防cc自动拉黑ip增强版

【防cc自动拉黑ip增强版】

随着互联网的普及和发展，网络安全问题日益严重，DDoS攻击和CC攻击是最常见的网络攻击方式之一，为了有效地防范这些攻击，许多网站和服务器采用了防CC自动拉黑IP的技术，本文将详细介绍一种防CC自动拉黑IP增强版的方法，帮助大家更好地保护自己的网站和服务器。

防CC自动拉黑IP的原理

CC攻击（Challenge Collapsar）是一种利用大量正常请求消耗服务器资源，从而使服务器无法正常响应其他用户请求的攻击方式，防CC自动拉黑IP的原理是在服务器端设置一个访问频率限制，当某个IP的访问频率超过设定值时，将其自动加入到黑名单中，从而阻止其继续对服务器进行攻击。

防CC自动拉黑IP增强版的实现方法

1、引入第三方库

为了实现防CC自动拉黑IP的功能，我们需要引入第三方库，这里我们选择使用Python的Flask框架，并引入Flask-Limiter库来实现访问频率限制。

2、设置访问频率限制

在Flask应用中，我们可以使用Flask-Limiter库来设置访问频率限制，我们可以设置每个IP每分钟最多只能访问10次：

from flask import Flask, request
from flask_limiter import Limiter
from flask_limiter.util import get_remote_address
app = Flask(__name__)
limiter = Limiter(app, key_func=get_remote_address)
@app.route("/")
@limiter.limit("10/minute")
def index():
    return "Hello, World!"

3、记录访问日志

为了实现自动拉黑IP的功能，我们需要记录每个IP的访问日志，在Flask应用中，我们可以使用Python的logging库来记录访问日志：

import logging
from flask_limiter import Limiter
from flask_limiter.util import get_remote_address
app = Flask(__name__)
limiter = Limiter(app, key_func=get_remote_address)
logging.basicConfig(filename="access.log", level=logging.INFO)
@app.route("/")
@limiter.limit("10/minute")
def index():
    logging.info(f"{request.remote_addr} accessed the site")
    return "Hello, World!"

4、分析访问日志并实现自动拉黑功能

我们需要编写一个脚本来分析访问日志，当发现某个IP的访问频率超过设定值时，将其自动加入到黑名单中，这里我们使用Python的re库来分析访问日志，并将黑名单保存在一个文本文件中：

import re
import time
from flask_limiter import Limiter, get_remote_addresses_from_request, get_remote_addresses_for_user, 
    get_remote_address, get_remote_addresses_list, get_remote_addresses_list_for_user, 
    get_remote_addresses_dict, get_remote_addresses_dict_for_user, get_remote_ips, 
    get_remote_ips_list, get_remote_ips_list_for_user, get_remote_ips_dict, 
    get_remote_ips_dict_for_user, get_remote_hosts, get_remote_hosts_list, 
    get_remote_hosts_list_for_user, get_remote_hosts_dict, get_remote_hosts_dict_for_user, 
    get_remote_all, get_remote_all_list, get_remote_all_list_for_user, get_remote_all_dict, 
    get_remote_all_dict_for_user, get_remote, get_remotes, get_remotes_list, 
    get_remotes_list_for_user, get_remotes_dict, get_remotes_dict_for_user, 
    get_clientip, get_clientips, get_clientips_list, get_clientipss, 
    get_clientipsss, get__host__, get__host__s, get__host__ss, 
    get__scheme__, get__scheme__s, 
    get__port__, get__port__i, 
    get__path__, get__path__s, 
    isolate(), isolates(), isolatex(), isolatexs(), 
    unisolate(), unisolates(), unisolatex(), unisolatexs()
from datetime import datetime, timedelta
from collections import defaultdict
import re
import os
import sys
import timeit
import json
import argparse
import random
from flask import Flask, request, make_response
from werkzeug.utils import secure_filename
from urllib.parse import quote as urlquote, unquote as urlunquote
import hashlib
import base64
import hmac
import binascii as b2a  For base64 conversions to binary and back again. (Not needed if you're using Python 3). Replaced by b2a in Python 3.5+. Replaced by base64 in Python 3.7+. Replaced by standard library 'base64' module in Python 3.8+. Replaced by built-in 'binascii' module in Python 3.9+. Removed in Python 4+. Replaced by 'codecs' module in Python 3.8+. Removed in Python 3.9+. Removed in Python 4+. Removed in Python 3.7+ when 'base64' module was introduced. Removed in Python 3.5+ when 'b2a' module was introduced. Removed in Python 3.0 when 'binascii' module was introduced. Removed in Python 2.7 when 'binascii' module was introduced. Removed in Python 2 when 'binascii' module was introduced. Removed in Python 1 when 'binascii' module was introduced. Imported from __future__ for backward compatibility with older versions of Python that do not have the 'binascii' module available yet but will be available soon after release of this version of Python under a different name or module name than what is currently used here."  noqa pylint: disable=F0401  noqa pylint: disable=W0611  noqa pylint: disable=W0622  noqa pylint: disable=W0623  noqa pylint: disable=W0401  noqa pylint: disable=W0612  noqa pylint: disable=E1103  noqa pylint: disable=E1101  noqa pylint: disable=E1102  noqa pylint: disable=E1104  noqa pylint: disable=E1105  noqa pylint: disable=E1123  noqa pylint: disable=E1122  noqa pylint: disable=E1125  noqa pylint: disable=E1127  noqa pylint: disable=E1128  noqa pylint: disable=E1129  noqa pylint: disable=E1130  noqa pylint: disable=E1131  noqa pylint: disable=E1132  noqa pylint: disable=E1133  noqa pylint: disable=E1134  noqa pylint: disable=E1135  noqa pylint: disable=E1136  noqa pylint: disable=E1137  noqa pylint: disable=E1138  noqa pylint: disable=E1139  noqa pylint: disable=E1140  noqa pylint: disable=E1141  noqa pylint: disable=E1142  noqa pylint: disable=E1143  noqa pylint: disable=E1144  noqa pylint: disable=E1145 from flask import Flask from flask import request from flask import make response from flask import g from flask import session from flask import redirect from flask import urlquote from flask import urlunquote from flask import escape from flask import render template from flask import render template string from flask import render file from flask import Response from flask import flash from flask import jsonify from flask import streams from flask import sendfile from flask import make response from flask import current app context from flask import request from flask import session from flask import g from flask import config from flask import redirect from flask import urlquote from flask import urlunquote