User Tools
networking:router:mikrotik_manual_blacklist
This is an old revision of the document!
Manually Add and Remove IP Addresses to a Mikrotik Blacklist
This assumes you have a address list named blacklist that is being blocked.
/ip firewall address-list add comment="Manual Addition" list=blacklist address=xxx.xxx.xxx.xxx
/ip firewall address-list remove [/ip firewall address-list find address=xxx.xxx.xxx.xxx]
Create Blacklist from Apache Logs
Filter the log entries for attackers first.
Example from a recent Joomla experience where an attacking botnet utilized a vulnerable 'contacts' page:
grep contact-me /var/log/virtualmin/exmple.com_error_log >> example.txt
Strip it down to IP addresses:
awk '{ print $1 } ' example.txt | sort | uniq > evildoers.txt
Or, to just determine how many attackers there were:
awk '{ print $1 } ' example.txt | sort | uniq | wc -l
networking/router/mikrotik_manual_blacklist.1541178602.txt.gz · Last modified: 2018/11/02 11:10 by gcooper
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
