Comment posted How to find and kill Abusers on OpenVZ Linux hosted Virtual Machines (Few bash scripts to protect OpenVZ CentOS server from script kiddies and easify the daily admin job) by .
Recent comments by
Tags: admin job, bash scripts, bash shell scripts, CentOS, check ups, consequence, data, DDoS, Denial, denial service, download, host, host servers, job, kill, launchpad, Linux, log, malicious activities, network traffic, number, openvz, overhead, quot, script, script kiddies, Search, server overload, servers, Shell, shits, tcp ip network, tfn, ticket, trinoo, ups, Virtual, virtual machine, virtual machines, virtual servers, vm user
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Thankyou for these scripts, I have installed them and ran them to test, and they do what they are suppose to do!
🙂
View CommentView CommentMozilla/5.0 (X11; U; Linux x86_64; en-us) AppleWebKit/531.2+ (KHTML, like Gecko) Version/5.0 Safari/531.2+ Debian/squeeze (2.30.6-1) Epiphany/2.30.6
I’m glad it helped somebody out there 😉
View CommentView CommentMozilla/5.0 (X11; U; Linux x86_64; en-us) AppleWebKit/531.2+ (KHTML, like Gecko) Version/5.0 Safari/531.2+ Debian/squeeze (2.30.6-1) Epiphany/2.30.6
Hope to see ya around
View CommentView CommentMozilla/5.0 (X11; U; Linux x86_64; en-us) AppleWebKit/531.2+ (KHTML, like Gecko) Version/5.0 Safari/531.2+ Debian/squeeze (2.30.6-1) Epiphany/2.30.6
By the way in kill_abusers.sh it’s nice to add to the list of PROCS
PROCS=’ircd kaiten dos.pl exploit msfconsole ddos tfn-child tfn-daemon trinoo slap.pl’;
same goes also for the search of abusers script.
View CommentView CommentThere are plenty of abusers which use this slap.pl shit
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
I ran them and it listed the clients that should be suspended, what is IRCd, idnt it a chat client?
View CommentView CommentMozilla/5.0 (X11; U; Linux x86_64; en-us) AppleWebKit/531.2+ (KHTML, like Gecko) Version/5.0 Safari/531.2+ Debian/squeeze (2.30.6-1) Epiphany/2.30.6
Heya Josh,
IRCd is a chat (irc) server.
View CommentView CommentYou might not need it to be in the list of processes to be killed, in my case I thought it’s better if it’s there since. Sometimes people who are devoted to irc get in quarrels and their services might later be a target of DoS.
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Thanks for the description.
🙂
View CommentView CommentMozilla/5.0 (X11; U; Linux x86_64; en-us) AppleWebKit/531.2+ (KHTML, like Gecko) Version/5.0 Safari/531.2+ Debian/squeeze (2.30.6-1) Epiphany/2.30.6
Two more processes which is good to enter the scripts list of abusive processes are:
‘pscan2 SpyEyeCollector’
My current PROCS file variable, looks like so:
PROCS=’ircd kaiten dos.pl exploit msfconsole ddos tfn-child tfn-daemon trinoo slap.pl brute pscan2 SpyEyeCollector’;
Best!
View CommentView CommentGeorgi
🙂
Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1
Any way to make one for cpanel server for dos.php ect?
View CommentView CommentMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.19) Gecko/2010040119 Ubuntu/8.04 (hardy) Firefox/3.0.19
Hi Jack,
One can surely, be written. If you’re looking for someone to write you the script I can offer you my services for some fee?
Best!
View CommentView CommentGeorgi
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
I use these scripts quite often, so thanks again ^___^
However, the kill_abusers.sh script doesnt seem to work for me, tried two nodes it just goes blank :S
View CommentView CommentMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110422 Ubuntu/8.04 (hardy) Firefox/3.6.17
Hello Josh,
The script works, I don’t know what you’re doing. Do you use the last version of the script. Previously I’ve by mistaken put online a version of the script which does echo the proccesses to kill instead of killing them, open the script and check your’re not using this old version.
regards,
View CommentView CommentGeorgi
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Hi there,
I wget the latest one and it did the same :S
Do you have teamviewer?
View CommentView CommentMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110422 Ubuntu/8.04 (hardy) Firefox/3.6.17
Yes I have teamviewer 😉
View CommentView CommentMozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Care to take a look on my TV to see what could be the issue? :S
View CommentView CommentMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110422 Ubuntu/8.04 (hardy) Firefox/3.6.17
I can do that you can mail me on my mail with teamviewer info.
View CommentView CommentMozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110422 Ubuntu/8.04 (hardy) Firefox/3.6.17
Did you manage it? If not, drop me a mail or add my in skype my sk – hipodilsky
View CommentView CommentI would not be online today but around the evening will be online for a while.
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Added 🙂
View CommentView CommentMozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Oops, spoke to soon.
Having issues with skype, can you add my MSN/AIM/Yahoo?
support [at] Dotvps.net
View CommentView CommentMozilla/5.0 (X11; U; Linux x86_64; en-us) AppleWebKit/531.2+ (KHTML, like Gecko) Version/5.0 Safari/531.2+ Debian/squeeze (2.30.6-1) Epiphany/2.30.6
I was travelling, now I’m very tired and probably soon go to sleep, I’ve added you in ICQ but you seen unavailable. Whenever I’m online you should add me as well. Then I’ll quickly take a look.
Best!
View CommentView CommentGeorgi
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/534.51.22 (KHTML, like Gecko) Version/5.1.1 Safari/534.51.22
Hello
Thanks for that.
We also often have a DDoS script named lool.
Cheers.
View CommentView CommentMozilla/5.0 (Windows NT 6.1) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.79 Safari/535.11
How would i install this on centos
View CommentView CommentMozilla/5.0 (X11; Ubuntu; Linux i686; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
Hi Mark,
Do you get some errors. If you explain thoroughfully what you do, maybe I’ll be able to help
View CommentView CommentBy the way, I also offer pro-admin services for some fee. If you’re interested 🙂
best
Georgi
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.79 Safari/535.11
Add my skype mark.cayetano2
i need some pro-admin service’s 🙂
View CommentView CommentMozilla/5.0 (Windows NT 6.1) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.79 Safari/535.11
Also how do i add this into cronjobs.
View CommentView CommentMozilla/5.0 (Windows NT 5.1; rv:27.0) Gecko/20100101 Firefox/27.0
So far ….so good great experience !!! Thanks!!!
View CommentView CommentMozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
How do I install this script? I need help please.
My e-mail ; Victor@SpetsnazHost.com
View CommentView CommentMozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
Hi no need to install download and run it.
View CommentView CommentOr place it in cron job with crontab -u root -e.