#!/bin/bash
#
Info_File=/tmp/ddos_check.log
#从连接数获取
#netstat -lant|awk -F "[ :]+" '/:443/{clsn[$6]++}END{for(pol in clsn)print pol,clsn[pol]}' >$Info_File
# 从日志获取
#awk '{hotel[$1]++}END{for(pol in hotel)print pol,hotel[pol]}' access.log|sort -nk2 -r >$Info_File
cat /var/log/nginx/access.log |awk -F':' '{print $1}' |awk '{hotel[$1]++}END{for(pol in hotel)print pol,hotel[pol]}' |sort -nk2 -r >$Info_File
while read line
do
Ip_Add=`echo $line |awk '{print $1}'`
Access=`echo $line |awk '{print $2}'`
if [ $Access -ge 10000 ]
then
#echo $Ip_Add
#iptables -I INPUT -s $Ip_Add -j DROP
iptables -nL | grep $Ip_Add ||(iptables -I INPUT -s $Ip_Add -j DROP & echo "$Ip_Add `date +%Y-%m-%d-%H:%M:%S`">> /root/deny.log)
fi
done <$Info_File
防ddos-shell
最新推荐文章于 2024-03-13 16:13:28 发布