<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><font size="2" face="Courier New">Hi Luigi,<br>
<br>
No, it doesn't block the IP with iptables, it just does
"set/badspotter".<br>
<br>
To include the blocking with iptables, it would be enough to
insert the following line after line 64 of the script:<br>
<br>
system("/usr/bin/iptables -A INPUT -s $ip -j DROP");<br>
<br>
that is, here:<br>
<br>
say FH $msg;<br>
close(FH);<br>
<br>
system("/usr/bin/iptables -A INPUT -s $ip -j DROP");
# <-- HERE<br>
<br>
# # Send set/baddx to DXSpider<br>
# open (FH, '>', "/spider/cmd_import/EA3CV");<br>
<br>
But think that most of the traffic that is being analyzed
(spots) comes from other clusters, and therefore, the analyzed
IP address belongs to the application layer, not to the network
layer.<br>
If what you want is to block all TOR IPs and/or PROXIES, there
is a better method: make a script that creates a DROP rule for
each IP or Subnet that appears in the lists you download.<br>
But if you include the code that I have given you, then only the
IP that has been detected in the origin node of the spot will be
blocked.<br>
<br>
Regards.<br>
<br>
Kin EA3CV</font></p>
<p><br>
</p>
<div class="moz-cite-prefix">El 14/09/2022 a las 20:36, Luigi
Carlotto IK5ZUK via Dxspider-support escribió:<br>
</div>
<blockquote type="cite"
cite="mid:70b88fd9-968f-634a-5e79-49e07a4be4d3@tiscali.it">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
Hi Kin,<br>
Thanks for sharing your script file.<br>
<br>
Only a question: this beta version also block the badspotter's IP
with "iptables" or not ?<br>
<br>
Thank you very much, please keep us informed in case you develope
some new versions for this script...<br>
<br>
73 Luigi IK5ZUK<br>
<br>
<br>
<br>
<div class="moz-cite-prefix">Il 14/09/2022 15:15, Joaquin via
Dxspider-support ha scritto:<br>
</div>
<blockquote type="cite"
cite="mid:9588410a-c3b8-7124-1034-04406f468293@cronux.net">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
<p><font size="2" face="Courier New">Hi all,<br>
<br>
For those who want to do tests, and I'm sure it can be
improved a lot.<br>
<br>
* bad_spotter.pl beta testing procedure<br>
<br>
1. Download TOR and Proxies IP list, first time:<br>
<br>
curl -o /spider/local_data/tor-proxies.txt <a
class="moz-txt-link-freetext"
href="https://raw.githubusercontent.com/X4BNet/lists_torexit/main/ipv4.txt"
moz-do-not-send="true">https://raw.githubusercontent.com/X4BNet/lists_torexit/main/ipv4.txt</a><br>
curl -o /spider/local_data/proxies-exits.txt <a
class="moz-txt-link-freetext"
href="https://lists.fissionrelays.net/tor/relays-ipv4.txt"
moz-do-not-send="true">https://lists.fissionrelays.net/tor/relays-ipv4.txt</a>
<br>
cat /spider/local_data/proxies-exits.txt >
/spider/local_data/tor-proxies.txt<br>
sed -i "s|$|/32|" /spider/local_data/tor-proxies.txt<br>
<br>
2. Copy the bad_spotter.pl script to:
/spider/local_cmd/bad_spotter.pl<br>
3. Run chmod +x /spider/local_cmd/bad_spotter.pl<br>
4. Add in /spider/local_cmd/crontab:<br>
<br>
# Bad spotter<br>
0 0 * * * spawn('pkill -f "/usr/bin/perl -w
/spider/local_cmd/bad_spotter.pl"')<br>
1 0 * * * spawn("/usr/bin/perl -w
/spider/local_cmd/bad_spotter.pl")<br>
30 * * * * spawn('curl -o /spider/local_data/tor-proxies.txt
<a class="moz-txt-link-freetext"
href="https://raw.githubusercontent.com/X4BNet/lists_torexit/main/ipv4.txt"
moz-do-not-send="true">https://raw.githubusercontent.com/X4BNet/lists_torexit/main/ipv4.txt</a>')<br>
31 * * * * spawn('curl -o
/spider/local_data/proxies-exits.txt <a
class="moz-txt-link-freetext"
href="https://lists.fissionrelays.net/tor/relays-ipv4.txt"
moz-do-not-send="true">https://lists.fissionrelays.net/tor/relays-ipv4.txt</a>')<br>
32 * * * * spawn('cat /spider/local_data/proxies-exits.txt
> /spider/local_data/tor-proxies.txt')<br>
33 * * * * spawn('sed -i "s|$|/32|"
/spider/local_data/tor-proxies.txt')<br>
<br>
<br>
4. Make sure the directory is created: /spider/cmd_import ,
if not:<br>
mkdir /spider/cmd_import<br>
<br>
5. Make log directory:<br>
mkdir /spider local_data/bad_spotter <br>
<br>
6. The first time you want to run it, from the prompt:<br>
<br>
/usr/bin/perl -w /spider/local_cmd/bad_spotter.pl &<br>
<br>
# End<br>
<br>
Example tail -f /spider local_data/bad_spotter/log.txt<br>
<br>
2022-09-12T14:01:53 [N9KT-2, RA1AL, 185.220.101.79, Politics
and HAMSPIRIT no mix!]<br>
2022-09-12T14:54:41 [N9KT-2, RA3ATX, 185.129.61.129, RU will
liberate the world!]<br>
2022-09-13T17:52:58 [PI4CC, PA2A, 77.171.80.188, ]<br>
<br>
Do not forget that it is a development version.<br>
<br>
73 de Kin<br>
<br>
Sysop EA3CV-2 & EA4URE-2,3,5</font><br>
<br>
</p>
<div class="moz-cite-prefix">El 14/09/2022 a las 14:54, David
Spoelstra escribió:<br>
</div>
<blockquote type="cite"
cite="mid:CAEKn9qZ8ovw=BwuO09Y4AUsfS+6r8VPu8YCcLe17D8ADt4oPGg@mail.gmail.com">
<meta http-equiv="content-type" content="text/html;
charset=UTF-8">
<div dir="ltr">Joaquin-
<div>Yes, please, send me the script.</div>
<div>-David, N9KT</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Wed, Sep 14, 2022 at
8:51 AM Joaquin via Dxspider-support <<a
href="mailto:dxspider-support@tobit.co.uk"
moz-do-not-send="true" class="moz-txt-link-freetext">dxspider-support@tobit.co.uk</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">Hi David,<br>
<br>
You have two more options:<br>
<br>
1. Enable for everyone:<br>
set/register<br>
set/password<br>
<br>
2. If you want I can send you a small script that will
automatically <br>
block any callsign that comes from the TOR network or is
using a PROXY.<br>
The script runs the set/bad/spotter command and logs the
callsign that <br>
has been blocked.<br>
It is a help, but it is not the definitive solution.<br>
<br>
Regards.<br>
<br>
Kin EA3CV<br>
<br>
El 14/09/2022 a las 14:35, David Spoelstra via
Dxspider-support escribió:<br>
> Seems like my cluster is being used for propaganda.
I've spent the <br>
> morning running "set/badspotter" and "set/badword"
commands. Is there <br>
> anything else I should be doing?<br>
<br>
_______________________________________________<br>
Dxspider-support mailing list<br>
<a href="mailto:Dxspider-support@tobit.co.uk"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">Dxspider-support@tobit.co.uk</a><br>
<a
href="https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support"
rel="noreferrer" target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support</a><br>
</blockquote>
</div>
</blockquote>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Dxspider-support mailing list
<a class="moz-txt-link-abbreviated moz-txt-link-freetext" href="mailto:Dxspider-support@tobit.co.uk" moz-do-not-send="true">Dxspider-support@tobit.co.uk</a>
<a class="moz-txt-link-freetext" href="https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support" moz-do-not-send="true">https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Dxspider-support mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Dxspider-support@tobit.co.uk">Dxspider-support@tobit.co.uk</a>
<a class="moz-txt-link-freetext" href="https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support">https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support</a>
</pre>
</blockquote>
</body>
</html>