分类:
2011-05-18 20:59:36
原文地址:应对synflood 攻击的方法 作者:xyaxlz
#!/bin/sh
bip=`tail -n 100000 access.log | awk ' $9 ~ "/" ' | awk '$11 == "499" || $11 == "301" ' |awk '$12 == "0"|| $12 == "306" '|awk '$13 == "\"-\""'|awk '{print $2}'|sort -n|uniq -c |sort -n|tail -n 100|awk '{print $2}'|grep -vE "220.231.22.195|124.207.40.131"`
echo "$bip" >> /root/iptables2.txt
for ip in $bip; do
/sbin/iptables -A INPUT -s $ip -j DROP; echo $ip
done
7、
#!/bin/sh
bip=`tail -n 1000 /usr/local/nginx-rewrite/logs/rewrite.xxx.com | awk ' $9 ~ "/" ' | awk '$11 == "499" ' |awk '$12 == "0" '|awk '$13 == "\"-\""' | awk '{print $3}' | sort -nr | uniq -c | sort -nr |awk '$1 > 4' | awk '{print $2}'|grep -vE "220.231.22.195|124.207.40.131"`
bip2=`tail -n 1000 /usr/local/nginx-rewrite/logs/rewrite.xxx.com | awk ' $9 ~ "/" ' | awk '$11 == "301" ' |awk '$12 == "306" || $12 == "185" '|awk '$13 == "\"-\""' | awk '{print $3}' | sort -nr | uniq -c | sort -nr |awk '$1 > 4' | awk '{print $2}'|grep -vE "220.231.22.195|124.207.40.131"`
echo "$bip2" >> /root/iptables2.txt
echo "$bip" >> /root/iptables2.txt
for ip in $bip; do
/sbin/iptables -A INPUT -s $ip -j DROP; echo $ip
done
for ip2 in $bip2; do
/sbin/iptables -A INPUT -s $ip2 -j DROP; echo $ip2
done
sleep 15
bip=`tail -n 1000 /usr/local/nginx-rewrite/logs/rewrite.xxxx.com | awk ' $9 ~ "/" ' | awk '$11 == "499" ' |awk '$12 == "0" '|awk '$13 == "\"-\""' | awk '{print $3}' | sort -nr | uniq -c | sort -nr |awk '$1 > 4' | awk '{print $2}'|grep -vE "220.231.22.195|124.207.40.131"`
bip2=`tail -n 1000 /usr/local/nginx-rewrite/logs/rewrite.xxxx.com | awk ' $9 ~ "/" ' | awk '$11 == "301" ' |awk '$12 == "306" || $12 == "185" '|awk '$13 == "\"-\""' | awk '{print $3}' | sort -nr | uniq -c | sort -nr |awk '$1 > 4' | awk '{print $2}'|grep -vE "xxx.231.xxx.195|xxx.2xx.40.131"`
echo "$bip2" >> /root/iptables2.txt
echo "$bip" >> /root/iptables2.txt
for ip in $bip; do
/sbin/iptables -A INPUT -s $ip -j DROP; echo $ip
done
for ip2 in $bip2; do
/sbin/iptables -A INPUT -s $ip2 -j DROP; echo $ip2
done
sleep 15
bip=`tail -n 1000 /usr/local/nginx-rewrite/logs/rewrite.xxxx.com | awk ' $9 ~ "/" ' | awk '$11 == "499" ' |awk '$12 == "0" '|awk '$13 == "\"-\""' | awk '{print $3}' | sort -nr | uniq -c | sort -nr |awk '$1 > 4' | awk '{print $2}'|grep -vE "220.231.22.195|124.207.40.131"`
bip2=`tail -n 1000 /usr/local/nginx-rewrite/logs/rewrite.xxxx.com | awk ' $9 ~ "/" ' | awk '$11 == "301" ' |awk '$12 == "306" || $12 == "185" '|awk '$13 == "\"-\""' | awk '{print $3}' | sort -nr | uniq -c | sort -nr |awk '$1 > 4' | awk '{print $2}'|grep -vE "xx0.2xx.22.1xx|xx.2xx.xxx.131"`
echo "$bip2" >> /root/iptables2.txt
echo "$bip" >> /root/iptables2.txt
for ip in $bip; do
/sbin/iptables -A INPUT -s $ip -j DROP; echo $ip
done
for ip2 in $bip2; do
/sbin/iptables -A INPUT -s $ip2 -j DROP; echo $ip2
done