tiagofernandez · May 30, 2022 19:22
diff --git a/ddos_attackers.sh b/ddos_attackers.sh
 #! /bin/bash

 SEARCHED=$1
 if [ -z $SEARCHED ]; then
 	SEARCHED=/api/flights/fares
 fi

 echo "Protecting $SEARCHED"

 echo "Reading:"
 ls /var/log/app/nginx-rp-access.log* | grep -v '.gz'
 echo

 ls /var/log/app/nginx-rp-access.log* | grep -v '.gz' | xargs /usr/local/bin/offenders.py > /tmp/offenders.new
 comm -23 /tmp/offenders.new /etc/nginx/blockip.conf > /tmp/offenders

 echo "Found "`cat /tmp/offenders | wc -l`" new offenders"
 echo "We knew of "`cat /etc/nginx/blockip.conf | wc -l`" offenders"

 rm /tmp/$USER.ips_to_block
 sed -e 's/deny *\(.*\);/\1/' /tmp/offenders.new | while read ip; do
 	echo "${ip}"
 	echo "${ip}" >> /tmp/$USER.ips_to_block
 	trackdown ${ip}
 done

 NOFF=`cat /tmp/offenders.new | wc -l`

 echo
 cat /tmp/offenders.new /etc/nginx/blockip.conf | sort | uniq > /tmp/$USER.blockip.conf
 echo "sudo cp /tmp/$USER.blockip.conf /etc/nginx/blockip.conf && sudo service nginx reload"

 rm /tmp/offenders.new /tmp/offenders

 exit ${NOFF}
diff --git a/hlview.sh b/hlview.sh
 #! /bin/bash

 echo "*** pages most used" 
 ls /var/log/app/nginx-rp-access.log* | grep -v '.gz' | xargs cat | awk '{print $5}' | sed -e 's@\(.*\)?.*@\1@' | sort | uniq -c | sort -rn | head -15

 echo "*** potential offenders"
 TOTAL=`ls /var/log/app/nginx-rp-access.log* | grep -v '.gz' | xargs cat | wc -l`
 echo " pages % IP" 
 ls /var/log/app/nginx-rp-access.log* | grep -v '.gz' | xargs cat | awk '{print $1}' | sort | uniq -c | sort -rn | head -30 | awk -v t=$TOTAL '{ p=100*$1/t; print $1, p, $2; }'
diff --git a/nginx.conf b/nginx.conf
 limit_req_zone $binary_remote_addr zone=fares:10m rate=10r/m;

 log_format timed_combined '$remote_addr [$time_local] '
    '"$request" $status $body_bytes_sent '
    '"$http_referer" "$http_user_agent" '
    '$request_time $upstream_response_time $pipe';

 server {
    listen 80 default;
    server_name www.app;

    location /nginx_status {
        # Turn on stats
        stub_status on;
        access_log   off;
        allow 127.0.0.1;
        deny all;
    }

    location / {
        rewrite ^ https://$server_name$request_uri? permanent;
    }
 }

 server {
    # listen 80;
    listen 443 ssl;
    ssl_certificate /etc/app/www.app.chained.crt;
    ssl_certificate_key /etc/app/www.app.key;
    server_name www.app;
    client_max_body_size 4G;
    access_log /var/log/app/nginx-rp-access.log timed_combined;
    error_log /var/log/app/nginx-rp-error.log;
    gzip on;
    gzip_min_length 1000;
    gzip_types text/plain application/xml application/x-javascript text/css;
    gzip_vary on;
    gzip_proxied off;

    rewrite ^/plnext/meb/HomePageDispatcher.action?.* http://$server_name permanent;

    location /cms {
        rewrite ^/cms(.*) https://$server_name:8443/admin/login permanent;
    }
    location /static/img/lib {
        root /var/www/data/;
        expires 1y;
        error_page 404 = @upload;
    }
    location /static/img/libhd {
        root /var/www/data/;
        expires 1y;
        error_page 404 = @upload;
    }
    location /static/img {
        root /var/www/data/;
        expires 1y;
        error_page 404 = @upload;
    }
    location /static/upload {
        root /var/www/data/;
        expires 1y;
        error_page 404 = @upload;
    }
    location /static/ {
        root /var/www/data/;
        expires 30d;
        error_page 404 = @upload;
    }
    location /media/ {
        root /var/www/media/;
        error_page 404 = @upload;
    }
    location @upload {
        internal;
        proxy_pass           http://10.2.212.129:8080;
        proxy_connect_timeout 5s;
        proxy_read_timeout    10s;
        proxy_store          on;
        proxy_store_access   user:rw  group:rw  all:r;
        proxy_temp_path      /var/www/temp;
        root                 /var/www/data;
    }

    location ~ ^/google.*\.html$ {
        root /var/www/data/google/;
    }

    # NLP service
    location /nlp/ {
       rewrite ^/nlp/(.*) /api/$1 break;
       proxy_pass http://10.2.212.130:8088;
    }

    location /api/flights {
        # Apply rate limitings
        limit_req zone=fares burst=5;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
 	proxy_redirect off;
        proxy_connect_timeout 30s;
        proxy_read_timeout    60s;
        if (!-f $request_filename) {
            proxy_pass http://10.2.212.129:80;
            break;
        }
    }

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_redirect off;
        proxy_connect_timeout 30s;
        proxy_read_timeout    60s;
        if (!-f $request_filename) {
            proxy_pass http://10.2.212.129:80;
            break;
        }
    }
    
    location /nginx_status {
        # Turn on stats
        stub_status on;
        access_log   off;
 	allow 127.0.0.1;
 	deny all;
    }

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /var/www/data/;
    }
    error_page 404 /404.html;
    location = /404.html {
        root /var/www/data/;
    }
 }

 server {
    listen 8443 ssl;
    ssl_certificate /etc/app/www.app.chained.crt;
    ssl_certificate_key /etc/app/www.app.key;
    server_name www.app;
    client_max_body_size 4G;
    access_log /var/log/app/nginx-rp-cms-access.log;
    error_log /var/log/app/nginx-rp-cms-error.log;
    gzip on;
    gzip_min_length 1000;
    gzip_types text/plain application/xml application/x-javascript text/css;
    gzip_vary on;
    gzip_proxied off;

    location / {
        proxy_pass http://10.2.212.129:8090/;
    }
 }
diff --git a/trackdown.sh b/trackdown.sh
 #! /bin/bash

 IP=$1

 echo "*** pages most used" 
 ls /var/log/app/nginx-rp-access.log* | grep -v '.gz' | xargs cat | egrep "^$IP" | awk '{print $5}' | sed -e 's@\(.*\)?.*@\1@' | sort | uniq -c | sort -rn | head -30
	#! /bin/bash

	SEARCHED=$1
	if [ -z $SEARCHED ]; then
	SEARCHED=/api/flights/fares
	fi

	echo "Protecting $SEARCHED"

	echo "Reading:"
	ls /var/log/app/nginx-rp-access.log* \| grep -v '.gz'
	echo

	ls /var/log/app/nginx-rp-access.log* \| grep -v '.gz' \| xargs /usr/local/bin/offenders.py > /tmp/offenders.new
	comm -23 /tmp/offenders.new /etc/nginx/blockip.conf > /tmp/offenders

	echo "Found "`cat /tmp/offenders \| wc -l`" new offenders"
	echo "We knew of "`cat /etc/nginx/blockip.conf \| wc -l`" offenders"

	rm /tmp/$USER.ips_to_block
	sed -e 's/deny \(.\);/\1/' /tmp/offenders.new \| while read ip; do
	echo "${ip}"
	echo "${ip}" >> /tmp/$USER.ips_to_block
	trackdown ${ip}
	done

	NOFF=`cat /tmp/offenders.new \| wc -l`

	echo
	cat /tmp/offenders.new /etc/nginx/blockip.conf \| sort \| uniq > /tmp/$USER.blockip.conf
	echo "sudo cp /tmp/$USER.blockip.conf /etc/nginx/blockip.conf && sudo service nginx reload"

	rm /tmp/offenders.new /tmp/offenders

	exit ${NOFF}
	#! /bin/bash

	echo "*** pages most used"
	ls /var/log/app/nginx-rp-access.log* \| grep -v '.gz' \| xargs cat \| awk '{print $5}' \| sed -e 's@\(.\)?.@\1@' \| sort \| uniq -c \| sort -rn \| head -15

	echo "*** potential offenders"
	TOTAL=`ls /var/log/app/nginx-rp-access.log* \| grep -v '.gz' \| xargs cat \| wc -l`
	echo " pages % IP"
	ls /var/log/app/nginx-rp-access.log* \| grep -v '.gz' \| xargs cat \| awk '{print $1}' \| sort \| uniq -c \| sort -rn \| head -30 \| awk -v t=$TOTAL '{ p=100*$1/t; print $1, p, $2; }'
	limit_req_zone $binary_remote_addr zone=fares:10m rate=10r/m;

	log_format timed_combined '$remote_addr [$time_local] '
	'"$request" $status $body_bytes_sent '
	'"$http_referer" "$http_user_agent" '
	'$request_time $upstream_response_time $pipe';

	server {
	listen 80 default;
	server_name www.app;

	location /nginx_status {
	# Turn on stats
	stub_status on;
	access_log off;
	allow 127.0.0.1;
	deny all;
	}

	location / {
	rewrite ^ https://$server_name$request_uri? permanent;
	}
	}

	server {
	# listen 80;
	listen 443 ssl;
	ssl_certificate /etc/app/www.app.chained.crt;
	ssl_certificate_key /etc/app/www.app.key;
	server_name www.app;
	client_max_body_size 4G;
	access_log /var/log/app/nginx-rp-access.log timed_combined;
	error_log /var/log/app/nginx-rp-error.log;
	gzip on;
	gzip_min_length 1000;
	gzip_types text/plain application/xml application/x-javascript text/css;
	gzip_vary on;
	gzip_proxied off;

	rewrite ^/plnext/meb/HomePageDispatcher.action?.* http://$server_name permanent;

	location /cms {
	rewrite ^/cms(.*) https://$server_name:8443/admin/login permanent;
	}
	location /static/img/lib {
	root /var/www/data/;
	expires 1y;
	error_page 404 = @upload;
	}
	location /static/img/libhd {
	root /var/www/data/;
	expires 1y;
	error_page 404 = @upload;
	}
	location /static/img {
	root /var/www/data/;
	expires 1y;
	error_page 404 = @upload;
	}
	location /static/upload {
	root /var/www/data/;
	expires 1y;
	error_page 404 = @upload;
	}
	location /static/ {
	root /var/www/data/;
	expires 30d;
	error_page 404 = @upload;
	}
	location /media/ {
	root /var/www/media/;
	error_page 404 = @upload;
	}
	location @upload {
	internal;
	proxy_pass http://10.2.212.129:8080;
	proxy_connect_timeout 5s;
	proxy_read_timeout 10s;
	proxy_store on;
	proxy_store_access user:rw group:rw all:r;
	proxy_temp_path /var/www/temp;
	root /var/www/data;
	}

	location ~ ^/google.*\.html$ {
	root /var/www/data/google/;
	}

	# NLP service
	location /nlp/ {
	rewrite ^/nlp/(.*) /api/$1 break;
	proxy_pass http://10.2.212.130:8088;
	}

	location /api/flights {
	# Apply rate limitings
	limit_req zone=fares burst=5;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_redirect off;
	proxy_connect_timeout 30s;
	proxy_read_timeout 60s;
	if (!-f $request_filename) {
	proxy_pass http://10.2.212.129:80;
	break;
	}
	}

	location / {
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_set_header X-Forwarded-Protocol $scheme;
	proxy_redirect off;
	proxy_connect_timeout 30s;
	proxy_read_timeout 60s;
	if (!-f $request_filename) {
	proxy_pass http://10.2.212.129:80;
	break;
	}
	}

	location /nginx_status {
	# Turn on stats
	stub_status on;
	access_log off;
	allow 127.0.0.1;
	deny all;
	}

	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
	root /var/www/data/;
	}
	error_page 404 /404.html;
	location = /404.html {
	root /var/www/data/;
	}
	}

	server {
	listen 8443 ssl;
	ssl_certificate /etc/app/www.app.chained.crt;
	ssl_certificate_key /etc/app/www.app.key;
	server_name www.app;
	client_max_body_size 4G;
	access_log /var/log/app/nginx-rp-cms-access.log;
	error_log /var/log/app/nginx-rp-cms-error.log;
	gzip on;
	gzip_min_length 1000;
	gzip_types text/plain application/xml application/x-javascript text/css;
	gzip_vary on;
	gzip_proxied off;

	location / {
	proxy_pass http://10.2.212.129:8090/;
	}
	}
	#! /bin/bash

	IP=$1

	echo "*** pages most used"
	ls /var/log/app/nginx-rp-access.log* \| grep -v '.gz' \| xargs cat \| egrep "^$IP" \| awk '{print $5}' \| sed -e 's@\(.\)?.@\1@' \| sort \| uniq -c \| sort -rn \| head -30