@Martineau I ran the scripts as you requested. I had a problem with the one ./IPSET_Block init reset ipset. Here is the output:
admin@RT-AC3100-0000:/jffs/scripts# ./IPSET_Block.sh init reset ipset
v4.03 © 2016-2017 Martineau, Dynamic IPSET Blocking.....
IPSETs: 'Blacklist*/Whitelist*' created empty - reset!
Restoring permanently banned I/P addresses to Blacklist from '/mnt/ASUS/IPSET_Logs/IPSET_Block.config.add'.....
Bad argument `59'
Try `iptables -h' or 'iptables --help' for more information.
Summary Blacklist: 0+0 Successful blocks! ( 0 IPs currently banned - 0 added ), Entries auto-expire after 7 days 00:00:00hrs
v2.06 © 2016-2017 Martineau, Hacker Port attacks Report.....
Scanning /tmp/syslog.log for ANY interface (IN=eth0) violations, please wait.....
1261 records scanned from Syslog ('/tmp/syslog.log')
25 May 12:26:24: # Unique Ports attacked via ANY interface: 8 (out of 152 attempts) tracked via SYSLOG, May 25 11:53:11 - May 25 12:26:24
Top 3 Ports attacked:
131 http://www.speedguide.net/port.php?port=51413 e.g. https://www.speedguide.net/ip/1.204.101.188
11 http://www.speedguide.net/port.php?port=23 e.g. https://www.speedguide.net/ip/122.116.73.161
3 http://www.speedguide.net/port.php?port=1433 e.g. https://www.speedguide.net/ip/103.236.254.83
Top 3 attackers:
1 https://www.speedguide.net/ip/1.204.101.188
1 https://www.speedguide.net/ip/122.116.73.161
1 https://www.speedguide.net/ip/103.236.254.83
Last 3 most recent attackers:
https://www.speedguide.net/ip/189.200.48.67
https://www.speedguide.net/ip/1.204.101.188
https://www.speedguide.net/ip/45.76.25.206
also the output from the status:
admin@RT-AC3100-0000:/jffs/scripts# ./IPSET_Block.sh status
v4.03 © 2016-2017 Martineau, Dynamic IPSET Blocking.....
Name: Blacklist Name: Whitelist Name: BlacklistTRK
Type: hash:ip Type: hash:net Type: hash:net,port
Revision: 0 Revision: 0 Revision: 1
Header: family inet hashsize 8192 maxelem 65536 timeout 604800 Header: family inet hashsize 1024 maxelem 65536 Header: family inet hashsize 1024 maxelem 65536 timeout 604800
Size in memory: 328088 Size in memory: 8532 Size in memory: 15028
References: 3 References: 2 References: 2
Members: Members: Members:
(Total=19357) (Total=1) (Total=150)
Summary Blacklist: 82+0 Successful blocks! ( 19334 IPs currently banned - 23 added ), Entries auto-expire after 7 days 00:00:00hrs
v2.06 © 2016-2017 Martineau, Hacker Port attacks Report.....
Retrieving IPSET BlacklistTRK data for 'eth0' violations, please wait.....
150 members retrieved from IPSET (BlacklistTRK - Entries auto-expire after 7 days 00:00:00 hrs)
25 May 12:44:45: # Unique Ports attacked via 'eth0': 8 (out of 150 attempts) tracked via IPSET
Top 3 Ports attacked:
135 http://www.speedguide.net/port.php?port=51413 (tcp,udp) e.g. https://www.speedguide.net/ip/1.174.250.129
8 http://www.speedguide.net/port.php?port=23 (tcp,udp) e.g. https://www.speedguide.net/ip/117.239.12.66
2 http://www.speedguide.net/port.php?port=1433 (tcp,udp) e.g. https://www.speedguide.net/ip/104.192.111.12
Top 3 attackers:
1 https://www.speedguide.net/ip/1.174.250.129
1 https://www.speedguide.net/ip/117.239.12.66
1 https://www.speedguide.net/ip/104.192.111.12
admin@RT-AC3100-0000:/jffs/scripts# ./IPSET_Block.sh init reset ipset
v4.03 © 2016-2017 Martineau, Dynamic IPSET Blocking.....
IPSETs: 'Blacklist*/Whitelist*' created empty - reset!
Restoring permanently banned I/P addresses to Blacklist from '/mnt/ASUS/IPSET_Logs/IPSET_Block.config.add'.....
Bad argument `59'
Try `iptables -h' or 'iptables --help' for more information.
Summary Blacklist: 0+0 Successful blocks! ( 0 IPs currently banned - 0 added ), Entries auto-expire after 7 days 00:00:00hrs
v2.06 © 2016-2017 Martineau, Hacker Port attacks Report.....
Scanning /tmp/syslog.log for ANY interface (IN=eth0) violations, please wait.....
1261 records scanned from Syslog ('/tmp/syslog.log')
25 May 12:26:24: # Unique Ports attacked via ANY interface: 8 (out of 152 attempts) tracked via SYSLOG, May 25 11:53:11 - May 25 12:26:24
Top 3 Ports attacked:
131 http://www.speedguide.net/port.php?port=51413 e.g. https://www.speedguide.net/ip/1.204.101.188
11 http://www.speedguide.net/port.php?port=23 e.g. https://www.speedguide.net/ip/122.116.73.161
3 http://www.speedguide.net/port.php?port=1433 e.g. https://www.speedguide.net/ip/103.236.254.83
Top 3 attackers:
1 https://www.speedguide.net/ip/1.204.101.188
1 https://www.speedguide.net/ip/122.116.73.161
1 https://www.speedguide.net/ip/103.236.254.83
Last 3 most recent attackers:
https://www.speedguide.net/ip/189.200.48.67
https://www.speedguide.net/ip/1.204.101.188
https://www.speedguide.net/ip/45.76.25.206
also the output from the status:
admin@RT-AC3100-0000:/jffs/scripts# ./IPSET_Block.sh status
v4.03 © 2016-2017 Martineau, Dynamic IPSET Blocking.....
Name: Blacklist Name: Whitelist Name: BlacklistTRK
Type: hash:ip Type: hash:net Type: hash:net,port
Revision: 0 Revision: 0 Revision: 1
Header: family inet hashsize 8192 maxelem 65536 timeout 604800 Header: family inet hashsize 1024 maxelem 65536 Header: family inet hashsize 1024 maxelem 65536 timeout 604800
Size in memory: 328088 Size in memory: 8532 Size in memory: 15028
References: 3 References: 2 References: 2
Members: Members: Members:
(Total=19357) (Total=1) (Total=150)
Summary Blacklist: 82+0 Successful blocks! ( 19334 IPs currently banned - 23 added ), Entries auto-expire after 7 days 00:00:00hrs
v2.06 © 2016-2017 Martineau, Hacker Port attacks Report.....
Retrieving IPSET BlacklistTRK data for 'eth0' violations, please wait.....
150 members retrieved from IPSET (BlacklistTRK - Entries auto-expire after 7 days 00:00:00 hrs)
25 May 12:44:45: # Unique Ports attacked via 'eth0': 8 (out of 150 attempts) tracked via IPSET
Top 3 Ports attacked:
135 http://www.speedguide.net/port.php?port=51413 (tcp,udp) e.g. https://www.speedguide.net/ip/1.174.250.129
8 http://www.speedguide.net/port.php?port=23 (tcp,udp) e.g. https://www.speedguide.net/ip/117.239.12.66
2 http://www.speedguide.net/port.php?port=1433 (tcp,udp) e.g. https://www.speedguide.net/ip/104.192.111.12
Top 3 attackers:
1 https://www.speedguide.net/ip/1.174.250.129
1 https://www.speedguide.net/ip/117.239.12.66
1 https://www.speedguide.net/ip/104.192.111.12
Last edited: