#!/bin/bash
BANNED_IP_LIST="/usr/local/ddos/banned.ip.list"
REPORTED_IP_LIST="/usr/local/ddos/reported.ip.list"
SERVER=`ifconfig eth0 | awk '/inet addr/ {split ($2,A,":"); print A[2]}'`
for i in `cat $BANNED_IP_LIST | sort | uniq`; do
if grep -Fxq $i $REPORTED_IP_LIST
then
echo > /dev/null
else
echo "Reporting: $i"
regex="^[a-z0-9!#\$%&'*+/=?^_\`{|}~-]+(\.[a-z0-9!#$%&'*+/=?^_\`{|}~-]+)*@([a-z0-9]([a-z0-9-]*[a-z0-9])?\.)+[a-z0-9]([a-z0-9-]*[a-z0-9])?\$"
EMAIL=`whois $i | grep 'abuse@' | head -n 1 | grep -Eiorh '([[:alnum:]_.]+@[[:alnum:]_]+?\.[[:alpha:].]{2,6})'`
if [[ $EMAIL =~ $regex ]] ;
then
VALIDEMAIL=$EMAIL
else
EMAIL=`whois $i | grep 'e-mail' | head -n 1 | grep -Eiorh '([[:alnum:]_.]+@[[:alnum:]_]+?\.[[:alpha:].]{2,6})'`
if [[ $EMAIL =~ $regex ]] ;
then
VALIDEMAIL=$EMAIL
fi
fi
if [[ $VALIDEMAIL =~ $regex ]] ;
then
echo "$VALIDEMAIL"
echo -e "Hello, \n\nWe have detected a DDoS attack on one of our servers ($SERVER) coming from the IP address $i.\nPlease investigate and take appropriate measures.\n\nCryptoVPN.com Abuse Team" | mail -s "DDoS Abuse: $i" $VALIDEMAIL
fi
echo $i >> $REPORTED_IP_LIST
sleep 1
fi
done