QUOTE: |
#!/bin/bash # author hao32 # basic setting echo 1 > /proc/sys/net/ipv4/tcp_syncookies # find server-status name ss_name="/usr/local/autoblock" if [ -e $ss_name/ss_name ];then ss_n=`cat $ss_name/ss_name` else mkdir /usr/local/autoblock >/dev/null 2>&1 cat `locate httpd.conf|grep -E "httpd/conf/httpd.conf$|apache_ssl/conf/httpd.conf$"`\ |grep "n /server-status"|cut -d/ -f2|cut -d\> -f1 > $ss_name/ss_name ss_n=`cat $ss_name/ss_name` fi # block setting # 設定排除的IP地址 ip_exclude="192.168.1.*|60.195.249.*|222.76.212.*|218.241.156.*|58.215.87.*|218.107.216.110" ip_amou=25 ss_url="http://127.0.0.1/$ss_n?notable" ss_tmp="/tmp/server-status" poss_ip="/tmp/poss_ip" real_ip="/tmp/real_ip" # block start... if [ -e "$poss_ip" ];then echo "" > $poss_ip fi if [ -e "$real_ip" ];then echo "" > $real_ip fi # analyse demsg dmesg |grep "short"|awk '{if($4!="From"){print $4} else {print $5}}'|awk -F: '{print $1}'|sort|uniq>>$poss_ip wget -q -O "$ss_tmp" "$ss_url" grep "" $ss_tmp|grep -vE $ip_exclude|awk '{print $1}'|sed 's///g'|sort|uniq -c\ |awk '{if($1>'$ip_amou') print $2}'>>$poss_ip #iptables -nvL|grep "DROP "|awk '{print $8}'|sort|uniq|sed 's/0\/24/*/g'>$rule_ip rule_ip=`iptables -nvL|grep "DROP "|awk '{print $8}'|sort|uniq|sed 's/0\/24/*/g'|xargs|sed 's/\ /|/g'` if [ -z $rule_ip ];then for i in `cat $poss_ip` do /sbin/iptables -I INPUT -p all -s $i -j DROP done else cat $poss_ip|grep -vE "$rule_ip" > $real_ip for i in `cat $real_ip` do /sbin/iptables -I INPUT -p all -s $i -j DROP done fi |
[火星人 ] 寫了一個簡單的防止IP攻擊的腳本已經有657次圍觀