Looking for a way to do CC lookups on the fly?

[jols]

The result I am needing here is to use a command like:
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

... then to have each IP in the list coupled with a country code. This is so I could see at a glance if we have IPs hitting the server from Vietnam, Russia, China, etc.

Does anyone know of such a method or script command that CSF would pull up this kind of a listing on-the-fly?

By the way, we do use CSF and I know CSF uses geo lookups. But I am not sure how to combine this feature with a netstat-line readout like the above.

Otherwise, I am hesitant to install Maxmind's geo lookup tool because it would seem to slow down the server with geolookups on all connections to the server. So I'm just hoping for a netstat-like readout with geolookups on the fly, but only for the IPs which are currently hitting the server.

Anyone?

 

[georgeb]

I am using GeoIP.dat database and mod_geoip and nothing is slowing down. (GeoIP.dat from MaxMind). Using CC from CSF will load the server pulling out all the ip's. I can easy do a redirect or give a 403 to any ip from high risk countries, or to block in CSF.

Regards,
George B.

 

[cPanelJamyn]

<snip> This is so I could see at a glance if we have IPs hitting the server from Vietnam, Russia, China, etc. <snip> Otherwise, I am hesitant to install Maxmind's geo lookup tool because it would seem to slow down the server with geolookups on all connections to the server. So I'm just hoping for a netstat-like readout with geolookups on the fly, but only for the IPs which are currently hitting the server.
Anyone?

As georgeb noted, mod_geoip should not slow down your server. It doesn't query a remote database - it uses a local db for lookups, and you can optionally cache the entire thing in memory. Using mod_geoip (Docs) would be more reliable and likely much faster than a custom-made solution.