View Single Post
Old 10-18-2017, 06:47 PM  
Barry-xlovecam
It's 42
 
Industry Role:
Join Date: Jun 2010
Location: Global
Posts: 18,083
If the only tool in your toolbox is a hammer that is how you screw in a wood screw ...

try this:

Code:
$ cut -d'-' -f1 /home/work/domain.com/logs/access.log| grep -v '99\.3' |  uniq -c | sort -nr|sed 's/\([0-9]\) \([0-9]\)/\1:\2/g' |less

(returns unique hits:IP grep -v will delete your ip pattern)

   2742:173.208.249.226 
    189:158.69.229.6 
    155:160.202.163.148 
    153:78.190.44.124 
     91:82.165.75.132 
     64:178.137.82.201 
     62:46.2.77.72 
     62:201.18.18.173 
     62:201.18.18.173 
     62:185.81.155.40
to print to a file
instead of |less
>fileName.*

you don't need a hammer to tighten a screw

After checking the whois
Quote:
# The following results may also be obtained via:
# https://whois.arin.net/rest/nets;q=1...se&ext=netref2
#


# start

NetRange: 173.208.249.224 - 173.208.249.231
CIDR: 173.208.249.224/29
NetName: DS-249-225-231
NetHandle: NET-173-208-249-224-1
Parent: WII-OAK-2 (NET-173-208-128-0-1)
NetType: Reassigned
OriginAS: AS32097
Customer: Caruso, David (C06755517)
RegDate: 2017-10-18
Updated: 2017-10-18
Ref: https://whois.arin.net/rest/net/NET-173-208-249-224-1


CustName: Caruso, David
Address: 201 E. 16th st
City: North Kansas City
StateProv: MO
PostalCode: 64116
Country: US
RegDate: 2017-10-18
Updated: 2017-10-18
Ref: https://whois.arin.net/rest/customer/C06755517

OrgTechHandle: AWE13-ARIN
OrgTechName: Wendel, Aaron
OrgTechPhone: +1-816-256-3031
OrgTechEmail: [email protected]
OrgTechRef: https://whois.arin.net/rest/poc/AWE13-ARIN

OrgAbuseHandle: NETWO1111-ARIN
OrgAbuseName: Network Security
OrgAbusePhone: +1-816-256-3031
OrgAbuseEmail: [email protected]
Whoever the fuck he is ...

Code:
ufw deny from 173.208.249.224/29  to any;
Rule added
A CIDR is a group of IPs

Barry-xlovecam is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote