IP Blacklist based on Apache Logs

Purpose

This project has as purpose to generate a list of dangerous IP's based on the Apache logs.

Several servers in different continents have as only objective to filter their Apache logs to find the IP's that are trying to abuse the Apache server. They send these IP's encrypted to a central server. This central server keeps the IP's to make a blacklist.

How to use

The blacklist can be used with different firewalls. We did test it with succes on Shorewall on CentOS.

• A script you can add to crontab for Shorewall

You can find the blacklist here. The list is free for use and at your own risk.

The filter

The filter is based on several words you can find here:

• Proxy words
• Hacking words

New words are inserted manually after checking the Apache log with Petit.

Statistics page

You can find the statistics page here.

Comments/questions

You can leave your comments/questions about this project here.

Sincerely,

Koen Thomeer, MD, MSc