OVH Mitigation to Discord Notifier

May 17, 2023

Sadly, it's a common fact of life that some people have little better to do than try and ruin other peoples fun. An example of this, an old friend of mine asked me to throw up and configure some Linux servers for him. After a while I noticed some unusual behaviour on one of them, turned out to be a DDOS.

Thankfully, OVH have some decent anti-DDOS mitigation measures. They also provide a powerful API. Since the attacks were coming frequently I decided to setup a script to notify me if a server went into mitigation.

The first step I took was to figure out which endpoints I would require. It's a large API but we only need two, /ip and /ip/*/mitigation/*.

Using the python ovh library we can make a call to the /ip endpoint. In this verison of the code I chose to filter out the ipv6 addresses like so:

import tomllib
import ovh

def _conn_from_toml():
    ...

def main():
    conn = _conn_from_toml()

    client = ovh.Client(
        **conn["ovh"],
    )

    ips = list(
        filter(
            lambda ip: ipaddress.ip_address(ip).version == 4,
            [ip.split("/")[0] for ip in client.get("/ip")],
        )
    )

if __name__ == "__main__":
    main()

Now that we have our server ips, we can run mitigation checks on each:

import ipaddress
...

mitigation_list = []

def check_ips_in_mitigation(webhook, client, ips):
    for ip in ips:
            try:
                _ = client.get(f"/ip/{ip}/mitigation/{ip}")

                if ip not in mitigation_list:
                    mitigation_list.append(ip)
            except ovh.exceptions.ResourceNotFoundError:
                if ip in mitigation_list:
                    mitigation_list.remove(ip)

Finally a function to send the discord notification:

from discord_webhook import DiscordWebhook
...

def send_webhook_message(webhook, msg):
    webhook = DiscordWebhook(
        url=webhook, username="ip-mitigation", content=msg
    )
    webhook.execute()

Check this gist for a complete version of the code.

Further notes:

If you setup something similar yourself you can test by putting the server into mitigation state manually using the API or the OVH control panel
I added logging to the final version of the script.
Here you can find information about the Python OVH API

Subscribe to this blog's RSS feed