Anti-DDoS script implemented by python

Source: Internet
Author: User
The principle is to query the number of netstat connections. if the same IP address exceeds a certain connection, iptables is used to block the connection for a certain period of time, automatic blocking and automatic unblocking are enabled. This blog can be said that even the opening remarks can be saved. the reason for DDoS attacks is not because the Mad Dog is chased and bitten, but because the traffic is full to simplecd after the VC tragedy.
What's more, some dummies are capturing websites, and some dummies are downloading with thunder. the port of Mbps has been running at full capacity for more than a decade. What is this concept? 1000 Mbps full load for one day, the traffic is GB, so it won't take long for me to wait for a ticket with hundreds of knives, tears.
In addition, the speed of Mbps makes the hard drive quickly unable to move, seriously dragging the website's response speed, so I am waiting to die. I thought that when VC got down for a day, the people who got caught on the website were in a state of disability for a week and a half (those guys, including me, sweated ). Simplecd is even more difficult to support.
In fact, this human DDoS attack is more difficult to distinguish and prevent than normal DDoS attacks, but it can only be done by humans. I wrote a python script to prevent DDoS attacks by referring to some articles, add cron for execution every minute.
The principle is to query the number of netstat connections. if the same IP address exceeds a certain connection, iptables is used to block the connection for a certain period of time, automatic blocking and automatic unblocking are enabled.

The code is as follows:


From subprocess import Popen, PIPE
Import re
Import time
Import sqlite3
CONCURRENCY_ALLOWED = 30
OUTDATE_TIME = 86400
# Initializing database
Db = sqlite3.connect ("/tmp/ddos. db3 ")
C = db. cursor ()
Try:
C.exe cute ("create table ddos (ip text unique, date integer );")
Except t:
Print "database exists"
# Blocking ips has more than CONCURRENCY_ALLOWED connections
Pipe = Popen ("netstat-ntu | awk '{print $5}' | cut-d: -f1 | sort | uniq-c | sort-n>/tmp/ddos.txt ", shell = True, bufsize = 1024, stdout = PIPE ). stdout
# Ddos = pipe. read ()
Ddos = open ("/tmp/ddos.txt"). read ()
Ct = re. compile (r "(\ S +) \ s + (\ S +). * \ n"). findall (ddos)
For count, ip in ct:
If int (count)> CONCURRENCY_ALLOWED and (ip! = "127.0.0.1") and (not ip. startswith ("192.168 ")):
Out = Popen ("iptables-I INPUT-s % s-j DROP" % ip, shell = True, bufsize = 1024, stdout = PIPE). stdout
Print "blocking % s for % s visits" % (ip, count)
C.exe cute ('replace into ddos values (?,?) ', (Ip, int (time. time ())))
Time. sleep (0.1)
Db. commit ()
# Unblocking outdated blockings
C.exe cute ("select * from ddos ")
Ddos = c. fetchall ()
For ip, date in ddos:
If date + OUTDATE_TIME <time. time ():
C.exe cute ("delete from ddos where ip =? ", (Ip ,))
Print "unblocking % s" % ip
Out = Popen ("iptables-d input-s % s-j DROP" % ip, shell = True, bufsize = 1024, stdout = PIPE). stdout
Time. sleep (0.1)
Db. commit ()


Currently, the effect of this script is 0, with more than 500 people blocked, but it is still full, it is terrible.
Updated on the 24th:
At the same time, using this script, and transferring the desktop version of the site to a 10 M unlimited place, it seems that the world is too peaceful ?)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.