Of course there are better ways to manage security on webservers, but I was playing around with the apache error log file today and wanted to get all of the subnets for the script kiddies that are hammering on this dev box. A quick one liner and we’re done!
ROOT-(0)> grep "error" error_log |awk -F[ {'print $4'}| sort | sed -e 's/]//g' | grep -v "/var/www/html/" | grep -v "/usr/local/src/code" | awk {'print $2'} | grep -v "75.142.246.205" |uniq | awk -F. {'print $1"."$2"."$3"/24"'} |uniq
114.80.93/24
119.63.193/24
124.115.0/24
205.234.253/24
208.115.111/24
208.80.195/24
221.194.132/24
58.61.164/24
65.55.106/24
65.55.207/24
66.249.71/24
67.202.34/24
72.14.199/24
74.125.44/24
76.73.37/24
88.131.106/24
92.52.69/24
