#!/bin/sh ######################### #monitor 恶意IP地址 #by zkg #日期:2019-08-23 ######################### . /etc/init.d/functions WEBFILE=/data/nginx/logs/access.log-2019-08-19 while true do tail -n 200 $WEBFILE|awk ‘{print $1}‘
#########################
#monitor 恶意IP地址
#by zkg
#日期:2019-08-23
#########################
. /etc/init.d/functions
WEBFILE=/data/nginx/logs/access.log-2019-08-19
while true
do
tail -n 200 $WEBFILE|awk ‘{print $1}‘|sort|uniq -c >/tmp/iptables.log
while read line
do
IP=echo $line|awk ‘{print $2}‘
COUNT=echo $line|awk ‘{print $1}‘
IPTABLESCOUNT=iptables -L -n|grep "$IP"|wc -lif [ $COUNT -ge 50 -a $IPTABLESCOUNT -lt 1 ];theniptables -I INPUT -s $IP -j DROP && \/etc/init.d/iptables save [ $? -eq 0 ]&&echo "$IP may be a malicious attack on IP, successfully blocking this IP" /bin/truefidone </tmp/iptables.logsleep 5done