ezproxy-abuse-checker

Perl + shell scripts that actively monitors ezproxy log file for vacuum attack.

File Manifest:

crontab.dat - this is the cron file used to run the abuse checker every 10 minutes. (tune the frequency to your liking)
count_sessions_tail.pl - this runs against
- requires a geo IP file /opt/ezproxy/GeoLiteCity.dat download from: http://www.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz and decompress
check_abuse_tail.pl - blocks and kill session of all ezproxy log lines sent to this (used to search for IEEE token and other easily identifiable abuses detected via grep)
block_user.pl - blocks ezproxy user by editing user.txt also kills ezproxy session
- usage block_user.pl user_id session_id
- this is automatically called by check_abuse_tail.pl
abuse_checker_cron.sh - script which pipes the last 10,000 lines of the ezproxy log into the abuse checker and the IEEE token checker

Provide feedback

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
LICENSE		LICENSE
README.md		README.md
abuse_checker_cron.sh		abuse_checker_cron.sh
block_user.pl		block_user.pl
check_abuse_tail.pl		check_abuse_tail.pl
count_sessions_tail.pl		count_sessions_tail.pl
crontab.dat		crontab.dat
user.txt		user.txt