diff --git a/modules/security/live-attack-monitor-v2.sh b/modules/security/live-attack-monitor-v2.sh index 4de62fb..18d280b 100755 --- a/modules/security/live-attack-monitor-v2.sh +++ b/modules/security/live-attack-monitor-v2.sh @@ -3183,6 +3183,10 @@ auto_mitigation_engine() { while true; do sleep 10 + # Batch blocking arrays (collect IPs, block in batches of 50) + local -a batch_instant=() + local -a batch_critical=() + # Read current IP data from snapshot file (updated by main process) if [ -f "$TEMP_DIR/ip_data" ]; then while IFS='=' read -r ip data; do @@ -3202,44 +3206,39 @@ auto_mitigation_engine() { # Mark as blocked BLOCKED_THIS_SESSION[$ip]=1 - # Instant IPset block + # Add to instant batch + batch_instant+=("$ip") + + # Log event local time_str=$(date +"%H:%M:%S") echo -e "${CRITICAL_COLOR}[${time_str}] INSTANT_BLOCK | $ip | Score:100 | ${attacks}${NC}" >> "$TEMP_DIR/recent_events" - - # Get detailed block reason - local block_reason="INSTANT AUTO-BLOCK: Score=100 Attacks=${attacks}" - if [ -f "$TEMP_DIR/block_reason_${ip//\./_}" ]; then - local intel_reason=$(cat "$TEMP_DIR/block_reason_${ip//\./_}") - block_reason="${block_reason} Intel:${intel_reason}" - fi - - # Instant block via quick_block_ip (uses IPset for speed) - quick_block_ip "$ip" "$block_reason" & continue fi # Auto-block at score >= 80 (CRITICAL) if [ "${score:-0}" -ge 80 ]; then - # Mark as blocked to prevent duplicate attempts + # Mark as blocked BLOCKED_THIS_SESSION[$ip]=1 - # Auto-block + # Add to critical batch + batch_critical+=("$ip") + + # Log event local time_str=$(date +"%H:%M:%S") echo -e "${CRITICAL_COLOR}[${time_str}] AUTO_BLOCK | $ip | Score:$score | ${attacks}${NC}" >> "$TEMP_DIR/recent_events" - - # Get detailed block reason - local block_reason="Auto-block: Score=$score Attacks=${attacks}" - if [ -f "$TEMP_DIR/block_reason_${ip//\./_}" ]; then - local intel_reason=$(cat "$TEMP_DIR/block_reason_${ip//\./_}") - block_reason="${block_reason} Intel:${intel_reason}" - fi - - # Block for 1 hour with detailed reason - # Block in background and counter is updated within function - block_ip_temporary "$ip" 1 "$block_reason" & fi done < "$TEMP_DIR/ip_data" fi + + # BATCH BLOCK - Instant (score 100) + if [ ${#batch_instant[@]} -gt 0 ]; then + batch_block_ips "${batch_instant[@]}" & + fi + + # BATCH BLOCK - Critical (score 80-99) + if [ ${#batch_critical[@]} -gt 0 ]; then + batch_block_ips "${batch_critical[@]}" & + fi done ) & } diff --git a/modules/security/live-attack-monitor.sh b/modules/security/live-attack-monitor.sh index 4de62fb..18d280b 100755 --- a/modules/security/live-attack-monitor.sh +++ b/modules/security/live-attack-monitor.sh @@ -3183,6 +3183,10 @@ auto_mitigation_engine() { while true; do sleep 10 + # Batch blocking arrays (collect IPs, block in batches of 50) + local -a batch_instant=() + local -a batch_critical=() + # Read current IP data from snapshot file (updated by main process) if [ -f "$TEMP_DIR/ip_data" ]; then while IFS='=' read -r ip data; do @@ -3202,44 +3206,39 @@ auto_mitigation_engine() { # Mark as blocked BLOCKED_THIS_SESSION[$ip]=1 - # Instant IPset block + # Add to instant batch + batch_instant+=("$ip") + + # Log event local time_str=$(date +"%H:%M:%S") echo -e "${CRITICAL_COLOR}[${time_str}] INSTANT_BLOCK | $ip | Score:100 | ${attacks}${NC}" >> "$TEMP_DIR/recent_events" - - # Get detailed block reason - local block_reason="INSTANT AUTO-BLOCK: Score=100 Attacks=${attacks}" - if [ -f "$TEMP_DIR/block_reason_${ip//\./_}" ]; then - local intel_reason=$(cat "$TEMP_DIR/block_reason_${ip//\./_}") - block_reason="${block_reason} Intel:${intel_reason}" - fi - - # Instant block via quick_block_ip (uses IPset for speed) - quick_block_ip "$ip" "$block_reason" & continue fi # Auto-block at score >= 80 (CRITICAL) if [ "${score:-0}" -ge 80 ]; then - # Mark as blocked to prevent duplicate attempts + # Mark as blocked BLOCKED_THIS_SESSION[$ip]=1 - # Auto-block + # Add to critical batch + batch_critical+=("$ip") + + # Log event local time_str=$(date +"%H:%M:%S") echo -e "${CRITICAL_COLOR}[${time_str}] AUTO_BLOCK | $ip | Score:$score | ${attacks}${NC}" >> "$TEMP_DIR/recent_events" - - # Get detailed block reason - local block_reason="Auto-block: Score=$score Attacks=${attacks}" - if [ -f "$TEMP_DIR/block_reason_${ip//\./_}" ]; then - local intel_reason=$(cat "$TEMP_DIR/block_reason_${ip//\./_}") - block_reason="${block_reason} Intel:${intel_reason}" - fi - - # Block for 1 hour with detailed reason - # Block in background and counter is updated within function - block_ip_temporary "$ip" 1 "$block_reason" & fi done < "$TEMP_DIR/ip_data" fi + + # BATCH BLOCK - Instant (score 100) + if [ ${#batch_instant[@]} -gt 0 ]; then + batch_block_ips "${batch_instant[@]}" & + fi + + # BATCH BLOCK - Critical (score 80-99) + if [ ${#batch_critical[@]} -gt 0 ]; then + batch_block_ips "${batch_critical[@]}" & + fi done ) & }