#!/bin/sh
#防刷脚本 #env
ACCESS_PATH=/home/wwwlogs
ACCESS_LOG=y.log
IPTABLES_TOP_LOG=iptables_top.log
DROP_LOG=droplist.log
HISTORY_LOG=history.log
#ip白名单
noip=`cat noip.list`
#防刷阈值
limitnum=500
#统计请求日志
while true
do
awk '{print$1}' ${ACCESS_PATH}/${ACCESS_LOG} \
| egrep -vi "${noip}" \
| sort \
| uniq -c \
| sort -rn \
| head -20 \
>${ACCESS_PATH}/${IPTABLES_TOP_LOG} #判断是否达到阈值
exec<${ACCESS_PATH}/${IPTABLES_TOP_LOG}
while read line
do
count=$(echo $line | awk '{print$1}')
ip=$(echo $line |awk '{print$2}')
[ "$count" -gt "$limitnum" ] && {
iptables -I INPUT -s $ip -j DROP;
echo -e " $line is dropped\c">>${ACCESS_PATH}/${DROP_LOG}
}
done
#发送告警
sendnum=`cat ${ACCESS_PATH}/${DROP_LOG}|wc -L`
[ "$sendnum" -gt "0" ] && {
content="报警:$(hostname) $(date +%X) $(cat ${ACCESS_PATH}/${DROP_LOG}) \
以上IP访问次数频繁,单IP 1分钟超过阈值${limitnum}请注意查看"
python /server/scripts/iptables/sms.py 15900009999 "${content}"
cat ${ACCESS_PATH}/droplist.log >>${ACCESS_PATH}/${HISTORY_LOG}
>${ACCESS_PATH}/${DROP_LOG}|
}
#清除1分钟内数据,准备下一次新数据 >${ACCESS_PATH}/${IPTABLES_TOP_LOG}
sleep 60
done
#!/bin/sh
#防刷脚本 #env
ACCESS_PATH=/home/wwwlogs
ACCESS_LOG=y.log
IPTABLES_TOP_LOG=iptables_top.log
DROP_LOG=droplist.log
#防刷阈值
limitnum=500
#统计请求日志
while true
do
awk '{print$1}' ${ACCESS_PATH}/${ACCESS_LOG} \
| sort \
| uniq -c \
| sort -rn \
| head -20 \
>${ACCESS_PATH}/${IPTABLES_TOP_LOG} #判断是否达到阈值
exec<${ACCESS_PATH}/${IPTABLES_TOP_LOG}
while read line
do
count=$(echo $line | awk '{print$1}')
ip=$(echo $line |awk '{print$2}')
[ "$count" -gt "$limitnum" ] && {
iptables -I INPUT -s $ip -j DROP;
echo -e " $line is dropped\c">>${ACCESS_PATH}/${DROP_LOG}
}
done #清除1分钟内数据,准备下一次新数据 >${ACCESS_PATH}/${IPTABLES_TOP_LOG}
sleep 60
done