#!/bin/sh # # Block sites which originate Nimba queries from Apache server # Apache must be configured with HostnameLookups Off LOGS=/var/log/httpd cd $LOGS grep '^[0-9]*\.[0-9]*\.[0-9]*\.[0-9]* ' * 2>/dev/null | awk '/system32\/cmd\.exe/ {sub(/[^:]*:/,"");print $1}' | sort -u | while read host do if ! fgrep $host /var/tmp/blocked >/dev/null then echo $host >>/var/tmp/blocked /sbin/ipchains -I input -s $host -j DENY -l fi done