Difference between revisions of "Spam/IP Blocks"

From C4 Wiki
Jump to: navigation, search
(whois2iprange.pl example)
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
= IP Blocks =  
 
= IP Blocks =  
IP Blocks haben sich als einigermassen effektiv gegen Spammer erwiesen.
+
Mediawikis IP range blocks are quite effictive against spam.
  
Folgendes Skript erleichtert die Einrichtung von IP Range Blocks.
+
The script at http://w8n.koeln.ccc.de/trac/projects/browser/whois2iprange.pl was written to address two issues with ip blocks in mediawiki:
 +
* You can not block ranges bigger than /16
 +
* Especially chinese spammers operate from very large netblocks
  
#!/usr/bin/perl -w
+
= whois2iprange.pl =
# Description: generate mediawiki iprange (/16) block entries for whois netnames
 
# Usage:
 
use POSIX qw(strftime);
 
use File::Basename;
 
use Getopt::Std;
 
use Net::Netmask;
 
use Net::XWhois;
 
 
sub usage () {
 
    print "usage: " . basename($0) ." [-s][-u id][-h][-v] ip\n
 
    -s                      output sql statements
 
    -u id                  user id for sql statements
 
    -v                      verbose
 
    -h                      help\n";
 
    print "i.e.:\n";
 
    print "    ". basename($0) ." 221.219.118.4\n";
 
    print "    ". basename($0) ." -s -u 2 221.219.118.4\n";
 
    exit 0;
 
}
 
 
sub output ($$$$) {
 
    my $netname = shift;
 
    my $inet = shift;
 
    my $sql = shift;
 
    my $user = shift;
 
    if (not $sql) {
 
        print "http://wiki.koeln.ccc.de/index.php?title=Special:Blockip&ip=$inet\n";
 
    } else {
 
        my $start = strftime "%Y%m%d%H%M%S", localtime;
 
        print "INSERT INTO ipblocks VALUES ('','$inet', 0, $user, 'SPAMMER $netname','$start',0,''); \n";
 
    }
 
}
 
 
sub range2cidr16 ($) {
 
    my @range = split (' - ', shift);
 
    # get cidr notation
 
    my @blocks = range2cidrlist($range[0], $range[1]);
 
    my @cidrs16;
 
    foreach my $b (@blocks) {
 
        my $cidr = sprintf "%s/%s",$b->base, $b->bits;
 
        print STDERR "got cidr: $cidr\n" if $opts{'v'};
 
        # break down to /16 blocks
 
        if ($b->bits < 16) {
 
            foreach (`sipcalc -s 16 $cidr`) {
 
                if (m/^Network\s*-\s([\.\d]+)\s*-\s([\.\d]+)$/o) {
 
                    my @blocks2 = range2cidrlist($1, $2);
 
                    foreach (@blocks2) {
 
                        push @cidrs16, "$_";
 
                        print STDERR "block $cidr broken down to: $_\n" if $opts{'v'};
 
                    }
 
                }
 
            }
 
        } else { push @cidrs16, $cidr; }
 
    }
 
    return \@cidrs16;
 
}
 
 
my %opts;
 
getopts('hvsu:', \%opts);
 
usage () if ($opts{'h'});
 
my $sql = $opts{'s'} ? 1 : 0;
 
my $user;
 
if ($opts{'u'}) { $user = $opts{'u'}; $sql = 1; } else { $user = 1; }
 
 
my $whois;
 
my $netname;
 
if ($ARGV[0]) {
 
    my $ip = $ARGV[0];
 
    print STDERR "fetching netname for: $ip\n" if $opts{'v'};
 
    $whois = new Net::XWhois Domain => "$ip";
 
    $netname = $whois->netname;
 
    unless ($netname) {
 
        print STDERR "netname not found for ip: $ip \n";
 
        exit 0;
 
    }
 
    print STDERR "fetching inetnum for netname: $netname\n" if $opts{'v'};
 
    $whois->lookup(Domain => "$netname");
 
    if ($whois->inetnum) {
 
        foreach my $inet ($whois->inetnum) {
 
            # break down to /16 blocks
 
            foreach (@{range2cidr16($inet)}) {
 
                print STDERR "found block: $_\n" if $opts{'v'};
 
                output($netname, $_, $sql, $user);
 
            }
 
        }
 
 
    } else {
 
        print STDERR "inetnum(s) not found for: $netname\n";
 
    }
 
} else { usage(); }
 
  
Benutzen:
+
Retrieves all the net blocks from whois, converts them to 16bit netmasks and prints links to mediawikis ip block form.
perl ~/whois2iprange.pl ip
+
You may have to use the '-b' option from the command line to point to your mediawikis Special:Blockip page.
 +
If you have access to mediawikis sql database you should use the '-s' option to output sql statements.
  
Leider funktioniert dieses Script nur bei IP-Ranges, die in der RIPE verzeichnet sind.
+
For the script to run, you need to have [http://www.routemeister.net/projects/sipcalc/ sipcalc] installed.
<br>--[[User:ScottyTM|ScottyTM]] 03:46, 24 Oct 2005 (CEST)
+
Furthermore the following perl modules are required:
 +
* Net::Netmask
 +
* Net::XWhois
  
Zum Beispiel:
+
== whois2iprange.pl example ==
whois -h whois.apnic.net ip.address | perl ~/whois2iprange.pl  
 
  
Problem ist: nicht jedes whois info enthaelt einen netname
+
% ./whois2iprange.pl -b 'http://localhost/index.php?title=Special:Blockip' 219.132.1.1
--[[User:Mario Manno|MM]] 21:44, 10 July 2007 (CEST)
+
http://localhost/index.php?title=Special:Blockip&wpBlockExpiry=infinite&ip=202.96.128.0/18&wpBlockOther=Spam%20CHINANET-GD
 +
http://localhost/index.php?title=Special:Blockip&wpBlockExpiry=infinite&ip=202.103.128.0/18&wpBlockOther=Spam%20CHINANET-GD
 +
http://localhost/index.php?title=Special:Blockip&wpBlockExpiry=infinite&ip=202.104.0.0/16&wpBlockOther=Spam%20CHINANET-GD
 +
http://localhost/index.php?title=Special:Blockip&wpBlockExpiry=infinite&ip=202.105.0.0/16&wpBlockOther=Spam%20CHINANET-GD
 +
...
 +
http://localhost/index.php?title=Special:Blockip&wpBlockExpiry=infinite&ip=61.146.0.0/16&wpBlockOther=Spam%20CHINANET-GD
  
 +
 +
% ./whois2iprange.pl -s 125.33.182.119
 +
INSERT INTO ipblocks VALUES ('','202.106.0.0/16', 0, 1, 'SPAMMER CNCGROUP-BJ','20070719143737',0,1,1,'infinity', 'CA6A0000', 'CA6AFFFF',0,0);
 +
INSERT INTO ipblocks VALUES ('','211.154.192.0/18', 0, 1, 'SPAMMER CNCGROUP-BJ','20070719143737',0,1,1,'infinity', 'D39AC000', 'D39AFFFF',0,0);
 +
INSERT INTO ipblocks VALUES ('','211.144.0.0/20', 0, 1, 'SPAMMER CNCGROUP-BJ','20070719143737',0,1,1,'infinity', 'D3900000', 'D3900FFF',0,0);
 +
INSERT INTO ipblocks VALUES ('','211.144.16.0/20', 0, 1, 'SPAMMER CNCGROUP-BJ','20070719143737',0,1,1,'infinity', 'D3901000', 'D3901FFF',0,0);
 +
...
 +
INSERT INTO ipblocks VALUES ('','202.130.224.0/19', 0, 1, 'SPAMMER CNCGROUP-BJ','20070719143737',0,1,1,'infinity', 'CA82E000', 'CA82FFFF',0,0);
 
[[Category:Infos]]
 
[[Category:Infos]]

Latest revision as of 13:56, 19 July 2007

IP Blocks

Mediawikis IP range blocks are quite effictive against spam.

The script at http://w8n.koeln.ccc.de/trac/projects/browser/whois2iprange.pl was written to address two issues with ip blocks in mediawiki:

  • You can not block ranges bigger than /16
  • Especially chinese spammers operate from very large netblocks

whois2iprange.pl

Retrieves all the net blocks from whois, converts them to 16bit netmasks and prints links to mediawikis ip block form. You may have to use the '-b' option from the command line to point to your mediawikis Special:Blockip page. If you have access to mediawikis sql database you should use the '-s' option to output sql statements.

For the script to run, you need to have sipcalc installed. Furthermore the following perl modules are required:

  • Net::Netmask
  • Net::XWhois

whois2iprange.pl example

% ./whois2iprange.pl -b 'http://localhost/index.php?title=Special:Blockip' 219.132.1.1
http://localhost/index.php?title=Special:Blockip&wpBlockExpiry=infinite&ip=202.96.128.0/18&wpBlockOther=Spam%20CHINANET-GD
http://localhost/index.php?title=Special:Blockip&wpBlockExpiry=infinite&ip=202.103.128.0/18&wpBlockOther=Spam%20CHINANET-GD
http://localhost/index.php?title=Special:Blockip&wpBlockExpiry=infinite&ip=202.104.0.0/16&wpBlockOther=Spam%20CHINANET-GD
http://localhost/index.php?title=Special:Blockip&wpBlockExpiry=infinite&ip=202.105.0.0/16&wpBlockOther=Spam%20CHINANET-GD
...
http://localhost/index.php?title=Special:Blockip&wpBlockExpiry=infinite&ip=61.146.0.0/16&wpBlockOther=Spam%20CHINANET-GD


% ./whois2iprange.pl -s 125.33.182.119
INSERT INTO ipblocks VALUES (,'202.106.0.0/16', 0, 1, 'SPAMMER CNCGROUP-BJ','20070719143737',0,1,1,'infinity', 'CA6A0000', 'CA6AFFFF',0,0);
INSERT INTO ipblocks VALUES (,'211.154.192.0/18', 0, 1, 'SPAMMER CNCGROUP-BJ','20070719143737',0,1,1,'infinity', 'D39AC000', 'D39AFFFF',0,0);
INSERT INTO ipblocks VALUES (,'211.144.0.0/20', 0, 1, 'SPAMMER CNCGROUP-BJ','20070719143737',0,1,1,'infinity', 'D3900000', 'D3900FFF',0,0);
INSERT INTO ipblocks VALUES (,'211.144.16.0/20', 0, 1, 'SPAMMER CNCGROUP-BJ','20070719143737',0,1,1,'infinity', 'D3901000', 'D3901FFF',0,0);
...
INSERT INTO ipblocks VALUES (,'202.130.224.0/19', 0, 1, 'SPAMMER CNCGROUP-BJ','20070719143737',0,1,1,'infinity', 'CA82E000', 'CA82FFFF',0,0);