The script to block the source IP address when the website is subject to abnormal connections from a large number of hosts.
#! /Bin/bash
Touch all
For I in 'seq 1 100 '// controls the loop of the script
Do
Sleep 1 time control
Ip = 'Tail-30/var/log/. log | grep HTTP/1.1 | awk '{print $1}' | sort-n | uniq '// extract the IP address of the host that is not properly connected from a hypothetical log file, attack features
If [-z "$ ip"]; then // www.2cto.com if there is no such host
Ehco "OK">/dev/null
Else
For m in 'echo $ ip' // traverse if these hosts exist
Do
N = 'grep-l "^ $ m $"/root/all' // check whether the object has been disabled.
If [$? -Eq 1]; then // if it has not been disabled
Echo iptables-a input-s $ m-p tcp-dport 80-j DROP
Echo "iptables-a input-s $ m-p tcp-dport 80-j DROP"
Iptables-a input-s $ m-p tcp-dport 80-j DROP // disable
Echo $ m>/root/all // write to the all file
Fi
Done
Fi
Service iptables save // save iptables rules
Done
Save and exit
Author http://www.graynight.org /? P = 657