#!/bin/sh #防刷脚本 #env ACCESS_PATH=/home/wwwlogs ACCESS_LOG=y.log IPTABLES_TOP_LOG=iptables_top.log DROP_LOG=droplist.log HISTORY_LOG=history.log #ip白名单 noip=`cat noip.list` #防刷阈值 limitnum=500 #统计请求日志 while true do awk '{print$1}' ${ACCESS_PATH}/${ACCESS_LOG} \ | egrep -vi "${noip}" \ | sort \ | uniq -c \ | sort -rn \ | head -20 \ >${ACCESS_PATH}/${IPTABLES_TOP_LOG} #判断是否达到阈值 exec<${ACCESS_PATH}/${IPTABLES_TOP_LOG} while read line do count=$(echo $line | awk '{print$1}') ip=$(echo $line |awk '{print$2}') [ "$count" -gt "$limitnum" ] && { iptables -I INPUT -s $ip -j DROP; echo -e " $line is dropped\c">>${ACCESS_PATH}/${DROP_LOG} } done #发送告警 sendnum=`cat ${ACCESS_PATH}/${DROP_LOG}|wc -L` [ "$sendnum" -gt "0" ] && { content="报警:$(hostname) $(date +%X) $(cat ${ACCESS_PATH}/${DROP_LOG}) \ 以上IP访问次数频繁,单IP 1分钟超过阈值${limitnum}请注意查看" python /server/scripts/iptables/sms.py 15900009999 "${content}" cat ${ACCESS_PATH}/droplist.log >>${ACCESS_PATH}/${HISTORY_LOG} >${ACCESS_PATH}/${DROP_LOG}| } #清除1分钟内数据,准备下一次新数据 >${ACCESS_PATH}/${IPTABLES_TOP_LOG} sleep 60 done
#!/bin/sh #防刷脚本 #env ACCESS_PATH=/home/wwwlogs ACCESS_LOG=y.log IPTABLES_TOP_LOG=iptables_top.log DROP_LOG=droplist.log #防刷阈值 limitnum=500 #统计请求日志 while true do awk '{print$1}' ${ACCESS_PATH}/${ACCESS_LOG} \ | sort \ | uniq -c \ | sort -rn \ | head -20 \ >${ACCESS_PATH}/${IPTABLES_TOP_LOG} #判断是否达到阈值 exec<${ACCESS_PATH}/${IPTABLES_TOP_LOG} while read line do count=$(echo $line | awk '{print$1}') ip=$(echo $line |awk '{print$2}') [ "$count" -gt "$limitnum" ] && { iptables -I INPUT -s $ip -j DROP; echo -e " $line is dropped\c">>${ACCESS_PATH}/${DROP_LOG} } done #清除1分钟内数据,准备下一次新数据 >${ACCESS_PATH}/${IPTABLES_TOP_LOG} sleep 60 done