v-thomp4 · April 20, 2016 18:02
diff --git a/blockip_ddos.py b/blockip_ddos.py
 #! coding: utf-8

 import sys
 import socket
 import time
 import commands
 import datetime


 GOOD_IPv4_PREFIXES = [
    # Cloudflare
    '103.21.244.',
    '103.22.200.',
    '103.31.4.',
    '104.16.0.',
    '108.162.192.',
    '141.101.64.',
    '162.158.0.',
    '172.64.0.',
    '173.245.48.',
    '188.114.96.',
    '190.93.240.',
    '197.234.240.',
    '198.41.128.',
    '199.27.128.',

    # DuckDuckBot
    '72.94.249.34',
    '72.94.249.35',
    '72.94.249.36',
    '72.94.249.37',
    '72.94.249.38',

    # Facebook Crawler
    # https://developers.facebook.com/docs/ApplicationSecurity/#facebook_scraper
    # http://stackoverflow.com/a/11884655
    # whois -h whois.radb.net '!gAS32934'
    '103.4.',
    '173.252.',
    '179.60.',
    '204.15.',
    '31.13.',
    '45.64.',
    '66.220.',
    '69.171.',
    '69.63.',
    '74.119.'
 ]

 GOOD_BOTS = [
    '.googlebot.com', '.google.com',
    '.search.msn.com',
    '.crawl.baidu.com',
    '.yandex.ru', '.yandex.net', '.yandex.com',
 ]


 def is_good_ip(ip):
    for prefix in GOOD_IPv4_PREFIXES:
        if ip.startswith(prefix):
            return True

    try:
        ptrdname = socket.gethostbyaddr(ip)[0]
    except Exception:
        return False

    for s in GOOD_BOTS:
        if ptrdname.endswith(s):
            return True

    return False


 if __name__ == '__main__':

    LOG_FILE = sys.argv[1]

    timestamp = (datetime.datetime.now() - datetime.timedelta(minutes=1))

    output = commands.getoutput(
        'cat {} | grep {} | cut -d" " -f1 | sort | uniq -c | sort -nr'
        .format(LOG_FILE, timestamp.strftime('%d/%b/%Y:%H:%M'))
    )

    lines = output.splitlines()
    for line in lines:
        count, ip = line.split()
        if int(count) >= 50:
            print line
            
            elif is_good_ip(ip):
                continue
            else:
                if commands.getoutput('iptables -nL | grep {}'.format(ip)):
                    continue
                else:
                    commands.getoutput('iptables -I INPUT -s {} -j DROP'
                                       .format(ip))
	#! coding: utf-8

	import sys
	import socket
	import time
	import commands
	import datetime


	GOOD_IPv4_PREFIXES = [
	# Cloudflare
	'103.21.244.',
	'103.22.200.',
	'103.31.4.',
	'104.16.0.',
	'108.162.192.',
	'141.101.64.',
	'162.158.0.',
	'172.64.0.',
	'173.245.48.',
	'188.114.96.',
	'190.93.240.',
	'197.234.240.',
	'198.41.128.',
	'199.27.128.',

	# DuckDuckBot
	'72.94.249.34',
	'72.94.249.35',
	'72.94.249.36',
	'72.94.249.37',
	'72.94.249.38',

	# Facebook Crawler
	# https://developers.facebook.com/docs/ApplicationSecurity/#facebook_scraper
	# http://stackoverflow.com/a/11884655
	# whois -h whois.radb.net '!gAS32934'
	'103.4.',
	'173.252.',
	'179.60.',
	'204.15.',
	'31.13.',
	'45.64.',
	'66.220.',
	'69.171.',
	'69.63.',
	'74.119.'
	]

	GOOD_BOTS = [
	'.googlebot.com', '.google.com',
	'.search.msn.com',
	'.crawl.baidu.com',
	'.yandex.ru', '.yandex.net', '.yandex.com',
	]


	def is_good_ip(ip):
	for prefix in GOOD_IPv4_PREFIXES:
	if ip.startswith(prefix):
	return True

	try:
	ptrdname = socket.gethostbyaddr(ip)[0]
	except Exception:
	return False

	for s in GOOD_BOTS:
	if ptrdname.endswith(s):
	return True

	return False


	if __name__ == '__main__':

	LOG_FILE = sys.argv[1]

	timestamp = (datetime.datetime.now() - datetime.timedelta(minutes=1))

	output = commands.getoutput(
	'cat {} \| grep {} \| cut -d" " -f1 \| sort \| uniq -c \| sort -nr'
	.format(LOG_FILE, timestamp.strftime('%d/%b/%Y:%H:%M'))
	)

	lines = output.splitlines()
	for line in lines:
	count, ip = line.split()
	if int(count) >= 50:
	print line

	elif is_good_ip(ip):
	continue
	else:
	if commands.getoutput('iptables -nL \| grep {}'.format(ip)):
	continue
	else:
	commands.getoutput('iptables -I INPUT -s {} -j DROP'
	.format(ip))