#include #include #include #include #include #include #include #define IPTABLES #define STACKSIZE "200" int main(int argc, char *argv[]) { char * theiraddr = getenv("REMOTE_ADDR"); pid_t child = -1; extern int errno; int eflag; int try,i,s; int dotcount = 0; if(!theiraddr) { fprintf(stderr, "%s: No REMOTE_ADDR\n",argv[0]); exit(0); } /* How long is the string? */ s = strlen(theiraddr); /* The first and last characters must be digits. */ eflag = !(theiraddr[0] >= '0' && theiraddr[0] <= '9' && theiraddr[s-1] >= '0' && theiraddr[s-1] <= '9'); /* Count the dots and make sure that the rest of the string is dots and digits. */ for(i = 1; i < (s-1); i ++) { if((theiraddr[i] == '.' && ++dotcount) || (theiraddr[i] >= '0' && theiraddr[i] <= '9')) continue; eflag = 1; break; } if(eflag || dotcount != 3) { fprintf(stderr, "%s: %s is an invalid value for REMOTE_ADDR\n", argv[0],theiraddr); exit(1); } printf("Content-type: text/plain\n"); printf("Pragma: no-cache\n\n"); fflush(stdout); for(try = 0; try == 0 || (try < 20 && child == -1 && errno == EAGAIN); sleep(1),try++) { if(!(child = fork())) { int execrtn; execrtn = execlp("/sbin/iptables","iptables","-I","FILTER80","-s",theiraddr,"-j","LOGDROP",(void*)NULL); perror("exec failed"); exit(1); } } for(try = 0; try == 0 || (try < 20 && child == -1 && errno == EAGAIN); sleep(1),try++) { if(!(child = fork())) { int execrtn; execrtn = execlp("/sbin/iptables","iptables","-D","FILTER80",STACKSIZE,NULL); perror("second exec failed"); exit(1); } } /* Wait for our children to complete. */ while(-1 != wait(NULL) && errno != ECHILD) {} printf("bye bye LOOOOOOOOOOOSER!\nYou are now BLACKLISTED!\n"); exit(0); } /* //Local Variables:-- //compile-command: "gcc ./blockme.c -O2 -Wall -o blockme.cgi"-- then chmod 7411 to setuid root //End:-- */