Difference between revisions of "Spam/IP Blocks"

From C4 Wiki
Jump to: navigation, search
Line 3: Line 3:
  
 
Folgendes Skript erleichtert die Einrichtung von IP Range Blocks.
 
Folgendes Skript erleichtert die Einrichtung von IP Range Blocks.
 +
 
  #!/usr/bin/perl -w
 
  #!/usr/bin/perl -w
  # description: generate mediawiki ipblock entries for ipranges
+
  # Description: generate mediawiki iprange (/16) block entries for whois netnames
  # usage: copy ips of all spammers from  'recent changes' (check entries with diff)
+
  # Usage:  
 
  use POSIX qw(strftime);
 
  use POSIX qw(strftime);
  # get netranges from whois output
+
  use File::Basename;
  while (<>) {
+
  use Getopt::Std;
    chomp;
+
  use Net::Netmask;
    if (m/netname:/) {
+
use Net::XWhois;
        my $netname = $_;
+
        $netname =~ s/netname:\s*//;
+
sub usage () {
        $names{$old} = $netname;
+
    print "usage: " . basename($0) ." [-s][-u id][-h][-v] ip\n
    }
+
    -s                     output sql statements
    next unless $_ =~ m/inetnum:/;
+
    -u id                  user id for sql statements
    s/inetnum:\s*//;
+
    -v                      verbose
    s/ //g;
+
    -h                      help\n";
    $seen{$_} = 1;
+
    print "i.e.:\n";
    $old = $_;
+
    print "    ". basename($0) ." 221.219.118.4\n";
 +
    print "    ". basename($0) ." -s -u 2 221.219.118.4\n";
 +
    exit 0;
 
  }
 
  }
  # let ipcalc calculate the range
+
   
  foreach my $line (keys %seen) {
+
  sub output ($$$$) {
    my $out = `ipcalc $line`;
+
    my $netname = shift;
    my @ranges;
+
    my $inet = shift;
    foreach (split(/\n/,$out)) {
+
    my $sql = shift;
        next if m/deaggregate/;
+
    my $user = shift;
        chomp;
+
    if (not $sql) {
        push @ranges, $_;
+
        print "http://wiki.koeln.ccc.de/index.php?title=Special:Blockip&ip=$inet\n";
    }
+
    } else {
    foreach my $r (@ranges) {
+
        my $start = strftime "%Y%m%d%H%M%S", localtime;
        print "http://wiki.koeln.ccc.de/index.php?title=Special:Blockip&ip=$r\n";
+
        print "INSERT INTO ipblocks VALUES ('','$inet', 0, $user, 'SPAMMER $netname','$start',0,''); \n";
        my $start = strftime "%Y%m%d%H%M%S", localtime;
+
    }
        print "INSERT INTO ipblocks VALUES ('','$r', 0, 2, 'SPAMMER $names{$line}','$start',0,''); \n";
 
    }
 
 
  }
 
  }
 
+
 +
sub range2cidr16 ($) {
 +
    my @range = split (' - ', shift);
 +
    # get cidr notation
 +
    my @blocks = range2cidrlist($range[0], $range[1]);
 +
    my @cidrs16;
 +
    foreach my $b (@blocks) {
 +
        my $cidr = sprintf "%s/%s",$b->base, $b->bits;
 +
        print STDERR "got cidr: $cidr\n" if $opts{'v'};
 +
        # break down to /16 blocks
 +
        if ($b->bits < 16) {
 +
            foreach (`sipcalc -s 16 $cidr`) {
 +
                if (m/^Network\s*-\s([\.\d]+)\s*-\s([\.\d]+)$/o) {
 +
                    my @blocks2 = range2cidrlist($1, $2);
 +
                    foreach (@blocks2) {
 +
                        push @cidrs16, "$_";
 +
                        print STDERR "block $cidr broken down to: $_\n" if $opts{'v'};
 +
                    }
 +
                }
 +
            }
 +
        } else { push @cidrs16, $cidr; }
 +
    }
 +
    return \@cidrs16;
 +
}
 +
 +
my %opts;
 +
getopts('hvsu:', \%opts);
 +
usage () if ($opts{'h'});
 +
my $sql = $opts{'s'} ? 1 : 0;
 +
my $user;
 +
if ($opts{'u'}) { $user = $opts{'u'}; $sql = 1; } else { $user = 1; }
 +
 +
my $whois;
 +
my $netname;
 +
if ($ARGV[0]) {
 +
    my $ip = $ARGV[0];
 +
    print STDERR "fetching netname for: $ip\n" if $opts{'v'};
 +
    $whois = new Net::XWhois Domain => "$ip";
 +
    $netname = $whois->netname;
 +
    unless ($netname) {
 +
        print STDERR "netname not found for ip: $ip \n";
 +
        exit 0;
 +
    }
 +
    print STDERR "fetching inetnum for netname: $netname\n" if $opts{'v'};
 +
    $whois->lookup(Domain => "$netname");
 +
    if ($whois->inetnum) {
 +
        foreach my $inet ($whois->inetnum) {
 +
            # break down to /16 blocks
 +
            foreach (@{range2cidr16($inet)}) {
 +
                print STDERR "found block: $_\n" if $opts{'v'};
 +
                output($netname, $_, $sql, $user);
 +
            }
 +
        }
 +
 +
    } else {
 +
        print STDERR "inetnum(s) not found for: $netname\n";
 +
    }
 +
} else { usage(); }
  
 
Benutzen:
 
Benutzen:
  whois 221.194.75.8 | perl ~/whois2iprange.pl
+
  perl ~/whois2iprange.pl ip
  
 
Leider funktioniert dieses Script nur bei IP-Ranges, die in der RIPE verzeichnet sind.
 
Leider funktioniert dieses Script nur bei IP-Ranges, die in der RIPE verzeichnet sind.

Revision as of 17:21, 11 July 2007

IP Blocks

IP Blocks haben sich als einigermassen effektiv gegen Spammer erwiesen.

Folgendes Skript erleichtert die Einrichtung von IP Range Blocks.

#!/usr/bin/perl -w
# Description: generate mediawiki iprange (/16) block entries for whois netnames
# Usage: 
use POSIX qw(strftime);
use File::Basename;
use Getopt::Std;
use Net::Netmask;
use Net::XWhois;

sub usage () {
    print "usage: " . basename($0) ." [-s][-u id][-h][-v] ip\n
    -s                      output sql statements
    -u id                   user id for sql statements
    -v                      verbose
    -h                      help\n";
    print "i.e.:\n";
    print "    ". basename($0) ." 221.219.118.4\n";
    print "    ". basename($0) ." -s -u 2 221.219.118.4\n";
    exit 0;
}

sub output ($$$$) {
    my $netname = shift;
    my $inet = shift;
    my $sql = shift;
    my $user = shift;
    if (not $sql) {
        print "http://wiki.koeln.ccc.de/index.php?title=Special:Blockip&ip=$inet\n";
    } else {
        my $start = strftime "%Y%m%d%H%M%S", localtime;
        print "INSERT INTO ipblocks VALUES (,'$inet', 0, $user, 'SPAMMER $netname','$start',0,); \n";
    }
}

sub range2cidr16 ($) {
    my @range = split (' - ', shift);
    # get cidr notation
    my @blocks = range2cidrlist($range[0], $range[1]);
    my @cidrs16;
    foreach my $b (@blocks) {
        my $cidr = sprintf "%s/%s",$b->base, $b->bits;
        print STDERR "got cidr: $cidr\n" if $opts{'v'};
        # break down to /16 blocks
        if ($b->bits < 16) {
            foreach (`sipcalc -s 16 $cidr`) {
                if (m/^Network\s*-\s([\.\d]+)\s*-\s([\.\d]+)$/o) {
                    my @blocks2 = range2cidrlist($1, $2);
                    foreach (@blocks2) {
                        push @cidrs16, "$_";
                        print STDERR "block $cidr broken down to: $_\n" if $opts{'v'};
                    }
                }
            }
        } else { push @cidrs16, $cidr; }
    }
    return \@cidrs16;
}

my %opts;
getopts('hvsu:', \%opts);
usage () if ($opts{'h'});
my $sql = $opts{'s'} ? 1 : 0;
my $user;
if ($opts{'u'}) { $user = $opts{'u'}; $sql = 1; } else { $user = 1; }

my $whois;
my $netname;
if ($ARGV[0]) { 
    my $ip = $ARGV[0];
    print STDERR "fetching netname for: $ip\n" if $opts{'v'};
    $whois = new Net::XWhois Domain => "$ip";
    $netname = $whois->netname;
    unless ($netname) {
        print STDERR "netname not found for ip: $ip \n";
        exit 0;
    }
    print STDERR "fetching inetnum for netname: $netname\n" if $opts{'v'};
    $whois->lookup(Domain => "$netname");
    if ($whois->inetnum) {
        foreach my $inet ($whois->inetnum) {
            # break down to /16 blocks
            foreach (@{range2cidr16($inet)}) {
                print STDERR "found block: $_\n" if $opts{'v'};
                output($netname, $_, $sql, $user);
            }
        }

    } else {
        print STDERR "inetnum(s) not found for: $netname\n";
    }
} else { usage(); }

Benutzen:

perl ~/whois2iprange.pl ip

Leider funktioniert dieses Script nur bei IP-Ranges, die in der RIPE verzeichnet sind.
--ScottyTM 03:46, 24 Oct 2005 (CEST)

Zum Beispiel: whois -h whois.apnic.net ip.address | perl ~/whois2iprange.pl

Problem ist: nicht jedes whois info enthaelt einen netname --MM 21:44, 10 July 2007 (CEST)