Linux iptables防火墙使用curl命令获取abuseipdb的免费恶意黑名单防CC攻击,blacklist下载,kangle cf cloudflare屏蔽ddos循环sh批量添加api
Linux iptables防火墙使用curl命令获取abuseipdb的免费恶意黑名单防CC攻击,blacklist下载,kangle cf cloudflare屏蔽ddos循环sh批量添加api登录注册,创建一个api密钥
https://www.abuseipdb.com/account/api?aff=itzmx.com
生成带最近报告时间的json黑名单列表,默认为时间排序最新1w个ip地址(基本订阅付费可以拿到全部完整的6w个恶意ip),免费版仅支持设置confidenceMinimum=100百分百可信的已确认恶意ip(输出字段abuseConfidenceScore=100)
下面的api自己换一下
curl -X GET https://api.abuseipdb.com/api/v2/blacklist?ipVersion=4 \
-d confidenceMinimum=100 \
-H "Key: c2547eb745079dac9320b638f5e225cf483cc5cfdda41" \
-H "Accept: application/json" \
-o blacklist.json
例子
{
"ipAddress": "47.76.209.138",
"countryCode": "HK",
"abuseConfidenceScore": 100,
"lastReportedAt": "2025-01-04T14:55:27+00:00"
}
生成明文的txt黑名单列表,这个非常适合导入iptables防火墙
curl -X GET https://api.abuseipdb.com/api/v2/blacklist?ipVersion=4 \
-d confidenceMinimum=100 \
-d plaintext \
-H "Key: c2547eb745079dac9320b638f5e225cf483cc5cfdda41" \
-H "Accept: text/plain" \
-o blacklist.txt
不知道怎么弄api?没关系,我帮你下载好了,回复即可下载恶意ip黑名单数据库
**** Hidden Message *****
如果你想报告某个恶意ip地址给这个网站的数据库,可以用这份代码
curl -X POST https://api.abuseipdb.com/api/v2/report \
-d categories=4 \
--data-urlencode "ip=127.0.0.1" \
--data-urlencode "comment=HTTP Flood" \
-H "Key: c2547eb745079dac9320b638f5e225cf483cc5cfdda41" \
-H "Accept: application/json"
每个 Cloudflare 帐户最多可以免费享受有 50,000 条ip黑名单规则
一般来说通过api导入,设置此网站,交互式质询(challenge,也就是一个点击验证码),即可防御大量攻击,不要使用阻止,避免产生误封(虽然abuseipdb给出的恶意可信度是100%)
获取地址:https://dash.cloudflare.com/profile
点击Global API Key(X-Auth-Key)
然后发起
查看ip访问规则,右下角有个API区域 ID,下面的地址自己换一下,看到你自己的地址,邮箱换成你的cf登陆邮箱
curl -X GET "https://api.cloudflare.com/client/v4/zones/023e105f4ecef8ad9ca31a8372d0c353/firewall/access_rules/rules?per_page=100" \
-H "X-Auth-Email: user@gmail.com" \
-H "X-Auth-Key: c2547eb745079dac9320b638f5e225cf483cc5cfdda41"
添加ip
curl -X POST "https://api.cloudflare.com/client/v4/zones/023e105f4ecef8ad9ca31a8372d0c353/firewall/access_rules/rules" \
-H "X-Auth-Email: user@gmail.com" \
-H "X-Auth-Key: c2547eb745079dac9320b638f5e225cf483cc5cfdda41" \
-H "Content-Type: application/json" \
-d '{
"configuration": {
"target": "ip",
"value": "47.76.209.138"
},
"mode": "challenge",
"notes": "blacklist"
}'
删除ip
curl -X DELETE "https://api.cloudflare.com/client/v4/zones/023e105f4ecef8ad9ca31a8372d0c353/firewall/access_rules/rules/$RULE_ID" \
-H "X-Auth-Email: user@gmail.com" \
-H "X-Auth-Key: c2547eb745079dac9320b638f5e225cf483cc5cfdda41"
但是只有单独添加一个ip怎么办呢,用sh脚本批量添加,保存成 blacklist.sh 和 blacklist.txt 放在同一个目录,需要安装jq来解析json(自己写的sh可能无法添加最后末尾的那个ip,手动添加下就好)
yum -y install jq
#!/bin/bash
#https://bbs.itzmx.com/thread-111252-1-1.html
#下面的地址自己换一下
API_URL="https://api.cloudflare.com/client/v4/zones/023e105f4ecef8ad9ca31a8372d0c353/firewall/access_rules/rules"
AUTH_EMAIL="user@gmail.com"
AUTH_KEY="c2547eb745079dac9320b638f5e225cf483cc5cfdda41"
while IFS= read -r ip; do
[[ -z "$ip" ]] && continue# 如果为空则跳过
RESPONSE=$(curl -s -X POST "$API_URL" \
-H "X-Auth-Email: $AUTH_EMAIL" \
-H "X-Auth-Key: $AUTH_KEY" \
-H "Content-Type: application/json" \
-d '{
"configuration": {
"target": "ip",
"value": "'"$ip"'"
},
"mode": "challenge",
"notes": "blacklist"
}')
if echo "$RESPONSE" | jq -e '.success' > /dev/null; then
echo "成功添加 IP: $ip"
else
echo "添加 IP: $ip 失败: $(echo "$RESPONSE" | jq -r '.errors[] | .message')"
fi
done < blacklist.txt
运行添加
sh blacklist.sh
批量添加后怎么批量删除?保存成 rmblacklist.sh,需要安装jq来解析json
yum -y install jq
#!/bin/bash
#https://bbs.itzmx.com/thread-111252-1-1.html
#下面的地址自己换一下
ZONE_ID="023e105f4ecef8ad9ca31a8372d0c353"
AUTH_EMAIL="user@gmail.com"
AUTH_KEY="c2547eb745079dac9320b638f5e225cf483cc5cfdda41"
while true; do
RESPONSE=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/firewall/access_rules/rules?per_page=100" \
-H "X-Auth-Email: $AUTH_EMAIL" \
-H "X-Auth-Key: $AUTH_KEY")
RULE_IDS=$(echo "$RESPONSE" | jq -r '.result[] | select(.notes == "blacklist") | .id')
if [ -z "$RULE_IDS" ]; then
echo "没有找到符合条件的规则,结束操作。"
break
fi
for RULE_ID in $RULE_IDS; do
DELETE_RESPONSE=$(curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/firewall/access_rules/rules/$RULE_ID" \
-H "X-Auth-Email: $AUTH_EMAIL" \
-H "X-Auth-Key: $AUTH_KEY")
if echo "$DELETE_RESPONSE" | jq -e '.success' > /dev/null; then
echo "成功删除规则 ID: $RULE_ID"
else
echo "删除规则 ID: $RULE_ID 失败: $(echo "$DELETE_RESPONSE" | jq -r '.errors[].message')"
fi
done
done
运行添加
sh rmblacklist.sh
参考:https://developers.cloudflare.com/api/resources/firewall/subresources/access_rules/methods/create/
https://bbs.itzmx.com/thread-111212-1-1.html
页:
[1]