or 
Subnet that appears in the lists you download.
But if you include the code that I have given you, then only the IP that 
has been detected in the origin node of the spot will be blocked.

Regards.

Kin EA3CV

El 14/09/2022 a las 20:36, Luigi Carlotto IK5ZUK via Dxspider-support 
escribió:
> Hi Kin,
> Thanks for sharing your script file.
>
> Only a question: this beta version also block the badspotter's IP with 
> "iptables" or not ?
>
> Thank you very much, please keep us informed in case you develope some 
> new versions for this script...
>
> 73 Luigi IK5ZUK
>
>
>
> Il 14/09/2022 15:15, Joaquin via Dxspider-support ha scritto:
>>
>> Hi all,
>>
>> For those who want to do tests, and I'm sure it can be improved a lot.
>>
>> * bad_spotter.pl beta testing procedure
>>
>> 1. Download TOR and Proxies IP list, first time:
>>
>> curl -o /spider/local_data/tor-proxies.txt 
>> https://raw.githubusercontent.com/X4BNet/lists_torexit/main/ipv4.txt
>> curl -o /spider/local_data/proxies-exits.txt 
>> https://lists.fissionrelays.net/tor/relays-ipv4.txt
>> cat /spider/local_data/proxies-exits.txt > 
>> /spider/local_data/tor-proxies.txt
>> sed -i "s|$|/32|" /spider/local_data/tor-proxies.txt
>>
>> 2. Copy the bad_spotter.pl script to: /spider/local_cmd/bad_spotter.pl
>> 3. Run chmod +x /spider/local_cmd/bad_spotter.pl
>> 4. Add in /spider/local_cmd/crontab:
>>
>> # Bad spotter
>> 0 0 * * *  spawn('pkill -f "/usr/bin/perl -w 
>> /spider/local_cmd/bad_spotter.pl"')
>> 1 0 * * *  spawn("/usr/bin/perl -w /spider/local_cmd/bad_spotter.pl")
>> 30 * * * * spawn('curl -o /spider/local_data/tor-proxies.txt 
>> https://raw.githubusercontent.com/X4BNet/lists_torexit/main/ipv4.txt')
>> 31 * * * * spawn('curl -o /spider/local_data/proxies-exits.txt 
>> https://lists.fissionrelays.net/tor/relays-ipv4.txt')
>> 32 * * * * spawn('cat /spider/local_data/proxies-exits.txt > 
>> /spider/local_data/tor-proxies.txt')
>> 33 * * * * spawn('sed -i "s|$|/32|" /spider/local_data/tor-proxies.txt')
>>
>>
>> 4. Make sure the directory is created: /spider/cmd_import , if not:
>> mkdir /spider/cmd_import
>>
>> 5. Make log directory:
>> mkdir /spider local_data/bad_spotter
>>
>> 6. The first time you want to run it, from the prompt:
>>
>> /usr/bin/perl -w /spider/local_cmd/bad_spotter.pl &
>>
>> # End
>>
>> Example tail -f /spider local_data/bad_spotter/log.txt
>>
>> 2022-09-12T14:01:53 [N9KT-2, RA1AL, 185.220.101.79, Politics and 
>> HAMSPIRIT no mix!]
>> 2022-09-12T14:54:41 [N9KT-2, RA3ATX, 185.129.61.129, RU will liberate 
>> the world!]
>> 2022-09-13T17:52:58 [PI4CC, PA2A, 77.171.80.188, ]
>>
>> Do not forget that it is a development version.
>>
>> 73 de Kin
>>
>> Sysop EA3CV-2 & EA4URE-2,3,5
>>
>> El 14/09/2022 a las 14:54, David Spoelstra escribió:
>>> Joaquin-
>>> Yes, please, send me the script.
>>> -David, N9KT
>>>
>>> On Wed, Sep 14, 2022 at 8:51 AM Joaquin via Dxspider-support 
>>> <dxspider-support at tobit.co.uk> wrote:
>>>
>>>     Hi David,
>>>
>>>     You have two more options:
>>>
>>>     1. Enable for everyone:
>>>     set/register
>>>     set/password
>>>
>>>     2. If you want I can send you a small script that will
>>>     automatically
>>>     block any callsign that comes from the TOR network or is using a
>>>     PROXY.
>>>     The script runs the set/bad/spotter command and logs the
>>>     callsign that
>>>     has been blocked.
>>>     It is a help, but it is not the definitive solution.
>>>
>>>     Regards.
>>>
>>>     Kin EA3CV
>>>
>>>     El 14/09/2022 a las 14:35, David Spoelstra via Dxspider-support
>>>     escribió:
>>>     > Seems like my cluster is being used for propaganda. I've spent
>>>     the
>>>     > morning running "set/badspotter" and "set/badword" commands.
>>>     Is there
>>>     > anything else I should be doing?
>>>
>>>     _______________________________________________
>>>     Dxspider-support mailing list
>>>     Dxspider-support at tobit.co.uk
>>>     https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
>>>
>>
>> _______________________________________________
>> Dxspider-support mailing list
>> Dxspider-support at tobit.co.uk
>> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
>
>
> _______________________________________________
> Dxspider-support mailing list
> Dxspider-support at tobit.co.uk
> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.tobit.co.uk/pipermail/dxspider-support/attachments/20220915/0c127f6e/attachment.htm>