标签:
#!/bin/bash #_日志位置 _log_Path="/data0/nginx/weblogs/" #_日志文件名称 _log_FileName="access_blog.kinggoo.com.log" #_要被屏蔽的ip访问端口,默认80 _port="80" _nginx_deny="/opt/webserver/nginx/conf/deny.conf" _nginx_bin="/opt/webserver/nginx/sbin/nginx" _logfilepath=${_log_Path}${_log_FileName} #初始化被禁ip变量 _drop_Ip="" #检测文件 test -e ${_nginx_deny} || touch ${_nginx_deny} for _drop_Ip in $( tail -n50000 "${_logfilepath}" |awk ‘{print $1,$12}‘ |grep -i -v -E "google|yahoo|baidu|msnbot|FeedSky|sogou|WordPress" |awk ‘{print $1}‘|sort|uniq -c|sort -rn |awk ‘{if($1>1000)print ""$2""}‘ ); do grep -q "${_drop_Ip}" ${_nginx_deny} && eg=1 || eg=0 ; if (( ${eg}==0 ));then echo "deny ${_drop_Ip};" >> ${_nginx_deny} ${_nginx_bin} -s reload iptables -I INPUT -p tcp --dport ${_port} -s ${_drop_Ip} -j DROP echo ">>>>> `date ‘+%Y-%m-%d %H%M%S‘` - 发现攻击源地址 -> ${_drop_Ip} " >> /tmp/nginx_deny.log; echo "iptables -I INPUT -p tcp --dport ${_port} -s ${_drop_Ip} -j DROP" >> /tmp/nginx_deny.log fi done
标签:
原文地址:http://my.oschina.net/wangchongya/blog/514982
