build: ban_abusive_ip.pl script (taken from off1) (#8474)

* build: ban_abusive_ip.pl script (taken from off1) * fix: linting
openfoodfacts · Jun 7, 2023 · 7f6e745 · 7f6e745
1 parent 1dc4c01
commit 7f6e745
Showing 1 changed file with 52 additions and 0 deletions.
diff --git a/scripts/ban_abusive_ip.pl b/scripts/ban_abusive_ip.pl
@@ -0,0 +1,52 @@
+#!/usr/bin/perl -w
+
+use strict;
+
+use Storable;
+
+use ProductOpener::PerlStandards;
+
+my $blocked_ips_file = "/srv/off/logs/blocked_ips.txt";
+
+my %blocked_ips = ();
+
+my $in;
+
+if (open($in, "<", $blocked_ips_file)) {
+
+	while (<$in>) {
+		my $ip = $_;
+		chomp($ip);
+		print STDERR "loaded ip: $ip\n";
+		$blocked_ips{$ip} = 1;
+	}
+}
+close($in);
+
+my %ip = ();
+
+while (<STDIN>) {
+	if ($_ =~ /(^\S+) /) {
+		my $ip = $1;
+		next if $ip !~ /^[0-9\.]+$/;
+		$ip{$ip}++;
+	}
+}
+
+foreach my $ip (sort {$ip{$a} <=> $ip{$b}} keys %ip) {
+	next if exists $blocked_ips{$ip};
+	if ($ip{$ip} > 100) {
+		print STDERR "detected abusive $ip : $ip{$ip}\n";
+		my $command1 = "iptables -A INPUT -s $ip -p tcp -m state --state NEW -m tcp --dport 80 -j DROP";
+		my $command2 = "iptables -A INPUT -s $ip -p tcp -m state --state NEW -m tcp --dport 443 -j DROP";
+		print STDERR $command1 . "\n";
+		print STDERR $command2 . "\n";
+		system($command1);
+		system($command2);
+		my $out;
+		open($out, ">>", $blocked_ips_file);
+		print $out $ip . "\n";
+		close $out;
+	}
+}
+