Linux防CC攻擊指令碼

標籤：blog   http   com   linux   伺服器   for   

多數CC攻擊在web伺服器日誌中都有相同攻擊的特徵，我們可以根據這些特徵過濾出攻擊的ip，利用iptables來阻止

#!/bin/bash

#by LinuxEye

#BLOG: http://blog.linuxeye.com

OLD_IFS=$IFS

IFS=$‘n‘

not_status=`iptables -nvL | grep "dpt:80" | awk ‘{print $8}‘`

for status in `cat /usr/local/nginx/logs/wordpress_access.log | grep ‘特徵字串‘ | awk ‘{print $1}‘  | sort -n | uniq -c | sort -r -n | grep -v "$not_status"`

do

    IFS=$OLD_IFS

    NUM=`echo $status | awk ‘{print $1}‘`

    IP=`echo $status | awk ‘{print $2}‘`

    result=`echo "$NUM > 250" | bc`

    if [ $result = 1 ];then

    #   echo IP:$IP is over $NUM, BAN IT!

        /sbin/iptables -I INPUT -p tcp  -s $IP --dport 80 -j DROP

    fi

done