The company's website server is usually infrequently accessed, but every time from the early morning to around 8 o'clock, the website background will be attacked by many brute force account cracking attacks, resulting in frequent alerts for the website to nagios at night. Solution: According to access. log Access records, which are collected every 20 minutes. php blocks IP addresses more than 100 times. Of course, when awk conditions match, you can add error codes .. #! /Bin/bash # cron-/20 # set-x_FILE = '/home/logs/access _****. log 'awk'/logging. php/{stat [$1] ++} END {for (I in stat) {if (stat [I]> = '20140901 ') print I} '$ _ FILE>/tmp/badip. $ (date must contain f0000.txt for ip in 'sort-u/tmp/badip. $ (date should contain f0000.txt 'doif/sbin/iptables-nL | grep DROP | grep $ ip>/dev/null 2> & 1; then: else/sbin/iptables-I INPUT 10-s $ ip-j DROP [$? = 0] & echo "Time: $ (date +" % F % T "): $ ip" >>/ root/ycan/drop_record.txtfidone 2. add to scheduled task */20 00-08 ***/root/ycan/badip. sh