Prevent DDos attacks using Python

This weekend, it was a headache. The website suddenly couldn't be opened, and it was a tragedy to quickly connect remotely. ssh couldn't be connected, and it always timed out. The first response was ddos attacks.

The result of the connection to the data center is that the traffic is full. What's even more tragic is that there is no hardware firewall in the data center. There is no way to go to the data center and check the IP address, only a few IP addresses with more access can be checked out first.

However, this solution can only be used for a short period of time, but it won't take long before it can be solved. data centers without hardware firewalls cannot afford to be hurt. However, on weekends, data centers cannot be shelved and cannot be replaced, you have to do that first.

Ddos attacks on the Internet are very detailed, but it is really troublesome to prevent them without a hardware firewall, I want to write a script to check the number of requests from a specified IP address within a fixed period of time, and use iptables to disable the source of suspected attacks. No opinion is given. See anti-DDos attack in python

From subprocess import Popen, PIPE import re import time import sqlite3 CONCURRENCY_ALLOWED = 30 OUTDATE_TIME = 86400 # initializing database db = sqlite3.connect ("/tmp/ddos. db3 ") c = db. cursor () try:

C.exe cute ("create table ddos (ip text unique, date integer);") failed t:

Print "database exists" # blocking ips has more than CONCURRENCY_ALLOWED connections pipe = Popen ("netstat-ntu | awk '{print $5}' | cut-d: -f1 | sort | uniq-c | sort-n>

/Tmp/ddos.txt ", shell = True, bufsize = 1024, stdout = PIPE ). stdout # ddos = pipe. read () ddos = open ("/tmp/ddos.txt "). read () ct = re. compile (r "(\ S +) \ s + (\ S + ). *"). findall (ddos) for count, ip in ct:

If int (count)> CONCURRENCY_ALLOWED and (ip! = "127.0.0.1") and (not ip. startswith ("192.168 ")):

Out = Popen ("iptables-I INPUT-s % s-j DROP" % ip, shell = True, bufsize = 1024, stdout = PIPE). stdout

Print "blocking % s for % s visits" % (ip, count)

C.exe cute ('replace into ddos values (?,?) ', (Ip, int (time. time ())))

Time. sleep (0.1) db. commit () # unblocking outdated blockings c.exe cute ("select * from ddos") ddos = c. fetchall () for ip, date in ddos:

If date + OUTDATE_TIME <time. time ():

C.exe cute ("delete from ddos where ip =? ", (Ip ,))

Print "unblocking % s" % ip

Out = Popen ("iptables-d input-s % s-j DROP" % ip, shell = True,

Bufsize = 1024, stdout = PIPE). stdout

Time. sleep (0.1) db. commit ()
You don't have to write it on your own. You have to change the IDC tomorrow, but you have to make the second-hand preparations. We suggest you find an IDC with a large size. You can't afford to lose the hardware measures.

Author: "Python anti-DDos attack"