Spam/IP Blocks

From C4 Wiki
< Spam
Revision as of 17:21, 11 July 2007 by Mario Manno (talk | contribs)
Jump to: navigation, search

IP Blocks

IP Blocks haben sich als einigermassen effektiv gegen Spammer erwiesen.

Folgendes Skript erleichtert die Einrichtung von IP Range Blocks.

#!/usr/bin/perl -w
# Description: generate mediawiki iprange (/16) block entries for whois netnames
# Usage: 
use POSIX qw(strftime);
use File::Basename;
use Getopt::Std;
use Net::Netmask;
use Net::XWhois;

sub usage () {
    print "usage: " . basename($0) ." [-s][-u id][-h][-v] ip\n
    -s                      output sql statements
    -u id                   user id for sql statements
    -v                      verbose
    -h                      help\n";
    print "i.e.:\n";
    print "    ". basename($0) ." 221.219.118.4\n";
    print "    ". basename($0) ." -s -u 2 221.219.118.4\n";
    exit 0;
}

sub output ($$$$) {
    my $netname = shift;
    my $inet = shift;
    my $sql = shift;
    my $user = shift;
    if (not $sql) {
        print "http://wiki.koeln.ccc.de/index.php?title=Special:Blockip&ip=$inet\n";
    } else {
        my $start = strftime "%Y%m%d%H%M%S", localtime;
        print "INSERT INTO ipblocks VALUES (,'$inet', 0, $user, 'SPAMMER $netname','$start',0,); \n";
    }
}

sub range2cidr16 ($) {
    my @range = split (' - ', shift);
    # get cidr notation
    my @blocks = range2cidrlist($range[0], $range[1]);
    my @cidrs16;
    foreach my $b (@blocks) {
        my $cidr = sprintf "%s/%s",$b->base, $b->bits;
        print STDERR "got cidr: $cidr\n" if $opts{'v'};
        # break down to /16 blocks
        if ($b->bits < 16) {
            foreach (`sipcalc -s 16 $cidr`) {
                if (m/^Network\s*-\s([\.\d]+)\s*-\s([\.\d]+)$/o) {
                    my @blocks2 = range2cidrlist($1, $2);
                    foreach (@blocks2) {
                        push @cidrs16, "$_";
                        print STDERR "block $cidr broken down to: $_\n" if $opts{'v'};
                    }
                }
            }
        } else { push @cidrs16, $cidr; }
    }
    return \@cidrs16;
}

my %opts;
getopts('hvsu:', \%opts);
usage () if ($opts{'h'});
my $sql = $opts{'s'} ? 1 : 0;
my $user;
if ($opts{'u'}) { $user = $opts{'u'}; $sql = 1; } else { $user = 1; }

my $whois;
my $netname;
if ($ARGV[0]) { 
    my $ip = $ARGV[0];
    print STDERR "fetching netname for: $ip\n" if $opts{'v'};
    $whois = new Net::XWhois Domain => "$ip";
    $netname = $whois->netname;
    unless ($netname) {
        print STDERR "netname not found for ip: $ip \n";
        exit 0;
    }
    print STDERR "fetching inetnum for netname: $netname\n" if $opts{'v'};
    $whois->lookup(Domain => "$netname");
    if ($whois->inetnum) {
        foreach my $inet ($whois->inetnum) {
            # break down to /16 blocks
            foreach (@{range2cidr16($inet)}) {
                print STDERR "found block: $_\n" if $opts{'v'};
                output($netname, $_, $sql, $user);
            }
        }

    } else {
        print STDERR "inetnum(s) not found for: $netname\n";
    }
} else { usage(); }

Benutzen:

perl ~/whois2iprange.pl ip

Leider funktioniert dieses Script nur bei IP-Ranges, die in der RIPE verzeichnet sind.
--ScottyTM 03:46, 24 Oct 2005 (CEST)

Zum Beispiel: whois -h whois.apnic.net ip.address | perl ~/whois2iprange.pl

Problem ist: nicht jedes whois info enthaelt einen netname --MM 21:44, 10 July 2007 (CEST)