获取httpd日志1分钟内连续访问网站达100次ip,将其加入iptables中。此脚本只做简单分析。
#!/bin/bash ############################################## #Author: LIYUNQING - liyunqing113@126.com #QQ:332841772 #Last modified: 2016-12-28 02:55 #Filename: Ddos.sh #Description: To prevent DDOS attacks ############################################## #. /etc/init.d/functions Logfile='/var/log/httpd/access_log' Start_time=`date -d"1 minutes ago" +"%H:%M:%S"` Dtop_time=`date +"%H:%M:%S"` tmplog="/tmp/ht.log" tac $Logfile |awk -v st="$Start_time" -v et="$Dtop_time" '{ t=substr($4,RSTART+14,21); if(t>=st && t<=et) {print $0}}' > $tmplog awk '{arr[$1]++}END{for(i in arr)print i,arr[i]}' $tmplog > /tmp/ip.log while read line do ip=`echo $line|cut -d' ' -f1` count=`echo $line |cut -d' ' -f2` if [ $count -ge 100 ] ; then iptables -A INPUT -s $ip -j REJECT &> /dev/null && \ echo "interception $ip access httpd service." service iptables save &> /dev/null fi done < /tmp/ip.log
转载于:https://blog.51cto.com/lxlxlx/1887055