Heal Your Church WebSite


Teaching, rebuking, correcting & training in righteous web design.

ip2Country.pl – A fast little script to bulk id IPs by country

ip2Country.pl - a fast little PERL script to bulk identify IPs by countryYes, I know, all cool programmers use Python these days – but to this old-school programmer, PERL is to my antiquated PC what GWBasic was to first computer at work back in 1983. That is a nice little tool to get things done, like identify a list of IP addresses by country.

Here’s the situation, I’ve been getting a lot of incoming spambots attempting to create accounts and post comments both here on HYCW and a few other sites I help manage. The Akismet spam filtering service catches all of it – but there’s still at times a huge draw on bandwidth, CPU and other resources when these bots hit.

So from time to time, I harvest the IP addresses from the thwarted ne’er-do-well’s failed attempts via my user registration table and/or Apache logs and then add them to the firewalls, .htaccess file and/or application IP ban lists of these various sites – except for those IPs incoming from countries where both the languages and laws give me the ability to email the abuse administrator.

Moreover, by excluding IPs from countries like the US, Canada, etc … from my ‘hit list,’ I don’t accidentally banish entire ISPs such as RoadRunner, ComCast or AOL when one of their user’s machines goes z0mbie goes due to some malware.

So the trick is then to take all the IPs from all the computers with which I’m associated, and drive the list through a simple application that will generate a list of IPs to ban – while excluding IPs whom I can (and do) contact via email at a later time.

Which is what inspired me to write ip2Country.pl – a fast little PERL script to bulk identify IPs by countries who don’t have IP abuse administrators who care, and generate a bash script to insert the entries into my apf firewall deny_hosts.rules file:

#!/usr/bin/perl
#
# by Dean Peters
# http://healyourchurchwebsite.com/
#
use IP::Country::Fast;
use Geography::Countries;
my $reg = IP::Country::Fast->new();

print "#/bin/sh\n";
print "# -- append firewall --\n";
while() {
        chomp;
        my $ip = $_;
        my $ip_cntry_abr = $reg->inet_atocc($ip);
        my $ip_cntry_nam = country $ip_cntry_abr;
        next if ($ip_cntry_abr =~ m/US|CA|GB|AU|NZ/i);
        print "/etc/apf/apf -d $ip {mad spammer from $ip_cntry_nam}\n";
}
print "# -- restart firewall --\n";
print "/etc/apf/apf -r\n";

__DATA__
121.1.29.246
121.15.200.148
193.238.213.70
196.20.7.74
210.22.83.146
217.30.244.226
222.124.200.212

Oh sure, I could be real fancy and write a version that takes command line arguments for individual IP addresses and/or a file of IP addresses … but the point here was to demonstrate how a crufty old tool like PERL can help bulk identify IPs by countries so you can too add them to your firewalls, .htaccess file and/or application IP ban list.

That said, if you’ve got a Python or even PHP version of the same, leave a comment and share the goods.

Or you can just preemptively use the online services of Block a Country and be done with it.

Comments are closed.