Black listing, or null routing, an IP address could have undesired side effects. As always it is best to do default deny policy but in cases where that is not possible, this can be used as an alternative.
Sites used in the script:
# Let's grab the daily malware lists and save them into a sorted file...
wget -i /root/Malware/websites-to-download.txt --no-check-certificate -O /root/Malware/malwaresites-blacklist-ipaddy.txt
cat /root/Malware/malwaresites-blacklist-ipaddy.txt | sed 's/[ \t]*$//' | sort | uniq > /root/Malware/evil-ipaddy-list-$DATE.txt
# We are going to take the sorted file and look for any new IPs, if they appear then we'll mail the changes out
if [ -e /root/Malware/evil-ipaddy-list-$DATE.txt ]; then
comm -13 /root/Malware/previous-ipaddy-scan.txt /root/Malware/evil-ipaddy-list-$DATE.txt > /root/Malware/evilness_for_$DATE.txt
sendEmail -f firstname.lastname@example.org -t email@example.com -u $DATE Daily Evil IP Address BlockList -o message-file=/root/Malware/evilness_for_$DATE.txt -s ex-smtp.somedomain.com:25
# Once we are done with today's sorted file, we are going to save it for later comparison
ln -sf /root/Malware/evil-ipaddy-list-$DATE.txt /root/Malware/previous-ipaddy-scan.txt