1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
#!/bin/bash
#2014/01/02 caishzh
TODAY=$(date +%Y%m%d)
LOG=/home/caishzh/banip.log
ACCESSLOG=/opt/apache/logs/access-${TODAY}.log
TMPLOG=/tmp/banip_tmp.log
NOW=$(date +%Y%m%d%H%M)
TMPTIME=$(date -d "-5 minute" +%Y%m%d%H%M)
LIMIT=30
sed -n "/${TMPTIME}/,/${NOW}/p" $ACCESSLOG >$TMPLOG
grep zone_protocol.aspx?zone_id $TMPLOG |cut -d" " -f3|sort|uniq -c|awk -v limit="$LIMIT" '$1>limit{print $1,$2}' | while read times ip;
do
if ! iptables-save|grep $ip >/dev/null && ! grep "${ip}$" /home/caishzh/whitelist >/dev/null;then
iptables -I INPUT -s "$ip" -p tcp -m tcp --dport 80 -j DROP
echo "$(date +'%F %T') $times $ip" >>$LOG
fi
done
|