Wordpress
This commit is contained in:
@@ -1,6 +1,6 @@
|
||||
# Reaction
|
||||
|
||||
Reaction est un service qui scan les sorties des fichiers et effectue des actions dand un usage est détecté.
|
||||
Reaction est un service qui scan les sorties des fichiers et effectue des actions quand un certain usage est détecté.
|
||||
|
||||
|
||||
```shell
|
||||
@@ -13,12 +13,39 @@ reaction show
|
||||
```
|
||||
|
||||
```
|
||||
local bots = [
|
||||
"ChatGPT-User",
|
||||
"DuckAssistBot",
|
||||
"Meta-ExternalFetcher",
|
||||
"AI2Bot",
|
||||
"Applebot-Extended",
|
||||
"Bytespider",
|
||||
"CCBot",
|
||||
"ClaudeBot",
|
||||
"Diffbot",
|
||||
"FacebookBot",
|
||||
"Google-Extended",
|
||||
"GPTBot",
|
||||
"Kangaroo Bot",
|
||||
"Meta-ExternalAgent",
|
||||
"omgili",
|
||||
"Timpibot",
|
||||
"Webzio-Extended",
|
||||
"Amazonbot",
|
||||
"Applebot",
|
||||
"OAI-SearchBot",
|
||||
"PerplexityBot",
|
||||
"YouBot",
|
||||
"Yandexbot",
|
||||
"Baiduspider"
|
||||
];
|
||||
|
||||
local banFor(time) = {
|
||||
ban: {
|
||||
cmd: ['nft', 'add', 'element', 'inet', 'reaction', 'banned_ips', '{ <ip> }'],
|
||||
cmd: ['nft', 'add element inet reaction banned_ips { <ip> }'],
|
||||
},
|
||||
unban: {
|
||||
cmd: ['nft', 'delete', 'element', 'inet', 'reaction', 'banned_ips', '{ <ip> }'],
|
||||
cmd: ['nft', 'delete element inet reaction banned_ips { <ip> }'],
|
||||
after: time,
|
||||
},
|
||||
};
|
||||
@@ -31,41 +58,31 @@ local banFor(time) = {
|
||||
},
|
||||
|
||||
start: [
|
||||
// Table
|
||||
['nft', 'add', 'table', 'inet', 'reaction'],
|
||||
['nft', |||
|
||||
table inet reaction {
|
||||
set whitelist_ips {
|
||||
type ipv4_addr
|
||||
flags interval
|
||||
elements = { 192.168.137.0/24 }
|
||||
}
|
||||
|
||||
// Set pour IP bannies
|
||||
[
|
||||
'nft', 'add', 'set', 'inet', 'reaction', 'banned_ips',
|
||||
'{', 'type', 'ipv4_addr', ';', 'flags', 'interval', ';', '}'
|
||||
],
|
||||
set banned_ips {
|
||||
type ipv4_addr
|
||||
flags interval
|
||||
auto-merge
|
||||
}
|
||||
|
||||
// Chaîne INPUT
|
||||
[
|
||||
'nft', 'add', 'chain', 'inet', 'reaction', 'input_filter',
|
||||
'{', 'type', 'filter', 'hook', 'input', 'priority', '0', ';', '}'
|
||||
],
|
||||
|
||||
// Chaîne FORWARD
|
||||
[
|
||||
'nft', 'add', 'chain', 'inet', 'reaction', 'forward_filter',
|
||||
'{', 'type', 'filter', 'hook', 'forward', 'priority', '0', ';', '}'
|
||||
],
|
||||
|
||||
// Règles d'utilisation du set
|
||||
[
|
||||
'nft', 'add', 'rule', 'inet', 'reaction', 'input_filter',
|
||||
'ip', 'saddr', '@banned_ips', 'drop'
|
||||
],
|
||||
[
|
||||
'nft', 'add', 'rule', 'inet', 'reaction', 'forward_filter',
|
||||
'ip', 'saddr', '@banned_ips', 'drop'
|
||||
],
|
||||
chain input {
|
||||
type filter hook input priority 0
|
||||
ip saddr @whitelist_ips accept
|
||||
ip saddr @banned_ips drop
|
||||
}
|
||||
}
|
||||
||| ],
|
||||
],
|
||||
|
||||
stop: [
|
||||
// Une seule commande supprime tout proprement
|
||||
['nft', 'delete', 'table', 'inet', 'reaction'],
|
||||
['nft', 'delete table inet reaction'],
|
||||
],
|
||||
|
||||
streams: {
|
||||
@@ -76,14 +93,30 @@ local banFor(time) = {
|
||||
regex: [
|
||||
@'authentication failure;.*rhost=<ip>',
|
||||
@'Failed password for .* from <ip>',
|
||||
@'banner exchange: Connection from <ip> port [0-9]*: invalid format',
|
||||
@'Connection from <ip> port [0-9]*: invalid format',
|
||||
@'Invalid user .* from <ip>',
|
||||
@'Timeout before authentication for <ip>',
|
||||
],
|
||||
retry: 3,
|
||||
retryperiod: '6h',
|
||||
actions: banFor('96h'),
|
||||
},
|
||||
},
|
||||
},
|
||||
|
||||
apache: {
|
||||
cmd: ['tail', '-n0', '-f', '/var/log/nginx/access.log'],
|
||||
filters: {
|
||||
aiBots: {
|
||||
regex: [
|
||||
// User-Agent is the last field
|
||||
// Bot's name can be anywhere in the User-Agent
|
||||
// (hence the leading and trailing [^"]*
|
||||
@'^<ip> .* "[^"]*(%s)[^"]*"$' % std.join('|', bots)
|
||||
],
|
||||
actions: banFor('30d'),
|
||||
},
|
||||
},
|
||||
}
|
||||
},
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user