欢迎各位兄弟 发布技术文章
这里的技术是共享的
crontab 里面
*/5 * * * * /bin/bash /root/drop_ip.sh
0 */3 * * * /bin/bash /root/drop_iptables.sh
[root@mail ~]# vim drop_ip.sh
#!/bin/bash
#
declare -i COUNT=20
declare -i COUNT2=280
drop_ip_arr=`tail -5000 /www/wdlinux/nginx-1.2.9/logs/access.log | grep -v "w.wzfzxx.com" | grep -v "211.149.205.29" | grep -v "101.247.127.33" | grep -v "admin21232f297" | grep -v '\.jpg\|\.png\|\.gif\|\.js\|\.png\|\.css' |grep -v '114.217.193.132' | grep -v "Baiduspider" | grep -v "Sogou" | grep -v "YisouSpider" | grep -v "bingbot" | grep -v "360Spider" | grep -v "HaosouSpider" | grep -v "Googlebot" | awk '{a[$1]++}END{for(i in a)if(a[i]>'$COUNT')print i,a[i]}'` #这个命令是打印出 ip 和次数(20次 (COUNT) 以上的) (比如结果为 11.12.13.14 30)
drop_ip_arr2=`echo "$drop_ip_arr" | awk -F'[. ]' '{print $1"."$2"."$3"."0,$5}'` #这个命令是ip的前三位弄出来,再加上 次数
echo "$drop_ip_arr2"
drop_ip=`echo "$drop_ip_arr2" | awk '{a[$1]+=$2} END {for(i in a)if(a[i]>'$COUNT2') print i}'` #这个命令是ip的前三位弄出来加上 .0 ,然后 把次数大于 280 (COUNT2)的弄出来 (比如结果为 11.12.13.0)
#echo "$drop_ip"
for i in $drop_ip; do
if [ -n $i ] && ! /sbin/iptables -nvL | grep $i &>/dev/null ;then
#echo ${i} `date` >> /root/getipdate.txt
/sbin/iptables -D INPUT -s $i/24 -j DROP &> /dev/null
/sbin/iptables -I INPUT 2 -s $i/24 -j DROP
fi
done
[root@mail ~]# vim drop_iptables.sh
#!/bin/bash
#
table=/tmp/iptables.log
/sbin/iptables-save > $table
drop_ip=`cat $table |awk -F'[ ]' '/INPUT.*DROP/{if (NR>6){print $4}}'`
for i in $drop_ip; do
/sbin/iptables -D INPUT -s $i -j DROP
done
又经过改写
[root@mail ~]# vim drop_ip.sh
#!/bin/bash
#
declare -i COUNT=20
declare -i COUNT2=200
drop_ip_arr=`tail -5000 /www/wdlinux/nginx-1.2.9/logs/access.log | grep -v "w.aaaaa.com" | grep -v "211.149.205.29" | grep -v "101.247.127.33" | grep -v "bbbbb" | grep -v '\.jpg\|\.png\|\.gif\|\.js\|\.png\|\.css' |grep -v '114.217.193.132' | grep -v "Baiduspider" | grep -v "Sogou" | grep -v "YisouSpider" | grep -v "bingbot" | grep -v "360Spider" | grep -v "HaosouSpider" | grep -v "Googlebot" | awk '{a[$1]++}END{for(i in a)if(a[i]>'$COUNT')print i,a[i]}'`
drop_ip_arr2=`echo "$drop_ip_arr" | awk -F'[. ]' '{print $1"."$2"."$3"."0,$5}'`
#echo "$drop_ip_arr2"
drop_ip=`echo "$drop_ip_arr2" | awk '{a[$1]+=$2} END {for(i in a)if(a[i]>'$COUNT2') print i}'`
drop_ip_bak=`echo "$drop_ip_arr2" | awk '{a[$1]+=$2} END {for(i in a)if(a[i]>'$COUNT2') print i,a[i]}'`
echo "$drop_ip_bak"
for i in $drop_ip; do
if [ -n $i ] && ! /sbin/iptables -nvL | grep $i &>/dev/null ;then
#echo ${i} `date` >> /root/getipdate.txt
/sbin/iptables -D INPUT -s $i/24 -p tcp --dport 80 -j DROP &> /dev/null
/sbin/iptables -D INPUT -s $i/24 -p tcp --dport 443 -j DROP &> /dev/null
/sbin/iptables -I INPUT 2 -s $i/24 -p tcp --dport 80 -j DROP
/sbin/iptables -I INPUT 2 -s $i/24 -p tcp --dport 443 -j DROP
fi
done
[root@mail ~]# vim drop_iptables.sh
#!/bin/bash
#
table=/tmp/iptables.log
/sbin/iptables-save > $table
drop_ip=`cat $table |awk -F'[ ]' '/INPUT.*DROP/{if (NR>6){print $4}}'`
for i in $drop_ip; do
echo $i
/sbin/iptables -D INPUT -s $i -p tcp --dport 80 -j DROP
/sbin/iptables -D INPUT -s $i -p tcp --dport 443 -j DROP
done
~
drop_ip.sh 这个是有用的
[root@mail ~]# vim drop_ip.sh # 最终版
#!/bin/bash
#
declare -i COUNT=20
declare -i COUNT2=400
drop_ip_arr=`tail -10000 /www/wdlinux/nginx-1.2.9/logs/access.log | grep -v "aaa" | grep -v "w.bbbb.com" | grep -v "211.149.xxx.29" | grep -v "101.247.yyy.33" | grep -v "cccc" | grep -v '\.jpg\|\.png\|\.gif\|\.js\|\.png\|\.css' |grep -v '114.217.193.132' | grep -v "Baiduspider" | grep -v "baiduboxapp" | grep -v "Sogou" | grep -v "YisouSpider" | grep -v "bingbot" | grep -v "360Spider" | grep -v "HaosouSpider" | grep -v "Googlebot" | awk '{a[$1]++}END{for(i in a)if(a[i]>'$COUNT')print i,a[i]}'`
drop_ip_arr2=`echo "$drop_ip_arr" | awk -F'[. ]' '{print $1"."$2"."$3"."0,$5}'`
#echo "$drop_ip_arr2"
drop_ip=`echo "$drop_ip_arr2" | awk '{a[$1]+=$2} END {for(i in a)if(a[i]>'$COUNT2') print i}'`
drop_ip_bak=`echo "$drop_ip_arr2" | awk '{a[$1]+=$2} END {for(i in a)if(a[i]>'$COUNT2') print i,a[i]}'`
echo "$drop_ip_bak"
for i in $drop_ip; do
if [ -n $i ] && ! /sbin/iptables -nvL | grep $i &>/dev/null ;then
#echo ${i} `date` >> /root/getipdate.txt
/sbin/iptables -D INPUT -s $i/24 -p tcp --dport 80 -j DROP &> /dev/null
/sbin/iptables -D INPUT -s $i/24 -p tcp --dport 443 -j DROP &> /dev/null
/sbin/iptables -I INPUT 2 -s $i/24 -p tcp --dport 80 -j DROP
/sbin/iptables -I INPUT 2 -s $i/24 -p tcp --dport 443 -j DROP
fi
done
drop_ip2.sh 这个也是有用的
[root@mail ~]# vim drop_ip2.sh # 最终版
#!/bin/bash
#
declare -i COUNT=20
declare -i COUNT2=60
drop_ip_arr=`tail -10000 /www/wdlinux/httpd-2.2.22/logs/access_log | grep "POST" | grep -v "w.aaa.com" | grep -v "w.bbb.com" | grep -v "de980JH--ccccc" | grep -v "dddd" | awk '{a[$2]++}END{for(i in a)if(a[i]>'$COUNT')print i,a[i]}'`
echo "$drop_ip_arr"
echo "hui che1"
drop_ip_arr2=`echo "$drop_ip_arr" | awk -F'[. ]' '{print $1"."$2"."$3"."0,$5}'`
echo "$drop_ip_arr2"
echo "hui che2"
drop_ip=`echo "$drop_ip_arr2" | awk '{a[$1]+=$2} END {for(i in a)if(a[i]>'$COUNT2') print i}'`
drop_ip_bak=`echo "$drop_ip_arr2" | awk '{a[$1]+=$2} END {for(i in a)if(a[i]>'$COUNT2') print i,a[i]}'`
echo "$drop_ip_bak"
echo "hui che3"
for i in $drop_ip; do
if [ -n $i ] && ! /sbin/iptables -nvL | grep $i &>/dev/null ;then
#echo ${i} `date` >> /root/getipdate.txt
/sbin/iptables -D INPUT -s $i/24 -p tcp --dport 80 -j DROP &> /dev/null
/sbin/iptables -D INPUT -s $i/24 -p tcp --dport 443 -j DROP &> /dev/null
/sbin/iptables -I INPUT 2 -s $i/24 -p tcp --dport 80 -j DROP
/sbin/iptables -I INPUT 2 -s $i/24 -p tcp --dport 443 -j DROP
fi
done
[root@mail ~]# vim drop_iptables.sh # 最终版
#!/bin/bash
#
table=/tmp/iptables.log
/sbin/iptables-save > $table
drop_ip=`cat $table |awk -F'[ ]' '/INPUT.*DROP/{if (NR>6){print $4}}'`
for i in $drop_ip; do
#echo $i
/sbin/iptables -D INPUT -s $i -p tcp --dport 80 -j DROP
/sbin/iptables -D INPUT -s $i -p tcp --dport 443 -j DROP
done