网站总是被ddos***,导致网站流量下降,故写了一个防止ddos***的脚本,分为黑名单和白名单俩个文件,前提nginx日志一定要做了日志分割功能,按小时分割,功能1.查nginx日志什么小时内的访问前几名,第二.封ip,第三.解ip,上脚本
#!/bin/bash
date=`date +%Y:%m:%d-%H:%M`
read -p "封ip请输入heimingdan,解ip请输入baiming,查访问前几名的ip地址请输入paiming:" mingdan
if [ "$mingdan" == paiming ]; then
read -p "想查几点的nginx日志:" time
read -p "想查排名前几名的ip地址:" paiming
date1=`date +%Y%m%d`
awk '{++a[$1]}END{for ( i in a ) print i,a[i]}' /usr/local/nginx/logs/access.log.$date1$time|sort -k2 -rn|head -n$paiming
echo "请把要封的ip地址写入/opt/yanchao/heimingdan/heimingdan.txt中"
fi
if [ "$mingdan" == heimingdan ]; then
if [ -s /opt/yanchao/heimingdan/heimingdan.txt ]; then
while read line
do
iptables -I INPUT -s $line -j DROP
cat $line >> /opt/yanchao/heimingdan/droplishi.txt
done < /opt/yanchao/heimingdan/heimingdan.txt
cat /dev/null > /opt/yanchao/heimingdan/heimingdan.txt
else
echo heimingdan为空
fi
fi
if [ "$mingdan" == baiming ]; then
if [ -s /opt/yanchao/heimingdan/baimingdan.txt ]; then
while read line
do
iptables -D INPUT -s $line -j REJECT
cat $line >> /opt/yanchao/baimingdan/droplishi.txt
done < /opt/yanchao/heimingdan/heimingdan.txt
cat /dev/null > /opt/yanchao/heimingdan/baimingdan.txt
else
echo baimingdan为空
fi
fi
转载于:https://blog.51cto.com/zhouzhenxing/1353284