转载请保留: ()
#!/bin/sh
#
# keep the DDOS away
# Author cnscn <>
# Time: 2007-11-30
#
#get the access Ip
awk '{print $1}' /usr/local/apache/logs/access_log | sort | awk '{print $1}' >/root/ip_access.txt
#这里也可以把access_log拷贝一下或在awk中计算,由于麻烦和目前的log不太重要,所以就直接清了,有兴趣您可以修改补足,请把修改的贴上来哟^_^
cat /usr/local/apache/logs/access_log >> /usr/local/apache/logs/access_log_raw
>/usr/local/apache/logs/access_log
#deny the ip the visits times greater than 500
IP=$(awk
'BEGIN{nums=500;count=1;last=""}{if(last!=$1){if(count>nums
&& last!="::1" && match(last,"124.42.125")==0
&& match(last,"192.168")==0 &&
match(last,"127.0.0.1")==0 ){print
last};last=$1;count=1;}else{count++;} }' /root/ip_access.txt)
#把IP用防火墙Drop掉
if [ "" != $IP ]
then
echo "/sbin/iptables -I INPUT -s $IP -j DROP"
#这里直接添加到INPUT等重启iptables后会自动失效,可以做修改把这些IP放到文件里
/sbin/iptables -I INPUT -s $IP -j DROP
fi
阅读(582) | 评论(0) | 转发(0) |