|
一段不错的shell脚本,用于防止CC攻击,有用到的朋友,研究下吧。
代码:
#!/bin/bash
#script info: # Analysis access_log.abc log for a certain period of time to visit the suffix: "mp3", # and more than a certain number of requests an IP address, this IP address to iptables to filter to prevent the attack of CC. # by www.it.net.cn # cd /usr/local/apache/logs/ tail access_log.abc -n 2000 | awk '{print $1,$7}'| grep -E 'mp3$' | awk '{print $1,$2}' | sort | uniq -c | sort -nr | grep -v -E '127.0' | awk '{if($2!=null && $1>50){print $2}}' > drop_ip.txt for i in `cat drop_ip.txt` do FLAG=0 for ai in `cat drop_ip_all.txt` do if [ "$i" = "$ai" ]; then FLAG=1 break fi done if [ $FLAG -eq 0 ]; then #echo --new drop ip:$i #add to iptables /sbin/iptables -A INPUT -s $i -p tcp --dport 80 -j DROP fi done #select drop_ip.txt append to drop_ip_all.txt cat drop_ip.txt >> drop_ip_all.txt #drop_ip_all remove repeat ip #cat drop_ip_all.txt | sort | uniq > drop_ip_all.txt (责任编辑:IT) |