转载请保留: http://www.cnscn.org(CNS电脑与英语学习网)
#!/bin/sh
#
# keep the DDOS away
# Author cnscn <http://www.cnscn.org>
# Time: 2007-11-30
#

#get the access Ip
awk '{print $1}' /usr/local/apache/logs/access_log | sort  | awk '{print $1}' >/root/ip_access.txt

#这里也可以把access_log拷贝一下或在awk中计算时间，由于麻烦和目前的log不太重要，所以就直接清了,有兴趣您可以修改补足，请把修改的贴上来哟^_^
cat /usr/local/apache/logs/access_log >> /usr/local/apache/logs/access_log_raw

>/usr/local/apache/logs/access_log

#deny the ip the visits times greater than 500
IP=$(awk 'BEGIN{nums=500;count=1;last=""}{if(last!=$1){if(count>nums && last!="::1" && match(last,"124.42.125")==0 && match(last,"192.168")==0 && match(last,"127.0.0.1")==0 ){print last};last=$1;count=1;}else{count++;} }' /root/ip_access.txt)

#把IP用防火墙Drop掉
if [ "" != $IP ]
then
  　echo "/sbin/iptables -I INPUT -s $IP -j DROP"
    #这里直接添加到INPUT等重启iptables后会自动失效，可以做修改把这些IP放到文件里
  　/sbin/iptables -I INPUT -s $IP -j DROP
fi