From 15b65c7ad2b5315931b6386c9d2b09a58163e98a Mon Sep 17 00:00:00 2001 From: Yaroslav Halchenko Date: Mon, 2 Feb 2015 12:19:20 -0500 Subject: [PATCH] NF: apache-fakegooglebot ignorecommand + DNSUtils.ipToName --- .../ignorecommands/apache-fakegooglebot | 32 +++++++++++++++++++ fail2ban/server/filter.py | 8 +++++ 2 files changed, 40 insertions(+) create mode 100755 config/filter.d/ignorecommands/apache-fakegooglebot diff --git a/config/filter.d/ignorecommands/apache-fakegooglebot b/config/filter.d/ignorecommands/apache-fakegooglebot new file mode 100755 index 000000000..47ef51f68 --- /dev/null +++ b/config/filter.d/ignorecommands/apache-fakegooglebot @@ -0,0 +1,32 @@ +#!/usr/bin/python +# Inspired by https://isc.sans.edu/forums/diary/When+Google+isnt+Google/15968/ +# +# Written in Python to reuse built-in Python batteries and not depend on +# presence of host and cut commands +# +import sys + +def process_args(argv): + if len(argv) != 2: + sys.stderr.write("Please provide a single IP as an argument. Got: %s\n" + % (argv[1:])) + sys.exit(2) + + ip = argv[1] + + from fail2ban.server.filter import DNSUtils + if not DNSUtils.isValidIP(ip): + sys.stderr.write("Argument must be a single valid IP. Got: %s\n" + % ip) + sys.exit(3) + return ip + +def is_googlebot(ip): + import re + from fail2ban.server.filter import DNSUtils + + host = DNSUtils.ipToName(ip) + sys.exit(0 if (host and re.match('crawl-.*\.googlebot\.com', host)) else 1) + +if __name__ == '__main__': + is_googlebot(process_args(sys.argv)) diff --git a/fail2ban/server/filter.py b/fail2ban/server/filter.py index 71b08a2db..f06cf911a 100644 --- a/fail2ban/server/filter.py +++ b/fail2ban/server/filter.py @@ -852,6 +852,14 @@ class DNSUtils: % (dns, e)) return list() + @staticmethod + def ipToName(ip): + try: + return socket.gethostbyaddr(ip)[0] + except socket.error, e: + logSys.debug("Unable to find a name for the IP %s: %s" % (ip, e)) + return None + @staticmethod def searchIP(text): """ Search if an IP address if directly available and return