- 論壇徽章:
- 0
|
轉(zhuǎn)載請(qǐng)保留:
http://www.cnscn.org
(
CNS電腦與英語(yǔ)學(xué)習(xí)網(wǎng)
)
#!/bin/sh
#
# keep the DDOS away
# Author cnscn
# Time: 2007-11-30
#
#get the access Ip
awk '{print $1}' /usr/local/apache/logs/access_log | sort | awk '{print $1}' >/root/ip_access.txt
#這里也可以把a(bǔ)ccess_log拷貝一下或在awk中計(jì)算
時(shí)間
,由于麻煩和目前的log不太重要,所以就直接清了,有興趣您可以修改補(bǔ)足,請(qǐng)把修改的貼上來(lái)喲^_^
cat /usr/local/apache/logs/access_log >> /usr/local/apache/logs/access_log_raw
>/usr/local/apache/logs/access_log
#deny the ip the visits times greater than 500
IP=$(awk 'BEGIN{nums=500;count=1;last=""}{if(last!=$1){if(count>nums && last!="::1" && match(last,"124.42.125")==0 && match(last,"192.168")==0 && match(last,"127.0.0.1")==0 ){print last};last=$1;count=1;}else{count++;} }' /root/ip_access.txt)
#把IP用防火墻Drop掉
if [ "" != $IP ]
then
echo "/sbin/iptables -I INPUT -s $IP -j DROP"
#這里直接添加到INPUT等重啟iptables后會(huì)自動(dòng)失效,可以做修改把這些IP放到文件里
/sbin/iptables -I INPUT -s $IP -j DROP
fi
本文來(lái)自ChinaUnix博客,如果查看原文請(qǐng)點(diǎn):http://blog.chinaunix.net/u/13329/showart_433457.html |
|