pycbrf icon indicating copy to clipboard operation
pycbrf copied to clipboard

Published 20 hours ago verified publisher icon idlesign

DDoS protection. ParseError: not well-formed (invalid token)

Open zinovevvv opened this issue 3 years ago • 7 comments

Hello! Can u help with this issue?

In [2]: from pycbrf import ExchangeRates, Banks

In [3]: rates = ExchangeRates('2016-06-26', locale_en=True)
Traceback (most recent call last):

  File "/usr/local/lib/python3.7/site-packages/IPython/core/interactiveshell.py", line 3437, in run_code
    exec(code_obj, self.user_global_ns, self.user_ns)

  File "<ipython-input-3-eeb2361ad8f3>", line 1, in <module>
    rates = ExchangeRates('2016-06-26', locale_en=True)

  File "/usr/local/lib/python3.7/site-packages/pycbrf/rates.py", line 60, in __init__
    parsed = self._parse(raw_data)

  File "/usr/local/lib/python3.7/site-packages/pycbrf/rates.py", line 95, in _parse
    xml = ElementTree.fromstring(data)

  File "/usr/local/Cellar/[email protected]/3.7.12_1/Frameworks/Python.framework/Versions/3.7/lib/python3.7/xml/etree/ElementTree.py", line 1315, in XML
    parser.feed(text)

  File "<string>", line unknown
ParseError: not well-formed (invalid token): line 1, column 390

zinovevvv avatar Feb 25 '22 20:02 zinovevvv

Small investigation found that it hits automatic DDOS protection.

alexanderkmd avatar Feb 27 '22 04:02 alexanderkmd

Temporary workaround, changed

from: URL_BASE = 'http://www.cbr.ru/scripts/'

to: URL_BASE = "http://212.40.192.49/scripts/"

in rates.py line 10

alexanderkmd avatar Feb 27 '22 04:02 alexanderkmd

Without changing the file:

import pycbrf

pycbrf.rates.URL_BASE='http://212.40.192.49/scripts/'

rates = pycbrf.toolbox.ExchangeRates("2022-02-27")

Also- this is a temporary workaround...

alexanderkmd avatar Feb 27 '22 06:02 alexanderkmd

Work! Thank you)

zinovevvv avatar Feb 27 '22 08:02 zinovevvv

Hi,

If it's a DDoS protection, please don't abuse it, use caching technics and lower requests count by other means.

idlesign avatar Feb 28 '22 02:02 idlesign

@idlesign There are couple of points:

  1. DDoS protection is activated on the first hit, even after two days of no access to API. Though Chrome passes it without any problem and loading the needed data in XML format. I think it's redirection, that is not followed by the script.
  2. CBR has its own rate limit (approximately 10hits/s).

May be this can help:

b'<!DOCTYPE html><html><head>
<title>DDOS-GUARD</title><meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<script>var DOMReady=function(t){var e=document,d="addEventListener";e[d]?e[d]("DOMContentLoaded",t):window.attachEvent("onload",t)},loadScript=function(t,e){var d=document.createElement("script");d.type="text/javascript",d.src=t,"string"==typeof e&&""!==e&&(d.id=e),(document.getElementsByTagName("head")[0]||document.body).appendChild(d)};DOMReady(function(){loadScript("https://check.ddos-guard.net/check.js"),loadScript("/.well-known/ddos-guard/check?context=free_splash","ddg_script_f"),setTimeout(function(){document.location.reload(!0)},3e3)});</script><style>*{margin:0;padding:0}body,html{font-family:Open Sans,Arial,Helvetica,sans-serif;height:100%;background:linear-gradient(to top,#e5f3fb,#fff)}.logo{width:120px;margin-bottom:35px}#title{font-size:32px;font-weight:900;margin-bottom:40px}#description{color:#8f9390;margin-bottom:30px}#link-ddg{white-space:nowrap;margin-bottom:30px;font-size:18px}#link-ddg a:focus:active:hover:visited{color:#00adee}#link-ddg a:active{color:#00adee}#link-ddg a:hover{color:#00adee}#link-ddg a:visited{color:#00adee}.container{display:flex;flex-direction:column;justify-content:center;align-items:center;height:100%;text-align:center;background:url(data:image/svg+xml;base64,PHN2ZyBpZD0i0KHQu9C+0LlfMSIgZGF0YS1uYW1lPSLQodC70L7QuSAxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAxNjYuNzUgNDcuOTciPjxkZWZzPjxzdHlsZT4uY2xzLTF7ZmlsbDojZmZmO308L3N0eWxlPjwvZGVmcz48dGl0bGU+0JzQvtC90YLQsNC20L3QsNGPINC+0LHQu9Cw0YHRgtGMIDE8L3RpdGxlPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTEzNS41NSwzOS44MmMtLjM4LDAtLjc1LDAtMS4xMywwYTE4LjkxLDE4LjkxLDAsMCwwLTM1LjMzLTQuNTNBMjUuMjYsMjUuMjYsMCwwLDAsNzcuMjEsMjIuN2MtLjgyLDAtMS42MywwLTIuNDMuMTJBMjkuMjYsMjkuMjYsMCwwLDAsMTcsMjkuMjZhMjkuNTksMjkuNTksMCwwLDAsLjE2LDNBMTguNTIsMTguNTIsMCwwLDAsMCw0OEgxNTAuNDNBMTcuNjQsMTcuNjQsMCwwLDAsMTM1LjU1LDM5LjgyWiIvPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTE1OS40OSw0NS40NUE5LjU4LDkuNTgsMCwwLDAsMTUzLDQ4aDEzQTkuNTgsOS41OCwwLDAsMCwxNTkuNDksNDUuNDVaIi8+PC9zdmc+) center bottom no-repeat}.lds-spin{width:80px;height:80px}@media screen and (max-width:1200px){.logo{width:100px}#title{font-size:29px}#link-ddg{font-size:15px}#link-ddg{font-size:20px}}@media screen and (max-width:770px){.logo{width:70px;margin-bottom:10px}#title{font-size:15px;margin-bottom:10px}#description{margin-bottom:10px;font-size:13px}#link-ddg{margin-bottom:10px;font-size:13px}.lds-spin{width:40px;height:40px}#link-ddg{font-size:18px}}</style></head><body><div class="container"><div class="logo"><svg id="dl" xmlns="http://www.w3.org/2000/svg" viewbox="0 0 6.62 7.69"><defs><style>.cls-1{isolation:isolate}.cls-2{fill:#00adee}.cls-3{fill:#fff}</style></defs><title>ddos_3</title><g id="_2560" data-name="2560" class="cls-1"><g id="G2" data-name="Gr2"><path class="cls-2" d="M3.3,0A6,6,0,0,1,0,1.91C.13,4.46,1.6,7.49,3.3,7.65,5,7.49,6.47,4.46,6.6,1.91A6,6,0,0,1,3.3,0Z"/><polygon class="cls-3" points="4.55 4.73 4.55 2.74 3.29 1.79 2.03 2.71 2.03 2.91 3.25 2.2 3.25 2.59 2.03 3.16 2.03 3.4 3.25 2.95 3.25 3.26 2.03 3.66 2.03 3.91 3.25 3.66 3.25 4.01 2.03 4.18 2.03 4.43 3.25 4.36 3.25 4.73 1.89 4.73 1.89 5.09 4.71 5.09 4.71 4.73 4.55 4.73"/></g></g></svg></div><div id="title"></div><div id="description"></div><div id="link-ddg"><a href="https://ddos-guard.net" target="_blank" id="link"></a></div><div class="lds"><svg class="lds-spin" width="100px" height="100px" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewbox="0 0 100 100" preserveaspectratio="xMidYMid" style="background: none;"><g transform="translate(80,50)"><g transform="rotate(0)"><circle cx="0" cy="0" r="10" fill="#00adee" fill-opacity="1" transform="scale(0.7525 0.7525)"><animatetransform attributename="transform" type="scale" begin="-0.875s" values="0.7 0.7;1 1" keytimes="0;1" dur="1s" repeatcount="indefinite"/><animate attributename="fill-opacity" keytimes="0;1" dur="1s" repeatcount="indefinite" values="1;0" begin="-0.875s"/></circle></g></g><g transform="translate(71.21320343559643,71.21320343559643)"><g transform="rotate(45)"><circle cx="0" cy="0" r="10" fill="#00adee" fill-opacity="0.875" transform="scale(0.715 0.715)"><animatetransform attributename="transform" type="scale" begin="-0.75s" values="0.7 0.7;1 1" keytimes="0;1" dur="1s" repeatcount="indefinite"/><animate attributename="fill-opacity" keytimes="0;1" dur="1s" repeatcount="indefinite" values="1;0" begin="-0.75s"/></circle></g></g><g transform="translate(50,80)"><g transform="rotate(90)"><circle cx="0" cy="0" r="10" fill="#00adee" fill-opacity="0.75" transform="scale(0.9775 0.9775)"><animatetransform attributename="transform" type="scale" begin="-0.625s" values="0.7 0.7;1 1" keytimes="0;1" dur="1s" repeatcount="indefinite"/><animate attributename="fill-opacity" keytimes="0;1" dur="1s" repeatcount="indefinite" values="1;0" begin="-0.625s"/></circle></g></g><g transform="translate(28.786796564403577,71.21320343559643)"><g transform="rotate(135)"><circle cx="0" cy="0" r="10" fill="#00adee" fill-opacity="0.625" transform="scale(0.94 0.94)"><animatetransform attributename="transform" type="scale" begin="-0.5s" values="0.7 0.7;1 1" keytimes="0;1" dur="1s" repeatcount="indefinite"/><animate attributename="fill-opacity" keytimes="0;1" dur="1s" repeatcount="indefinite" values="1;0" begin="-0.5s"/></circle></g></g><g transform="translate(20,50.00000000000001)"><g transform="rotate(180)"><circle cx="0" cy="0" r="10" fill="#00adee" fill-opacity="0.5" transform="scale(0.9025 0.9025)"><animatetransform attributename="transform" type="scale" begin="-0.375s" values="0.7 0.7;1 1" keytimes="0;1" dur="1s" repeatcount="indefinite"/><animate attributename="fill-opacity" keytimes="0;1" dur="1s" repeatcount="indefinite" values="1;0" begin="-0.375s"/></circle></g></g><g transform="translate(28.78679656440357,28.786796564403577)"><g transform="rotate(225)"><circle cx="0" cy="0" r="10" fill="#00adee" fill-opacity="0.375" transform="scale(0.865 0.865)"><animatetransform attributename="transform" type="scale" begin="-0.25s" values="0.7 0.7;1 1" keytimes="0;1" dur="1s" repeatcount="indefinite"/><animate attributename="fill-opacity" keytimes="0;1" dur="1s" repeatcount="indefinite" values="1;0" begin="-0.25s"/></circle></g></g><g transform="translate(49.99999999999999,20)"><g transform="rotate(270)"><circle cx="0" cy="0" r="10" fill="#00adee" fill-opacity="0.25" transform="scale(0.8275 0.8275)"><animatetransform attributename="transform" type="scale" begin="-0.125s" values="0.7 0.7;1 1" keytimes="0;1" dur="1s" repeatcount="indefinite"/><animate attributename="fill-opacity" keytimes="0;1" dur="1s" repeatcount="indefinite" values="1;0" begin="-0.125s"/></circle></g></g><g transform="translate(71.21320343559643,28.78679656440357)"><g transform="rotate(315)"><circle cx="0" cy="0" r="10" fill="#00adee" fill-opacity="0.125" transform="scale(0.79 0.79)"><animatetransform attributename="transform" type="scale" begin="0s" values="0.7 0.7;1 1" keytimes="0;1" dur="1s" repeatcount="indefinite"/><animate attributename="fill-opacity" keytimes="0;1" dur="1s" repeatcount="indefinite" values="1;0" begin="0s"/></circle></g></g></svg></div></div><script type="text/javascript">var lang=navigator.language,host=window.location.hostname;"ru"==lang||"ru-RU"==lang?(document.getElementById("title").innerHTML="\xd0\x9f\xd1\x80\xd0\xbe\xd0\xb2\xd0\xb5\xd1\x80\xd0\xba\xd0\xb0 \xd0\xb1\xd1\x80\xd0\xb0\xd1\x83\xd0\xb7\xd0\xb5\xd1\x80\xd0\xb0 \xd0\xbf\xd0\xb5\xd1\x80\xd0\xb5\xd0\xb4 \xd0\xbf\xd0\xb5\xd1\x80\xd0\xb5\xd1\x85\xd0\xbe\xd0\xb4\xd0\xbe\xd0\xbc \xd0\xbd\xd0\xb0 \xd1\x81\xd0\xb0\xd0\xb9\xd1\x82 "+host,document.getElementById("description").innerHTML="\xd0\xad\xd1\x82\xd0\xbe \xd0\xb0\xd0\xb2\xd1\x82\xd0\xbe\xd0\xbc\xd0\xb0\xd1\x82\xd0\xb8\xd1\x87\xd0\xb5\xd1\x81\xd0\xba\xd0\xb8\xd0\xb9 \xd0\xbf\xd1\x80\xd0\xbe\xd1\x86\xd0\xb5\xd1\x81\xd1\x81. \xd0\x92\xd1\x8b \xd0\xb1\xd1\x83\xd0\xb4\xd0\xb5\xd1\x82\xd0\xb5 \xd0\xbf\xd0\xb5\xd1\x80\xd0\xb5\xd0\xbd\xd0\xb0\xd0\xbf\xd1\x80\xd0\xb0\xd0\xb2\xd0\xbb\xd0\xb5\xd0\xbd\xd1\x8b \xd0\xbd\xd0\xb0 \xd0\xb7\xd0\xb0\xd0\xbf\xd1\x80\xd0\xb0\xd1\x88\xd0\xb8\xd0\xb2\xd0\xb0\xd0\xb5\xd0\xbc\xd1\x8b\xd0\xb9 \xd1\x80\xd0\xb5\xd1\x81\xd1\x83\xd1\x80\xd1\x81 \xd0\xb2 \xd0\xb1\xd0\xbb\xd0\xb8\xd0\xb6\xd0\xb0\xd0\xb9\xd1\x88\xd0\xb5\xd0\xb5 \xd0\xb2\xd1\x80\xd0\xb5\xd0\xbc\xd1\x8f.<br>\xd0\x9f\xd0\xbe\xd0\xb6\xd0\xb0\xd0\xbb\xd1\x83\xd0\xb9\xd1\x81\xd1\x82\xd0\xb0 \xd0\xbe\xd0\xb6\xd0\xb8\xd0\xb4\xd0\xb0\xd0\xb9\xd1\x82\xd0\xb5...",document.getElementById("link").innerHTML="\xd0\x97\xd0\xb0\xd1\x89\xd0\xb8\xd1\x82\xd0\xb0 \xd0\xbe\xd1\x82 DDoS-\xd0\xb0\xd1\x82\xd0\xb0\xd0\xba DDoS-GUARD"):(document.getElementById("title").innerHTML="Checking your browser accessing "+host,document.getElementById("description").innerHTML="This process is automatic. Your browser will redirect to your requested content shortly.<br>Please allow up to 5 seconds...",document.getElementById("link").innerHTML="DDoS protection by DDoS-GUARD");</script>
</body></html>'

alexanderkmd avatar Feb 28 '22 10:02 alexanderkmd

Though Chrome passes it without any problem and loading the needed data in XML format.

It might be also a simple User-Agent check. You can try to play with it.

idlesign avatar Feb 28 '22 10:02 idlesign