Defense DDOS Script in Python

This blind can say that the opening of the white can save, the reason why is DDOS, not because the mad dog is chased, but because the traffic is full of simplecd after the VC tragedy.

Not only that, some fans are grabbing, some fans are downloaded with Thunder, and the port of 100Mbps actually has a full load for more than a dozen hours. What is this concept? 100Mbps full load 1 day, the traffic is 1000g, so don’t take long, I can wait for the ticket for the hundred knives, tears.

In addition, the speed of 100 Mbps makes the hard disk can’t turn, and severely dragging down the response speed of the website, I want to die, I want to die. I wanted to hang a day in the year, and the guys who were captured and got a short-term (where those guys included me, sweat). SimpleCD can’t support it.

In fact, this kind of human flesh DDOS is more difficult to distinguish more than normal DDOS, but it can only do personnel, listen to life, refer to some articles written a script of Python from preventing DDOS, and add CRON per minute.

The principle of realization is to query the number of connections of NetStat, with IPTables to enable it for a certain period of time, automatic ban, automatic unifferent.

From Subprocess Import POPEN, PIPE

IMPORT RE

Import Time

Import SQLITE3

Concurrency_allowed 30

Outdate_time 86400

# ionizing database

DB SQLITE3.CONNECT (“/ TMP / DDOS.DB3”)

c db.cursor ()

TRY:

C.EXECUTE (“Create Table DDOS (IP Text Unique, Date Integer);”)

Except:

Print “Database EXISTS”

# blocking ips HAS More Than Concurrency_Allowed Connections

Pipe Popen (“NetStat -ntu | awk ‘{print $ 5}’ | cut -d: -f1 | sort | uniq -c | sort -n> /tmp/ddos.txt”, SHELLTRUE ,BUFSIZE 1024 ,stdoutpipe ).stdout

#ddos pipe.read ()

DDOS open (“/ tmp / ddos.txt”). Read ()

Ct Re.Compile (R “(S +) S + (S +). *”). Findall (DDoS)

For Count, IP IN CT:

IF INT> Concurrency_Allowed and (IP! “127.0.0.1”) and (not ip.startswith (“192.168”):

OUT POPEN (“iptables -i input -s% s -j drop”% IP, shelltrue, bufsize1024, stdoutpipe) .stdout

Print “Blocking% s for% s visits”% (IP, count)

C.EXECUTE (‘REPLACE INTO DDOS VALUES (IP, INT (Time.Time ()))))))))))))

Time.sleep (0.1)

db.commit ()

# UNBLOCKING OUTDATED BLOCKINGS

C.EXECUTE (“Select * from DDoS”)

DDoS C.FetChall ()

For IP, Date In DDOS:

if Date + Outdate_time

C.EXECUTE (“DELETE from DDOS WHERE IP?”, (IP,))

Print “UNBLOCKING% S”% iPout Popen (“iptables -d input -s% s -j drop”% IP, shelltrue, bufsize1024, stdoutpipe) .stdout

Time.sleep (0.1)

db.commit ()

At present, the effect of this script is 0, and it has sealed more than 500 people, but it is still full speed, it is terrible.

Updated 24 days:

At the same time, using this script, the spin of the desktop version of the site to a 10M unlimited place, it seems that the world is too peaceful (?)