Telegram-IP-Check-Bot

This script will parse NGINX- and dmesg-logs and checks the ip addresses found there using the AbuseIPDB and Alienvault-API to see if it is a malicious ip and blocks it if necessary.

Quick start for Debian/Ubuntu based installations

wget https://raw.githubusercontent.com/Billaids/Telegram-IP-Check-Bot/master/check_bot.sh
chmod +x check_bot.sh
Enable iptables logging:

  sudo iptables -A INPUT -j LOG
  sudo iptables -A FORWARD -j LOG
  sudo ip6tables -A INPUT -j LOG
  sudo ip6tables -A FORWARD -j LOG

Install jq

  sudo apt-get install jq

Get Telegram Bot API-Key and your CHATID
Get an AbuseIPDB and Alienvault API-Key
fill in your MAC-Address from ethernet adapter and server ip etc.
run bot, if you filled in empty vars.

WARNING!

It might be possible that this script blocks ip-addresses that are actually harmless. It checks for the abusescore from AbuseIPDB and Alienvault (Threadscore), which can result in false-positives.

Screenshot

Contributors

@KEN @uberhahn

Name		Name	Last commit message	Last commit date
Latest commit History 16 Commits
README.md		README.md
check_bot.sh		check_bot.sh
config.sh		config.sh
portscan_notification.jpg		portscan_notification.jpg

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Telegram-IP-Check-Bot

Quick start for Debian/Ubuntu based installations

WARNING!

Screenshot

Contributors

About

Contributors 2

Languages

jnelle/Telegram-IP-Check-Bot

Folders and files

Latest commit

History

Repository files navigation

Telegram-IP-Check-Bot

Quick start for Debian/Ubuntu based installations

WARNING!

Screenshot

Contributors

About

Topics

Resources

Stars

Watchers

Forks

Contributors 2

Languages