- 论坛徽章:
- 0
|
目的是阻断超过阀值访问HTTP和FTP的IP,保护服务器
并将被阻断的IP写入日志
- #! /bin/bash
- # fuckgo.sh
- # by platinum
- MYIP="xxx.xxx.xxx.xxx"
- ftp_who()
- {
- netstat -an|grep $MYIP':21 '|grep -v LISTEN|grep -v ESTABLISHED|awk '{print $5;}'|awk -F':' '{print $1;}'|sort|uniq -c|awk '{print $1"="$2;}'
- }
- http_who()
- {
- netstat -an|grep $MYIP':80 '|grep -v LISTEN|awk '{print $5;}'|awk -F':' '{print $1;}'|sort|uniq -c|awk '{print $1"="$2;}'
- }
- for _un in $(ftp_who)
- do
- IP=`echo $_un|gawk -F'=' '{print $2}'`
- NUM=`echo $_un|awk -F'=' '{print $1}'`
- if [ $NUM -gt 5 ] && [ -z "`iptables -vnL|grep $IP`" ]
- then
- iptables -I INPUT -s $IP -p tcp --dport 21 -m state --state NEW,RELATED,ESTABLISHED -j DROP
- echo "`date` FTP $IP NUM: $NUM" >> /var/log/fuck.log
- fi
- done
- for _un in $(http_who|grep -v $MYIP)
- do
- IP=`echo $_un|gawk -F'=' '{print $2}'`
- NUM=`echo $_un|awk -F'=' '{print $1}'`
- if [ $NUM -gt 20 ] && [ -z "`iptables -vnL|grep $IP`" ]
- then
- iptables -I INPUT -s $IP -p tcp --dport 80 -m state --state NEW,RELATED,ESTABLISHED -j DROP
- echo "`date` WEB $IP NUM: $NUM" >> /var/log/fuck.log
- fi
- done
复制代码
下面这个用crontab执行,时间间隔自己定,用于清除前面那个脚本设置的规则
- #! /bin/bash
- ftp_who()
- {
- iptables -nL|grep "DROP"|grep "dpt:21"|awk '{print $4;}'
- }
- http_who()
- {
- iptables -nL|grep "DROP"|grep "dpt:80"|awk '{print $4;}'
- }
- for _un in $(ftp_who)
- do
- iptables -D INPUT -s $_un -p tcp --dport 21 -m state --state NEW,RELATED,ESTABLISHED -j DROP
- done
- for _un in $(http_who)
- do
- iptables -D INPUT -s $_un -p tcp --dport 80 -m state --state NEW,RELATED,ESTABLISHED -j DROP
- done
复制代码
记录的日志
Mon Apr 4 16:23:39 CST 2005 WEB 222.179.186.253 NUM: 52
Mon Apr 4 17:01:48 CST 2005 FTP 219.144.142.150 NUM: 6
Mon Apr 4 17:02:48 CST 2005 FTP 219.144.142.150 NUM: 6
Mon Apr 4 20:31:43 CST 2005 WEB 211.99.157.181 NUM: 60
Mon Apr 4 22:01:06 CST 2005 WEB 202.108.249.177 NUM: 57
Mon Apr 4 22:21:11 CST 2005 WEB 220.142.86.75 NUM: 51
Tue Apr 5 16:06:33 CST 2005 WEB 222.179.186.253 NUM: 66
Tue Apr 5 16:27:38 CST 2005 WEB 202.108.249.177 NUM: 59
Tue Apr 5 20:56:33 CST 2005 WEB 218.171.110.97 NUM: 51
Wed Apr 6 19:16:10 CST 2005 FTP 221.213.41.74 NUM: 7
Wed Apr 6 19:46:15 CST 2005 FTP 210.44.189.130 NUM: 6
Wed Apr 6 19:46:15 CST 2005 FTP 210.44.189.132 NUM: 7
Wed Apr 6 19:46:15 CST 2005 FTP 210.44.189.133 NUM: 8
Wed Apr 6 19:57:17 CST 2005 FTP 210.44.189.131 NUM: 6
Wed Apr 6 21:03:29 CST 2005 FTP 221.213.41.74 NUM: 8
Wed Apr 6 21:51:37 CST 2005 WEB 211.99.157.189 NUM: 60
Wed Apr 6 22:04:39 CST 2005 FTP 221.213.41.74 NUM: 6
Wed Apr 6 22:27:42 CST 2005 WEB 222.136.154.137 NUM: 113
由于水平太低,刚刚接触shell不久,只能写成这样了
请大家多多给予指点^_^ |
|