#!/bin/bash #by LinuxEye #BLOG: http://blog.linuxeye.com OLD_IFS=$IFS IFS=$'\n' not_status=`iptables -nvL | grep "dpt:80" | awk '{print $8}'` for status in `cat /usr/local/nginx/logs/wordpress_access.log | grep '特征字符串' | awk '{print $1}' | sort -n | uniq -c | sort -r -n | grep -v "$not_status"` do IFS=$OLD_IFS NUM=`echo $status | awk '{print $1}'` IP=`echo $status | awk '{print $2}'` result=`echo "$NUM > 250" | bc` if [ $result = 1 ];then # echo IP:$IP is over $NUM, BAN IT! /sbin/iptables -I INPUT -p tcp -s $IP --dport 80 -j DROP fi done 转载请保留固定链接: https://linuxeye.com/security/316.html |