Analyze nginx diaries and use iptables to block IP addresses to prevent CC attacks

This method is used to passively analyze the nginx diary to find the IP address with a large number of requests and seal it with iptables. To actively limit the number of ip connections, refer to using nginx to limit the number of IP connections to prevent CC attacks.

#! /Bin/bash
# Created by http://www.onovps.com www.2cto.com
Num = 100 # Upper Limit
Cd/home/wwwlogs
For I in 'Tail access. log-n 1000 | awk '{print $1}' | sort | uniq-c | sort-rn | awk '{if ($1> $ num) {print $2 }}''
# Read the latest 1000 records. If a single IP address exceeds 100 records, it will be blocked.
Do
Iptables-I input-p tcp-s $ I -- dport 80-j DROP
Done

Join crontab to schedule tasks

Crontab-e
*/5 * sh/path/file. sh # Run the command once every 5 minutes.