Linux Shell automatic filter site attack Source IP

The specific script content is as follows:

The code is as follows

Copy Code

$ vim/home/rainbow/sbin/block_attack_ips.sh #!/bin/bash Logfile=/webserver/blog/logs/rainbow_access.log function Check_root () { If [$EUID-ne 0]; Then echo "This script must is run as root" Exit 1 Fi } function Block_ips () { blacklist=$@ if [!-Z ' ${blacklist} ']; Then For IP in ${blacklist} Todo if! $ (/sbin/iptables-save | Grep-wq ${ip}); Then Echo/sbin/iptables-i input-s ${ip}/32-p tcp-m tcp--dport 80-j DROP /sbin/iptables-i input-s ${ip}/32-p tcp-m tcp--dport 80-j DROP Fi Done Fi } function Check_login () { tailnum=10000 page=wp-login.php Retry=5 Command= ' grep-w POST ${logfile} |tail-n ${tailnum} |grep-w ${page ' |awk ' {print '} ' |sort |uniq-c ' |awk ' ($ > ${re Try}) {print $} ' " blacklist=$ (eval ${command}) Block_ips ${blacklist} } function Check_others () { tailnum=10000 retry=400 Command= "Tail-n ${tailnum} ${logfile} |awk ' {print $} ' |sort |uniq-c ' (> |awk}) {print $} '" blacklist=$ (eval ${command}) Block_ips ${blacklist} } Check_root Check_login Check_others $ chmod +x/home/rainbow/sbin/block_attack_ips.sh

Configure Crontab Scheduled Tasks, check every 5 minutes, and periodically restart the Iptables service to purge old records:
$ sudo crontab-e

code is as follows	copy code
*/5 * * * */ho ME/RAINBOW/SBIN/BLOCK_ATTACK_IPS.SH * * */etc/init.d/iptables restart