一个简单的防CC攻击Shell脚本分享
实现代码:
#!/bin/sh
cd/var/log/httpd/
cataccess_log|awk'{print$1}'|sort|uniq-c|sort-n-r|head-n20>a
cp/dev/nullaccess_log
cp/dev/nullerror_log
cp/dev/nulllimit.sh
cp/dev/nullc
#awk'{print$2}'a|awk-F.'{print$1"."$2"."$3}'|sort|uniq>b
cata|whilereadnumip
do
if["$num"-gt"20"]
then
echo$ip>>c
fi
done
catc|awk-F.'{print$1"."$2"."$3}'|sort|uniq>b
#catc|sort|uniq>b
foriin`catb`
#catb|sed's/\.//g'|whilereadi1i2i3i4
do
if`catourip|grep$i>/dev/null2>&1`
then
echo"`date`$i">>test
else
echo"iptables-IINPUT-ptcp-dport80-s$i.0/24-jDROP">>limit.sh
fi
done
使用方法,运行命令:shlimit.sh,这样就会把访问量过高的IP加入防火墙,并禁止访问