Cloudflare 通过检测系统负载自动开启5秒盾cloudflare UAM和challenge验证码脚本

佚名 2020-12-15 1,661 12/15

Cloudflare 通过检测系统负载自动开启5秒盾cloudflare UAM和challenge验证码脚本

脚本开源下载地址 :

https://github.com/jiuqi9997/autouam

通过检测系统负载(cpu或load)自动开启cloudflare UAM和challenge(验证码)

注意!默认challenge=1,将在开启UAM的同时开启验证码。如果你不想,请将它设为0

不要修改或删除 status.txt 和 filter.txt 和 ruleid.txt,记录攻击状态和规则 id 的。

#!/bin/bash
 
#
# Usage:
# screen -dmS autouam &&
# screen -x -S autouam -p 0 -X stuff "bash /root/autouam.sh" &&
# screen -x -S autouam -p 0 -X stuff $'n'
#
 
mode="load"
# 两种模式可选,一:cpu 二:load
 
challenge="1"
# 是否同时开启验证码质询 设为 1 即开启
 
keeptime="30"
# ≈开盾最小时间,如 60 则开盾 60 秒内负载降低不会关,60 秒后关
 
interval="0.5"
# 检测间隔时间,默认 0.5 秒
 
email="눈_눈"
# CloudFlare 账号邮箱
 
api_key="눈_눈"
# CloudFlare API KEY
 
zone_id="눈_눈"
# 区域 ID 在域名的概述页面获取
 
default_security_level="high"
# 默认安全等级 关闭 UAM 时将会把安全等级调整为它
 
api_url="https://api.cloudflare.com/client/v4/zones/$zone_id/settings/security_level"
# API 的地址
 
api_url1="https://api.cloudflare.com/client/v4/zones/$zone_id/firewall/rules"
# API 的地址之二
 
api_url2="https://api.cloudflare.com/client/v4/zones/$zone_id/filters"
# API 的地址之三
 
# 安装依赖
if [ ! $(which jq 2> /dev/null) ]; then
    echo "jq not found!"
    if [ -f "/usr/bin/yum" ] && [ -d "/etc/yum.repos.d" ]; then
        yum install jq -y
    elif [ -f "/usr/bin/apt-get" ] && [ -f "/usr/bin/dpkg" ]; then
        apt-get install jq -y
    fi
fi
 
for((;;))
do
if [ "$mode" = "cpu" ];
then
check=90   #5 秒内 CPU 连续超过 80 则开启 UAM【可以根据您的服务器负荷情况调整】
#系统空闲时间
TIME_INTERVAL=5
time=$(date "+%Y-%m-%d %H:%M:%S")
LAST_CPU_INFO=$(cat /proc/stat | grep -w cpu | awk '{print $2,$3,$4,$5,$6,$7,$8}')
LAST_SYS_IDLE=$(echo $LAST_CPU_INFO | awk '{print $4}')
LAST_TOTAL_CPU_T=$(echo $LAST_CPU_INFO | awk '{print $1+$2+$3+$4+$5+$6+$7}')
sleep ${TIME_INTERVAL}
NEXT_CPU_INFO=$(cat /proc/stat | grep -w cpu | awk '{print $2,$3,$4,$5,$6,$7,$8}')
NEXT_SYS_IDLE=$(echo $NEXT_CPU_INFO | awk '{print $4}')
NEXT_TOTAL_CPU_T=$(echo $NEXT_CPU_INFO | awk '{print $1+$2+$3+$4+$5+$6+$7}')
 
#系统空闲时间
SYSTEM_IDLE=`echo ${NEXT_SYS_IDLE} ${LAST_SYS_IDLE} | awk '{print $1-$2}'`
#CPU 总时间
TOTAL_TIME=`echo ${NEXT_TOTAL_CPU_T} ${LAST_TOTAL_CPU_T} | awk '{print $1-$2}'`
load=`echo ${SYSTEM_IDLE} ${TOTAL_TIME} | awk '{printf "%.2f", 100-$1/$2*100}'`
else
load=$(cat /proc/loadavg | colrm 5)
check=$(cat /proc/cpuinfo | grep "processor" | wc -l)
fi
 
if [ ! -f "status.txt" ];then
echo "" > status.txt
else
status=$(cat status.txt)
fi
if [ -f "ruleid.txt" ]; then
ruleid=$(cat ruleid.txt)
fi
if [ -f "filterid.txt" ]; then
filterid=$(cat filterid.txt)
fi
now=$(date +%s)
time=$(date +%s -r status.txt)
 
 
 
echo "当前$mode 负载:$load"
if [[ $status -eq 1 ]]
then
echo "UAM ON!"
if [ "$challenge" -eq 1 ]; then
echo "Challenge ON!"
fi
else
echo "UAM OFF!"
if [ "$challenge" -eq 1 ]; then
echo "Challenge OFF!"
fi
fi
 
newtime=`expr $now - $time`
closetime=`expr $keeptime - $newtime`
 
if [[ $load <$check ]]&&[[ $status -eq 1 ]]&&[[ $newtime -gt $keeptime ]] then echo -e "n$mode 负载低于$check,当前已开盾超过规定时间$newtime 秒,尝试调整至默认安全等级($default_security_level)" # Disable Under Attack Mode result=$(curl -X PATCH "$api_url"  -H "X-Auth-Email: $email"  -H "X-Auth-Key: $api_key"  -H "Content-Type: application/json"  --data "{ "value": "$default_security_level" }" --silent  | jq -r '.success') if [ "$result" = "true" ]; then echo 0 > status.txt
        echo -e "n 成功"
    fi
    if [ "$challenge" -eq 1 ]; then
        result=$(curl -X DELETE "$api_url1/$ruleid" 
            -H "X-Auth-Email: $email" 
            -H "X-Auth-Key: $api_key" 
            -H "Content-Type: application/json" 
            --silent)
        result1=$(curl -X DELETE "$api_url2/$filterid" 
            -H "X-Auth-Email: $email" 
            -H "X-Auth-Key: $api_key" 
            -H "Content-Type: application/json" 
            --silent)
        if [ $(echo $result | jq -r '.success') -a $(echo $result1 | jq -r '.success') ]; then
            echo -e "n 验证码关闭成功"
        fi
    fi
 
elif [[ $load <$check ]] then echo -e "n$mode 负载低于$check,不做任何改变,状态持续了$newtime 秒" if [[ $status -eq 1 ]] then echo -e "将于$closetime 秒后调整安全等级至$default_security_level" fi elif [[ $load >$check ]] && [[ $status -eq 1 ]] && [[ $newtime -gt $keeptime ]]
then
    echo -e "n$mode 负载高于$check,当前已开启 UAM 超过$keeptime 秒,UAM 无效"
elif [[ $load >$check ]] && [[ $status -eq 1 ]]
then
    echo -e "n$mode 负载高于$check,当前已开启($newtime 秒),请再观察"
elif [[ $load >$check ]]
then
    echo -e "n$mode 负载高于$check,开启 UAM"
    # Enable Under Attack Mode
    result=$(curl -X PATCH "$api_url" 
        -H "X-Auth-Email: $email" 
        -H "X-Auth-Key: $api_key" 
        -H "Content-Type: application/json" 
            --data "{
                "value": "under_attack"
            }" --silent 
    | jq -r '.success')
    if [ "$result" = "true" ]; then
        echo 1 > status.txt
        echo -e "n 成功"
    fi
    if [ "$challenge" -eq 1 ]; then
        while :
            do
            result=$(curl -X POST "$api_url2" 
                -H "X-Auth-Email: $email" 
                -H "X-Auth-Key: $api_key" 
                -H "Content-Type: application/json" 
                --data '[{
                    "expression": "(not cf.client.bot)"
                }]' --silent)
            if [ $(echo $result | jq -r '.success') == "true" ]; then
                filterid=$(echo $result | jq -r '.result[].id')
            else
                filterid=$(echo $result | jq -r '.errors[].meta.id')
                for i in $filterid
                do
                result1=$(curl -X DELETE "$api_url2/$i" 
                    -H "X-Auth-Email: $email" 
                    -H "X-Auth-Key: $api_key" 
                    -H "Content-Type: application/json" --silent)
                done
                if [ $(echo $result1 | jq -r '.success') ]; then
                    echo "n 冲突的 filter 删除成功"
                fi
            fi
            if [ $(echo $result | jq -r '.success') == "true" ]; then
                break
            fi
        done
        result=$(curl -X POST "$api_url1" 
            -H "X-Auth-Email: $email" 
            -H "X-Auth-Key: $api_key" 
            -H "Content-Type: application/json" 
            --data "[{
                "action": "challenge",
                "filter": {
                    "id": "$filterid",
                    "expression": "(not cf.client.bot)"
                }
            }]" --silent)
        if [ $(echo $result | jq -r '.success') == "true" ]; then
            ruleid=$(echo $result | jq -r '.result[].id')
            echo "$filterid" > filterid.txt
            echo "$ruleid" > ruleid.txt
            echo -e "验证码开启成功,规则 id:$ruleid"
        fi
    fi
else
echo 0 > status.txt
fi
sleep $interval
clear
done

使用方法

  • dash.cloudflare.com生成过去apikey,将它们填入脚本内。
  • 执行screen -dmS autouam && screen -x -S autouam -p 0 -X stuff "bash /root/autouam.sh" && screen -x -S autouam -p 0 -X stuff $'n'启动脚本,注意替换脚本路径。
  • 执行screen -r autouam -d查看运行状态,ctrl+A+D断开screen,脚本继续运行。
- THE END -

佚名

7月11日17:23

最后修改:2021年7月11日
0

共有 0 条评论