12-18-2020, 01:47 PM
Maybe you're like me, and occasionally you'll get a random person somewhere in the world that points a fuzzer at one of your applications. For me, this means nothing more than 500+ error log emails in a night before I can get around to banning their IP via firewall. Well, since I've already got code that hooks into any uncaught exceptions and logs them, I figured why not extract out the IP and put it in a database so I can easily ban them. Then I thought, why shouldn't I just automate banning them too? Well, if anybody else has had that problem, here's some code for you:
SQL:
When you get an error, log your error as normal but insert the ip of the user into sys_ErrorIPs, then use the following PS script:
For me, I have that script set up in windows task scheduler to run every minute, so if somebody causes 5 or more unhandled exceptions in under a minute, the script will ban their IP, log that in the db, and send me an email about it.
Note: this assumes that you have a firewall rule named Blacklist.
Hope you enjoy.
SQL:
Hidden Content
When you get an error, log your error as normal but insert the ip of the user into sys_ErrorIPs, then use the following PS script:
Hidden Content
For me, I have that script set up in windows task scheduler to run every minute, so if somebody causes 5 or more unhandled exceptions in under a minute, the script will ban their IP, log that in the db, and send me an email about it.
Note: this assumes that you have a firewall rule named Blacklist.
Hope you enjoy.