[Dxspider-support] badspotter badwords

Thu Sep 15 21:06:26 BST 2022

Ok Kin, thank you very much !

73 Luigi IK5ZUK

Il 15/09/2022 11:02, Joaquin via Dxspider-support ha scritto:
>
> Hi Luigi,
>
> No, it doesn't block the IP with iptables, it just does "set/badspotter".
>
> To include the blocking with iptables, it would be enough to insert 
> the following line after line 64 of the script:
>
>         system("/usr/bin/iptables -A INPUT -s $ip -j DROP");
>
> that is, here:
>
>             say FH $msg;
>             close(FH);
>
>             system("/usr/bin/iptables -A INPUT -s $ip -j DROP"); # <-- 
> HERE
>
>             # # Send set/baddx to DXSpider
>             # open (FH, '>', "/spider/cmd_import/EA3CV");
>
> But think that most of the traffic that is being analyzed (spots) 
> comes from other clusters, and therefore, the analyzed IP address 
> belongs to the application layer, not to the network layer.
> If what you want is to block all TOR IPs and/or PROXIES, there is a 
> better method: make a script that creates a DROP rule for each IP or 
> Subnet that appears in the lists you download.
> But if you include the code that I have given you, then only the IP 
> that has been detected in the origin node of the spot will be blocked.
>
> Regards.
>
> Kin EA3CV
>
>
> El 14/09/2022 a las 20:36, Luigi Carlotto IK5ZUK via Dxspider-support 
> escribió:
>> Hi Kin,
>> Thanks for sharing your script file.
>>
>> Only a question: this beta version also block the badspotter's IP 
>> with "iptables" or not ?
>>
>> Thank you very much, please keep us informed in case you develope 
>> some new versions for this script...
>>
>> 73 Luigi IK5ZUK
>>
>>
>>
>> Il 14/09/2022 15:15, Joaquin via Dxspider-support ha scritto:
>>>
>>> Hi all,
>>>
>>> For those who want to do tests, and I'm sure it can be improved a lot.
>>>
>>> * bad_spotter.pl beta testing procedure
>>>
>>> 1. Download TOR and Proxies IP list, first time:
>>>
>>> curl -o /spider/local_data/tor-proxies.txt 
>>> https://raw.githubusercontent.com/X4BNet/lists_torexit/main/ipv4.txt
>>> curl -o /spider/local_data/proxies-exits.txt 
>>> https://lists.fissionrelays.net/tor/relays-ipv4.txt
>>> cat /spider/local_data/proxies-exits.txt > 
>>> /spider/local_data/tor-proxies.txt
>>> sed -i "s|$|/32|" /spider/local_data/tor-proxies.txt
>>>
>>> 2. Copy the bad_spotter.pl script to: /spider/local_cmd/bad_spotter.pl
>>> 3. Run chmod +x /spider/local_cmd/bad_spotter.pl
>>> 4. Add in /spider/local_cmd/crontab:
>>>
>>> # Bad spotter
>>> 0 0 * * *  spawn('pkill -f "/usr/bin/perl -w 
>>> /spider/local_cmd/bad_spotter.pl"')
>>> 1 0 * * *  spawn("/usr/bin/perl -w /spider/local_cmd/bad_spotter.pl")
>>> 30 * * * * spawn('curl -o /spider/local_data/tor-proxies.txt 
>>> https://raw.githubusercontent.com/X4BNet/lists_torexit/main/ipv4.txt')
>>> 31 * * * * spawn('curl -o /spider/local_data/proxies-exits.txt 
>>> https://lists.fissionrelays.net/tor/relays-ipv4.txt')
>>> 32 * * * * spawn('cat /spider/local_data/proxies-exits.txt > 
>>> /spider/local_data/tor-proxies.txt')
>>> 33 * * * * spawn('sed -i "s|$|/32|" /spider/local_data/tor-proxies.txt')
>>>
>>>
>>> 4. Make sure the directory is created: /spider/cmd_import , if not:
>>> mkdir /spider/cmd_import
>>>
>>> 5. Make log directory:
>>> mkdir /spider local_data/bad_spotter
>>>
>>> 6. The first time you want to run it, from the prompt:
>>>
>>> /usr/bin/perl -w /spider/local_cmd/bad_spotter.pl &
>>>
>>> # End
>>>
>>> Example tail -f /spider local_data/bad_spotter/log.txt
>>>
>>> 2022-09-12T14:01:53 [N9KT-2, RA1AL, 185.220.101.79, Politics and 
>>> HAMSPIRIT no mix!]
>>> 2022-09-12T14:54:41 [N9KT-2, RA3ATX, 185.129.61.129, RU will 
>>> liberate the world!]
>>> 2022-09-13T17:52:58 [PI4CC, PA2A, 77.171.80.188, ]
>>>
>>> Do not forget that it is a development version.
>>>
>>> 73 de Kin
>>>
>>> Sysop EA3CV-2 & EA4URE-2,3,5
>>>
>>> El 14/09/2022 a las 14:54, David Spoelstra escribió:
>>>> Joaquin-
>>>> Yes, please, send me the script.
>>>> -David, N9KT
>>>>
>>>> On Wed, Sep 14, 2022 at 8:51 AM Joaquin via Dxspider-support 
>>>> <dxspider-support at tobit.co.uk> wrote:
>>>>
>>>>     Hi David,
>>>>
>>>>     You have two more options:
>>>>
>>>>     1. Enable for everyone:
>>>>     set/register
>>>>     set/password
>>>>
>>>>     2. If you want I can send you a small script that will
>>>>     automatically
>>>>     block any callsign that comes from the TOR network or is using
>>>>     a PROXY.
>>>>     The script runs the set/bad/spotter command and logs the
>>>>     callsign that
>>>>     has been blocked.
>>>>     It is a help, but it is not the definitive solution.
>>>>
>>>>     Regards.
>>>>
>>>>     Kin EA3CV
>>>>
>>>>     El 14/09/2022 a las 14:35, David Spoelstra via Dxspider-support
>>>>     escribió:
>>>>     > Seems like my cluster is being used for propaganda. I've
>>>>     spent the
>>>>     > morning running "set/badspotter" and "set/badword" commands.
>>>>     Is there
>>>>     > anything else I should be doing?
>>>>
>>>>     _______________________________________________
>>>>     Dxspider-support mailing list
>>>>     Dxspider-support at tobit.co.uk
>>>>     https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
>>>>
>>>
>>> _______________________________________________
>>> Dxspider-support mailing list
>>> Dxspider-support at tobit.co.uk
>>> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
>>
>>
>> _______________________________________________
>> Dxspider-support mailing list
>> Dxspider-support at tobit.co.uk
>> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
>
> _______________________________________________
> Dxspider-support mailing list
> Dxspider-support at tobit.co.uk
> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.tobit.co.uk/pipermail/dxspider-support/attachments/20220915/2cc20dfd/attachment.htm>