From 31d67ed735f8ad01c96f8250630d533eb0d11e90 Mon Sep 17 00:00:00 2001
From: Manuel Friedli <manuel@fritteli.ch>
Date: Thu, 17 Sep 2020 11:46:38 +0200
Subject: [PATCH] Add a script to scrape all IP addresses and group and count
 them.

---
 .gitignore                      |  1 +
 mitigate-ddos/ddos-mitigator.sh | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+)
 create mode 100644 .gitignore
 create mode 100755 mitigate-ddos/ddos-mitigator.sh

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..b25c15b
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+*~
diff --git a/mitigate-ddos/ddos-mitigator.sh b/mitigate-ddos/ddos-mitigator.sh
new file mode 100755
index 0000000..8e8a1da
--- /dev/null
+++ b/mitigate-ddos/ddos-mitigator.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+input_files=/var/log/apache2/access_*.log
+
+tmpdir=$(mktemp -d)
+cd "${tmpdir}"
+
+cut -d' ' -f1 ${input_files} | sort > all.txt
+
+grep ':' all.txt > raw-ipv6.txt
+grep -v ':' all.txt > raw-ipv4.txt
+
+uniq -c raw-ipv6.txt | sort -n > sorted-ipv6.txt
+uniq -c raw-ipv4.txt | sort -n > sorted-ipv4-32.txt
+cut -d. -f1-3 raw-ipv4.txt | sort | uniq -c | sort -n > sorted-ipv4-24.txt
+cut -d. -f1-2 raw-ipv4.txt | sort | uniq -c | sort -n > sorted-ipv4-16.txt
+cut -d. -f1 raw-ipv4.txt | sort | uniq -c | sort -n > sorted-ipv4-8.txt
+
+echo "Have fun in ${tmpdir}!"