Python implementation of the anti ddos script
- 2020-04-02 09:29:36
- OfStack
This blog can be said even the prologue can be omitted, the reason is DDoS, not because the mad dog was chased by the bite, but because the VC tragedy after the flow to simplecd.
Not only that, some idiots are grabbing the station, some idiots are using thunderbolt download, 100Mbps port has been operating at full capacity for more than 10 hours, what is this concept? 100Mbps full load one day, the flow is 1000 grams, so it won't be long, I can wait for hundreds of dollars of tickets, tears.
In addition, the speed of 100Mbps makes the hard disk can not move fast, seriously drag the website response speed, card I want to die. Back in the day when VC hung up and the guys in the station crippled me for a week and a half (those guys included me, khan). Simplecd is even less sustainable.
In fact, this kind of human flesh DDoS is more difficult to distinguish and prevent than the normal DDoS, but also can only do all the personnel, resigned to the fate of some articles wrote a python DDoS prevention script, add cron can be executed every minute.
The principle is to query the number of connections of netstat, with IP more than a certain connection with iptables for a certain amount of time, automatic closure, automatic unclosure.
So far this script is 0, it's blocked over 500 people, but it's still full speed, it's horrible.
Last update on 24:
With this script and the addition of moving the desktop site to a place with 10 MB unlimited, it seems like the world is at peace.
(link: https://www.jb51.net/upload/201102/20110208232420530.png)
Not only that, some idiots are grabbing the station, some idiots are using thunderbolt download, 100Mbps port has been operating at full capacity for more than 10 hours, what is this concept? 100Mbps full load one day, the flow is 1000 grams, so it won't be long, I can wait for hundreds of dollars of tickets, tears.
In addition, the speed of 100Mbps makes the hard disk can not move fast, seriously drag the website response speed, card I want to die. Back in the day when VC hung up and the guys in the station crippled me for a week and a half (those guys included me, khan). Simplecd is even less sustainable.
In fact, this kind of human flesh DDoS is more difficult to distinguish and prevent than the normal DDoS, but also can only do all the personnel, resigned to the fate of some articles wrote a python DDoS prevention script, add cron can be executed every minute.
The principle is to query the number of connections of netstat, with IP more than a certain connection with iptables for a certain amount of time, automatic closure, automatic unclosure.
from subprocess import Popen,PIPE
import re
import time
import sqlite3
CONCURRENCY_ALLOWED = 30
OUTDATE_TIME = 86400
# initializing database
db = sqlite3.connect("/tmp/ddos.db3")
c = db.cursor()
try:
c.execute("create table ddos (ip text unique,date integer);")
except:
print "database exists"
# blocking ips has more than CONCURRENCY_ALLOWED connections
pipe = Popen("netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n > /tmp/ddos.txt",shell=True,bufsize=1024,stdout=PIPE).stdout
#ddos = pipe.read()
ddos = open("/tmp/ddos.txt").read()
ct = re.compile(r"(S+)s+(S+).*n").findall(ddos)
for count,ip in ct:
if int(count)>CONCURRENCY_ALLOWED and (ip != "127.0.0.1") and (not ip.startswith("192.168")):
out = Popen("iptables -I INPUT -s %s -j DROP"%ip,shell=True,bufsize=1024,stdout=PIPE).stdout
print "blocking %s for %s visits" % (ip,count)
c.execute('replace into ddos values (?,?)',(ip,int(time.time())))
time.sleep(0.1)
db.commit()
# unblocking outdated blockings
c.execute("select * from ddos")
ddos = c.fetchall()
for ip,date in ddos:
if date + OUTDATE_TIME < time.time():
c.execute("delete from ddos where ip=?",(ip,))
print "unblocking %s" % ip
out = Popen("iptables -D INPUT -s %s -j DROP"%ip,shell=True,bufsize=1024,stdout=PIPE).stdout
time.sleep(0.1)
db.commit()
So far this script is 0, it's blocked over 500 people, but it's still full speed, it's horrible.
Last update on 24:
With this script and the addition of moving the desktop site to a place with 10 MB unlimited, it seems like the world is at peace.
(link: https://www.jb51.net/upload/201102/20110208232420530.png)