获取httpd日志1分钟内连续访问网站达100次ip,将其加入iptables中。此脚本只做简单分析。
#!/bin/bash
##############################################
#Author: LIYUNQING - liyunqing113@126.com
#QQ:332841772
#Last modified: 2016-12-28 02:55
#Filename: Ddos.sh
#Description: To prevent DDOS attacks
##############################################
#. /etc/init.d/functions
Logfile=‘/var/log/httpd/access_log‘
Start_time=`date -d"1 minutes ago" +"%H:%M:%S"`
Dtop_time=`date +"%H:%M:%S"`
tmplog="/tmp/ht.log"
tac $Logfile |awk -v st="$Start_time" -v et="$Dtop_time" ‘{
t=substr($4,RSTART+14,21);
if(t>=st && t<=et)
{print $0}}‘ > $tmplog
awk ‘{arr[$1]++}END{for(i in arr)print i,arr[i]}‘ $tmplog > /tmp/ip.log
while read line
do
ip=`echo $line|cut -d‘ ‘ -f1`
count=`echo $line |cut -d‘ ‘ -f2`
if [ $count -ge 100 ] ; then
iptables -A INPUT -s $ip -j REJECT &> /dev/null && echo "interception $ip access httpd service."
service iptables save &> /dev/null
fi
done < /tmp/ip.log本文出自 “秋季” 博客,请务必保留此出处http://lxlxlx.blog.51cto.com/3363989/1887055
原文:http://lxlxlx.blog.51cto.com/3363989/1887055