- 论坛徽章:
- 0
|
紧急求救,网站正在受攻击中,我该怎么办?附攻击记录
- #! /bin/bash
- # platinum, 2005.07.25
- SCANNER=`grep "\`date \"+ %d %H:%M\" -d \"-1min\"\`" /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $1"="$2;}'`
- for i in $SCANNER
- do
- NUM=`echo $i|awk -F= '{print $1}'`
- IP=`echo $i|awk -F= '{print $2}'`
- echo $NUM
- echo $IP
- if [ $NUM -gt 5 ] && [ -z "`iptables -vnL INPUT|grep $IP`" ]
- then
- iptables -I INPUT -s $IP -m state --state NEW,RELATED,ESTABLISHED -j DROP
- echo "`date` $IP($NUM)" >;>; /var/log/scanner.log
- fi
- done
复制代码
放到 crond 里每分钟运行一次 |
|