diff --git a/ddos-mitigator/ddos-mitigator.sh b/ddos-mitigator/ddos-mitigator.sh deleted file mode 100755 index dfbc0f9..0000000 --- a/ddos-mitigator/ddos-mitigator.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh - -input_files=/var/log/apache2/access_*.log -date="20/Jun/2020:18" -tmpdir=$(mktemp -d) - -cd "${tmpdir}" - -grep -h "${date}" ${input_files} | cut -d' ' -f1 | sort > all.txt - -grep ':' all.txt > raw-ipv6.txt -grep -v ':' all.txt > raw-ipv4.txt - -uniq -c raw-ipv6.txt | sort -n > sorted-ipv6.txt -uniq -c raw-ipv4.txt | sort -n > sorted-ipv4-32.txt -cut -d. -f1-3 raw-ipv4.txt | sort | uniq -c | sort -n > sorted-ipv4-24.txt -cut -d. -f1-2 raw-ipv4.txt | sort | uniq -c | sort -n > sorted-ipv4-16.txt -cut -d. -f1 raw-ipv4.txt | sort | uniq -c | sort -n > sorted-ipv4-8.txt - -chmod o+rx "${tmpdir}" -echo "Have fun in ${tmpdir}!" - -grep -E '^ *[0-9]{4,5} ' "${tmpdir}/sorted-ipv4-32.txt" |tr -s '[:blank:]' | cut -d' ' -f3 - \ No newline at end of file diff --git a/ddos-mitigator/superscript.sh b/ddos-mitigator/superscript.sh index cbcda82..31ea6cf 100755 --- a/ddos-mitigator/superscript.sh +++ b/ddos-mitigator/superscript.sh @@ -30,6 +30,8 @@ file24="sorted-http-24.txt" file32="sorted-http-32.txt" # This file will contain the addresses to be banned. banlist="banlist.txt" +# This file contains the output of the last invocation of whois +whoisoutput="whois.txt" # These suffixes must be appended to the respective addresses and subnets. ext8=".0.0.0/8" @@ -185,6 +187,8 @@ function processFile () { local addr='' local banaction='' local nline=1 + local country_cn=1 + local source_apnic=1 # Read the contents from filedescriptor 3 (important: Don's use the # standard filedescriptor because we need to handle user input from # within the loop). @@ -193,7 +197,14 @@ function processFile () { count="$(echo "${line}" | cut -d' ' -f2)" addr="$(echo "${line}" | cut -d' ' -f3-)${ext}" setHilite "${count}" - whois "${addr}" + whois "${addr}" | tee "${whoisoutput}" + grep -iq "^country: *cn$" "${whoisoutput}" + country_cn=$? + grep -iq "^source: *apnic$" "${whoisoutput}" + source_apnic=$? + if [[ ${country_cn} -eq 0 && ${source_apnic} -eq 0 ]] ; then + echo -e "${red}Country = CN and source = APNIC!${reset}" + fi echo -en "Address ${bold}$((nline++)) of ${nlines}${reset}: \ Found '${blue}${addr}${reset}' ${hilite}${count}${reset} times. Ban [y/N/s=No, \ and skip remaining]? "