#!/bin/bash
#script info:
# Analysis access_log.abc log for a certain period of time to visit the suffix: "mp3",
# and more than a certain number of requests an IP address, this IP address to
iptables to filter to prevent the attack of CC.
# by www.jb200.com
#
cd /usr/local/
apache/logs/
tail access_log.abc -n 2000 |
linuxjishu/13830.html target=_blank class=infotextkey>awk '{print $1,$7}'| grep -E 'mp3$' | awk '{print $1,$2}' | sort | uniq -c | sort -nr | grep -v -E '127.0' | awk '{if($2!=null && $1>50){print $2}}' > drop_ip.txt
for i in `cat drop_ip.txt`
do
FLAG=0
for ai in `cat drop_ip_all.txt`
do
if [ "$i" = "$ai" ]; then
FLAG=1
break
fi
done
if [ $FLAG -eq 0 ]; then
#echo --new drop ip:$i
#add to iptables
/sbin/iptables -A INPUT -s $i -p tcp --dport 80 -j DROP
fi
done
#select drop_ip.txt append to drop_ip_all.txt
cat drop_ip.txt >> drop_ip_all.txt
#drop_ip_all remove repeat ip
#cat drop_ip_all.txt | sort | uniq > drop_ip_all.txt
