网站总是被ddos***,导致网站流量下降,故写了一个防止ddos***的脚本,分为黑名单和白名单俩个文件,前提nginx日志一定要做了日志分割功能,按小时分割,功能1.查nginx日志什么小时内的访问前几名,第二.封ip,第三.解ip,上脚本


#!/bin/bash
date=`date +%Y:%m:%d-%H:%M`
read -p "封ip请输入heimingdan,解ip请输入baiming,查访问前几名的ip地址请输入paiming:" mingdan
if [ "$mingdan" == paiming ]; then
      read -p "想查几点的nginx日志:" time
      read -p "想查排名前几名的ip地址:" paiming
      date1=`date +%Y%m%d`
      awk '{++a[$1]}END{for ( i in a ) print i,a[i]}' /usr/local/nginx/logs/access.log.$date1$time|sort -k2 -rn|head -n$paiming
      echo "请把要封的ip地址写入/opt/yanchao/heimingdan/heimingdan.txt中"
fi
if [ "$mingdan" == heimingdan ]; then
      if [ -s /opt/yanchao/heimingdan/heimingdan.txt ]; then
              while read line
              do
                      iptables -I INPUT -s $line -j DROP
                      cat $line >> /opt/yanchao/heimingdan/droplishi.txt
              done < /opt/yanchao/heimingdan/heimingdan.txt
              cat /dev/null > /opt/yanchao/heimingdan/heimingdan.txt
      else
              echo heimingdan为空
      fi
fi
if [ "$mingdan" == baiming ]; then
      if [ -s /opt/yanchao/heimingdan/baimingdan.txt ]; then
              while read line
              do
                      iptables -D INPUT -s $line -j REJECT
                      cat $line >> /opt/yanchao/baimingdan/droplishi.txt
              done < /opt/yanchao/heimingdan/heimingdan.txt
              cat /dev/null > /opt/yanchao/heimingdan/baimingdan.txt
      else
              echo baimingdan为空
      fi
fi