环境准备:
1.安装python3.7和相关的依赖
并安装redis缓存数据库
pip install aliyun-python-sdk-core pip install aliyun-python-sdk-slb pip intall IPy pip intall redis pip intall paramiko
2.添加ram访问控制的编程接口用户
3.添加slb的访问控制策略并和需要频控的slb进行绑定
redis封堵ip的格式
脚本程序目录
Aliyun_SLB_Manager ├── helpers │ ├── common.py │ ├── email.py │ ├── remote.py │ └── slb.py ├── logs │ └── run_20210204.log └── run.py
# 程序核心就是使用shell命令对nginx的日志中出现的ip地址 和 访问的接口进行过滤,找出访问频繁的那些程序加入slb黑名单,同时加入redis缓存,因为slb有封堵ip个数限制,redis中存储的ip需要设置过期时间,对比后删除slb中封堵的Ip
# grep 04/Feb/2021:15:4 /data/www/logs/nginx_log/access/masterapi.chinasoft.cn_access.log | grep '/api' | awk '{print $1}' | sort | uniq -c | sort -r -n | head -200 2454 114.248.45.15 1576 47.115.122.23 1569 47.107.239.148 269 112.32.217.52 grep 04/Feb/2021:14:5 /data/www/logs/nginx_log/access/masterapi.chinasoft.cn_access.log | grep '/api' | awk '{print $1}' | awk -F ':' '{print $2}' | sort | uniq -c | sort -r -n | head -200 | awk '{if ($1 >15)print $1,$2}' [root@alisz-edraw-api-server-web01:~]# grep 04/Feb/2021:15:4 /data/www/logs/nginx_log/access/masterapi.chinasoft.cn_access.log | grep '/api' | awk '{print $1}' | sort | uniq -c | sort -r -n | head -3 2454 114.248.45.15 1576 47.115.122.23 1569 47.107.239.148
python脚本
主入口程序
run.py
import time from helpers.email import send_mail from helpers.remote import get_black_ips from helpers.common import is_white_ip,get_ban_ip_time,set_ban_ip_time,groups from helpers.slb import slb_add_host,slb_del_host,slb_get_host if __name__ == "__main__": # aliyun 访问控制针对 slb 的管理用户 # 用户登录名称 slb-frequency-user@xxx.onaliyun.com accessKeyId = 'id' accessSecret = 'pass' # slb 访问控制策略id acl_id = 'acl-slb' # reginid 查询地址:https://help.aliyun.com/document_detail/40654.html"denied:",denied_hosts) print("delete:",must_del_hosts) print("add:",deny_hosts_new) # exit() # 先删除一部分 must_del_hosts if(len(must_del_hosts)>0): if (len(must_del_hosts)>50): must_del_hosts_clone = groups(must_del_hosts,50) for item in must_del_hosts_clone: slb_del_host(item, accessKeyId, accessSecret, acl_id, region_id) time.sleep(1) else : slb_del_host(must_del_hosts, accessKeyId, accessSecret, acl_id, region_id) # 再新增 deny_hosts_new if(len(deny_hosts_new)>0): if(len(deny_hosts_new)>50): deny_hosts_new_clone = groups(deny_hosts_new,50) for item in deny_hosts_new_clone: slb_add_host(item, accessKeyId, accessSecret, acl_id, region_id) time.sleep(1) else: slb_add_host(deny_hosts_new, accessKeyId, accessSecret, acl_id, region_id) # 记录ip被禁时间 for host in deny_hosts_new: set_ban_ip_time(host) if (len(deny_hosts_new) >= 1): mail_content = '' if(len(must_del_hosts) > 0): mail_content += "以下黑名单已被解禁("+str(len(must_del_hosts))+"):\n"+"\n".join(must_del_hosts) + "\n" mail_content += "\n新增以下ip黑名单("+str(len(deny_hosts_new))+"):\n"+"\n".join(deny_hosts_new) mail_content += "\n\n10分钟访问超过15次("+str(len(hosts_with_count))+"):\n" for item in hosts_with_count: mail_content += str(item[1]) + " " + str(item[0]) + "\n" mail_content += "\n\n黑名单("+str(len(denied_hosts))+"个):\n" for item in denied_hosts: mail_content += str(item) + "\n" send_mail(mail_content , mails)
slb操作相关的脚本
slb.py
import logging , json from aliyunsdkcore.client import AcsClient from aliyunsdkslb.request.v20140515.AddAccessControlListEntryRequest import AddAccessControlListEntryRequest from aliyunsdkslb.request.v20140515.RemoveAccessControlListEntryRequest import RemoveAccessControlListEntryRequest from aliyunsdkslb.request.v20140515.DescribeAccessControlListAttributeRequest import DescribeAccessControlListAttributeRequest # 阿里云slb访问控制里添加ip def slb_add_host(hosts, accessKeyId, accessSecret, acl_id, region_id): client = AcsClient(accessKeyId, accessSecret, region_id) request = AddAccessControlListEntryRequest() request.set_accept_format('json') logging.info("正在封印IP:%s" % ",".join(hosts)) try: add_hosts = [] for host in hosts: add_hosts.append({"entry": host, "comment": "deny"}) request.set_AclEntrys(add_hosts) request.set_AclId(acl_id) response = client.do_action_with_exception(request) print(response) except BaseException as e: logging.error("添加黑名单失败,原因:%s" % e) # slb删除ip def slb_del_host(hosts, accessKeyId, accessSecret, acl_id , region_id = 'us-west-1'): logging.info("正在解封IP:%s" % ",".join(hosts)) try: del_hosts = [] for host in hosts: del_hosts.append({"entry": host, "comment": "deny"}) client = AcsClient(accessKeyId, accessSecret, region_id) request = RemoveAccessControlListEntryRequest() request.set_accept_format('json') request.set_AclEntrys(del_hosts) request.set_AclId(acl_id) client.do_action_with_exception(request) logging.info("slb删除IP:%s成功" % ",".join(hosts)) # 查看调用接口结果 logging.info("slb删除IP:%s成功" % ",".join(hosts)) # 查看调用接口结果 except BaseException as e: logging.error("移出黑名单失败,原因:%s" % e) # 阿里云slb获取IP黑名单列表 def slb_get_host(accessKeyId, accessSecret, acl_id, region_id): client = AcsClient(accessKeyId, accessSecret, region_id) request = DescribeAccessControlListAttributeRequest() request.set_accept_format('json') try: request.set_AclId(acl_id) response = client.do_action_with_exception(request) data_sub = json.loads((response.decode("utf-8"))) return data_sub except BaseException as e: logging.error("获取黑名单失败,原因:%s" % e)
远程操作日志的脚本
remote.py
#!/usr/bin/python # -*- coding: UTF-8 -*- import datetime import re import paramiko def get_black_ips(threshold = 100): # file = '/data/www/logs/nginx_log/access/*api*_access.log' file = '/data/www/logs/nginx_log/access/masterapi.chinasoft.cn_access.log' # 可以 ssh 访问服务器 nginx 日志的用户信息 username = 'apache' passwd = 'pass' ten_min_time = (datetime.datetime.now() - datetime.timedelta(minutes=10)).strftime("%d/%b/%Y:%H:%M") ten_min_time = ten_min_time[:-1] # 线上 需要对日志进行过滤的目标服务器,一般是内网ip,本地调试时可以直接使用外网ip方便调试 ssh_hosts = ['1.1.1.1'] deny_host_list = [] for host in ssh_hosts: ''' # 过滤日志文件,需要显示如下效果,次数 ip地址,需要定位具体的api接口,否则误伤率极高 # grep 04/Feb/2021:15:2 /data/www/logs/nginx_log/access/masterapi.chinasoft.cn_access.log | grep '/api' | awk '{print $1}' | sort | uniq -c | sort -r -n | head -5 | awk '{if ($1 >15)print $1,$2}' 2998 116.248.89.2 2381 114.248.45.15 1639 47.107.239.148 1580 47.115.122.23 245 59.109.149.45 ''' shell = ( # "grep %s %s | grep '/index.php") % ( # grep 04/Feb/2021:14:5 /data/www/logs/nginx_log/access/masterapi.chinasoft.cn_access.log | grep '/api/user' | awk '{print $1}' | awk -F ':' '{print $2}' | sort | uniq -c | sort -r -n | head -200 | awk '{if ($1 >15)print $1,$2}' "grep %s %s | grep '/api' | awk '{print $1}' | sort | uniq -c | sort -r -n | head -200 | awk '{if ($1 >2000)print $1,$2}'") % ( ten_min_time, file) print(shell) ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) ssh.connect(host, port=2020, username=username, password=passwd) stdin, stdout, stderr = ssh.exec_command(shell) result = stdout.read().decode(encoding="utf-8") deny_host_re = re.compile(r'\d{1,99} \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}') deny_host_re = deny_host_re.findall(result) deny_host_list = deny_host_list + deny_host_re uniq_host = {} for host_str in deny_host_list: tmp = host_str.split(' ') if tmp[1] in uniq_host: uniq_host[tmp[1]] += int(tmp[0]) else: uniq_host[tmp[1]] = int(tmp[0]) deny_host_list = [] for v in uniq_host: if (uniq_host[v] > threshold): deny_host_list.append(v) return [deny_host_list , uniq_host]
发送邮件的脚本
email.py
#!/usr/bin/python # -*- coding: UTF-8 -*- import smtplib from email.mime.text import MIMEText from email.header import Header import logging def send_mail(host , receivers): # 发送邮件的服务器,用户信息 mail_host = "smtpdm-ap-southeast-1.aliyun.com" mail_user = "admin@mail.chinasoft.com" mail_pass = "pass" sender = 'admin@mail.chinasoft.com' message = MIMEText('chinasoft国内接口被刷,单个IP最近10分钟内访问超过阈值100次会收到此邮件告警!!!!\n%s' % (host), 'plain', 'utf-8') message['From'] = Header("chinasoft国内接口被刷", 'utf-8') subject ='[DDOS]购买链接接口异常链接!!' message['Subject'] = Header(subject, 'utf-8') try: smtpObj = smtplib.SMTP(mail_host, 80) smtpObj.login(mail_user, mail_pass) smtpObj.sendmail(sender, receivers, message.as_string()) logging.info("邮件发送成功") except smtplib.SMTPException as e: logging.error("发送邮件失败,原因:%s" % e)
配置文件
common.py
#!/usr/bin/python # -*- coding: UTF-8 -*- import IPy from functools import reduce import redis,time def groups(L1,len1): groups=zip(*(iter(L1),)*len1) L2=[list(i) for i in groups] n=len(L1) % len1 L2.append(L1[-n:]) if n !=0 else L2 return L2 def ip_into_int(ip): return reduce(lambda x, y: (x << 8) + y, map(int, ip.split('.'))) # 过滤掉内网ip def is_internal_ip(ip): ip = ip_into_int(ip) net_a = ip_into_int('10.255.255.255') 24 net_b = ip_into_int('172.31.255.255') 20 net_c = ip_into_int('192.168.255.255') 16 return ip 24 == net_a or ip 20 == net_b or ip 16 == net_c # 是否为白名单ip (公司内网+集群内网ip+slb和需要互访的服务器ip避免误杀) def is_white_ip(ip): if (is_internal_ip(ip)): return True white_hosts = [ # web-servers '1.1.1.1', '1.1.1.2', ]; for white in white_hosts: if (ip in IPy.IP(white)): return True return False def get_ban_ip_time(ip): pool = redis.ConnectionPool(host='127.0.0.1', port=6379, db=1) client = redis.Redis(connection_pool=pool) key = 'slb_ban_'+ip val = client.get(key) if val == None: return 0 else : return int(val) def set_ban_ip_time(ip): pool = redis.ConnectionPool(host='127.0.0.1', port=6379, db=1) client = redis.Redis(connection_pool=pool) key = 'slb_ban_'+ip timestamp = time.time() timestamp = int(round(timestamp)) return client.set(key , timestamp , 86400)
本地可以直接运行run.py进行调试
广告合作:本站广告合作请联系QQ:858582 申请时备注:广告合作(否则不回)
免责声明:本站资源来自互联网收集,仅供用于学习和交流,请遵循相关法律法规,本站一切资源不代表本站立场,如有侵权、后门、不妥请联系本站删除!
免责声明:本站资源来自互联网收集,仅供用于学习和交流,请遵循相关法律法规,本站一切资源不代表本站立场,如有侵权、后门、不妥请联系本站删除!
暂无评论...
稳了!魔兽国服回归的3条重磅消息!官宣时间再确认!
昨天有一位朋友在大神群里分享,自己亚服账号被封号之后居然弹出了国服的封号信息对话框。
这里面让他访问的是一个国服的战网网址,com.cn和后面的zh都非常明白地表明这就是国服战网。
而他在复制这个网址并且进行登录之后,确实是网易的网址,也就是我们熟悉的停服之后国服发布的暴雪游戏产品运营到期开放退款的说明。这是一件比较奇怪的事情,因为以前都没有出现这样的情况,现在突然提示跳转到国服战网的网址,是不是说明了简体中文客户端已经开始进行更新了呢?
更新日志
2024年12月24日
2024年12月24日
- 小骆驼-《草原狼2(蓝光CD)》[原抓WAV+CUE]
- 群星《欢迎来到我身边 电影原声专辑》[320K/MP3][105.02MB]
- 群星《欢迎来到我身边 电影原声专辑》[FLAC/分轨][480.9MB]
- 雷婷《梦里蓝天HQⅡ》 2023头版限量编号低速原抓[WAV+CUE][463M]
- 群星《2024好听新歌42》AI调整音效【WAV分轨】
- 王思雨-《思念陪着鸿雁飞》WAV
- 王思雨《喜马拉雅HQ》头版限量编号[WAV+CUE]
- 李健《无时无刻》[WAV+CUE][590M]
- 陈奕迅《酝酿》[WAV分轨][502M]
- 卓依婷《化蝶》2CD[WAV+CUE][1.1G]
- 群星《吉他王(黑胶CD)》[WAV+CUE]
- 齐秦《穿乐(穿越)》[WAV+CUE]
- 发烧珍品《数位CD音响测试-动向效果(九)》【WAV+CUE】
- 邝美云《邝美云精装歌集》[DSF][1.6G]
- 吕方《爱一回伤一回》[WAV+CUE][454M]