使用shell脚本结合iptables防止类CC攻击

阅读更多
#!/bin/bash
#script info:
#     Analysis access_log.abc log for a certain period of time to visit the suffix: "mp3",
#     and more than a certain number of requests an IP address, this IP address to iptables to filter to prevent the attack of CC.

cd /usr/local/apache/logs/

tail access_log.abc -n 2000 | awk '{print $1,$7}'| grep -E 'mp3$' | awk '{print $1,$2}' | sort | uniq -c | sort -nr | grep -v -E '127.0' | awk '{if($2!=null && $1>50){print $2}}' > drop_ip.txt

for i in `cat drop_ip.txt`
do
FLAG=0
  for ai in `cat drop_ip_all.txt`
    do
      if [ "$i" = "$ai" ]; then
        FLAG=1
        break
      fi
  done
  if [ $FLAG -eq 0 ]; then
    #echo --new drop ip:$i
    #add to iptables
    /sbin/iptables -A INPUT -s $i -p tcp --dport 80 -j DROP
  fi
done

#select drop_ip.txt append to drop_ip_all.txt
cat drop_ip.txt >> drop_ip_all.txt

#drop_ip_all remove repeat ip
#cat drop_ip_all.txt | sort | uniq > drop_ip_all.txt

你可能感兴趣的:(shell,iptables,linux,CC攻击)