Linux/Cent OS防CC攻击脚本

老男孩linux教育 2010-03-05

  #!/bin/sh
  cd /var/log/httpd/
  cat access_log|awk '{print $1}'|sort|uniq -c|sort -n -r|head -n 20 > a
  cp /dev/null access_log
  cp /dev/null error_log
  cp /dev/null limit.sh
  cp /dev/null c
  #awk '{print $2}' a|awk -F. '{print $1"."$2"."$3}'|sort|uniq > b
  cat a|while read num ip
  do
  if [ "$num" -gt "20" ]
  then
  echo $ip >> c
  fi
  done
  cat c|awk -F. '{print $1"."$2"."$3}'|sort|uniq > b
  #cat c|sort|uniq > b
  for i in `cat b`
  #cat b|sed 's/\./ /g'|while read i1 i2 i3 i4
  do
  if `cat ourip |grep $i > /dev/null 2>&1`
  then
  echo "`date` $i" >> test
  else
  echo "iptables -I INPUT -p tcp -dport 80 -s $i.0/24 -j DROP" >> limit.sh
  fi
  done
  sh limit.sh

相关推荐