• DDos攻击处理,封ip

    # FileName: ddos.sh
# Revision: 1.0
# Date: 2021-10-25
# Author: Linux_Boy
# Description: DDos攻击处理
file=$1
while true; do
	awk '{print $1}' $1|grep -v "^$"|sort|uniq -c > /tmp/tmp.log
	cat /tmp/tmp.log|while read line; do
		ip=`echo $line|awk '{print $2}'`
		count=`echo $line|awk '{print $1}'`
		if [ $count -gt 500 ] && [ `iptables -L -n|grep "$ip"|wc -l` -lt 1 ]; then
			iptables -I INPUT -s $ip -j DROP
			echo "$line is dropped" >> /tmp/droplist_$(date +%F).log
		fi
		#statements
	done
	#statements
	sleep 30
done

#!/bin/bash
logfile=/home/jht/projects/nginx-1.12.1/logs/access.log
while true; do
        echo -e "开始巡检 $(date +%F' '%H:%M)" >> /tmp/tmp.log
        for (( i = 0; i < 4; i++ )); do
                grep "^$(date +%d/.*/%Y:%H:%M" -d "-$i min")" $logfile >> /tmp/tmp.log

        done
        awk '{print $1}' /tmp/tmp.log|grep -v "^$"|sort|uniq -c > /tmp/tmp2.log
        cat /tmp/tmp2.log|while read line; do
                ip=`echo $line|awk '{print $2}'`
                count=`echo $line|awk '{print $1}'`
                if [ $count -gt 500 ] && [ `iptables -L -n|grep "$ip"|wc -l` -lt 1 ]; then
                        iptables -I INPUT -s $ip -j DROP
                        echo "$line is dropped" >> /tmp/droplist_$(date +%F).log
                fi
        done
        # 每5分钟统计一次
        sleep 300
done



# grep `date +%d/.*/%Y:%H:%M` access.log
[jht@dlpt-jcpt-xmpp logs]$ grep `date +%d/.*/%Y:%H:%M` access.log
120.79.141.235 - - [25/Oct/2021:16:57:01 +0800] "POST /cloud HTTP/1.1" 200 2864 {x22attributesx22:{},x22dataItemsx22:[{x22attributesx22:{x22SUBSYSTEM_CODEx22:x22p191115859x22,x22URLx22:x22http://127.0.0.1/JSTPay/BookSearchByCarNO.aspx?sign_type=MD5&service_version=1.0&input_charset=GBK&partner=000000008013724&gcode_id=p191115859&goods_name=JSPAY&is_member=&member_no=&level=&coupon_list=&mer_gid=%BD%F2A2H887&sign=495E14FCCD51FE831ACCF5EC408DFAA5x22},x22objectIdx22:x22x22,x22operateTypex22:x22READx22,x22subItemsx22:[]}],x22requestTypex22:x22DIRECTIVEx22,x22seqIdx22:x22n9ha1g_ariuqx22,x22serviceIdx22:x22NISSP_JSPAY_ORDERx22} "-" "Apache-HttpClient/4.5.3 (Java/1.8.0_112)" -
120.79.141.235 - - [25/Oct/2021:16:57:02 +0800] "POST /cloud HTTP/1.1" 200 2864 {x22attributesx22:{},x22dataItemsx22:[{x22attributesx22:{x22SUBSYSTEM_CODEx22:x22p191115859x22,x22URLx22:x22http://127.0.0.1/JSTPay/BookSearchByCarNO.aspx?sign_type=MD5&service_version=1.0&input_charset=GBK&partner=000000008013724&gcode_id=p191115859&goods_name=JSPAY&is_member=&member_no=&level=&coupon_list=&mer_gid=%BD%F2A2H887&sign=495E14FCCD51FE831ACCF5EC408DFAA5x22},x22objectIdx22:x22x22,x22operateTypex22:x22READx22,x22subItemsx22:[]}],x22requestTypex22:x22DIRECTIVEx22,x22seqIdx22:x22n9ha1g_ariv5x22,x22serviceIdx22:x22NISSP_JSPAY_ORDERx22} "-" "Apache-HttpClient/4.5.3 (Java/1.8.0_112)" -
120.79.172.90 - - [25/Oct/2021:16:57:05 +0800] "POST /cloud HTTP/1.1" 200 2868 {x22attributesx22:{},x22dataItemsx22:[{x22attributesx22:{x22SUBSYSTEM_CODEx22:x22p191115859x22,x22URLx22:x22http://127.0.0.1/JSTPay/BookSearchByCarNO.aspx?sign_type=MD5&service_version=1.0&input_charset=GBK&partner=000000008013724&gcode_id=p191115859&goods_name=JSPAY&is_member=&member_no=&level=&coupon_list=&mer_gid=%BD%F2ADQ6982&sign=22ADE0D462227BF3269215CEF405E94Cx22},x22objectIdx22:x22x22,x22operateTypex22:x22READx22,x22subItemsx22:[]}],x22requestTypex22:x22DIRECTIVEx22,x22seqIdx22:x22m8jcv9_ari1wx22,x22serviceIdx22:x22NISSP_JSPAY_ORDERx22} "-" "Apache-HttpClient/4.5.3 (Java/1.8.0_112)" -
120.79.172.90 - - [25/Oct/2021:16:57:06 +0800] "POST /cloud HTTP/1.1" 200 2868 {x22attributesx22:{},x22dataItemsx22:[{x22attributesx22:{x22SUBSYSTEM_CODEx22:x22p191115859x22,x22URLx22:x22http://127.0.0.1/JSTPay/BookSearchByCarNO.aspx?sign_type=MD5&service_version=1.0&input_charset=GBK&partner=000000008013724&gcode_id=p191115859&goods_name=JSPAY&is_member=&member_no=&level=&coupon_list=&mer_gid=%BD%F2ADQ6982&sign=22ADE0D462227BF3269215CEF405E94Cx22},x22objectIdx22:x22x22,x22operateTypex22:x22READx22,x22subItemsx22:[]}],x22requestTypex22:x22DIRECTIVEx22,x22seqIdx22:x22m8jcv9_ari27x22,x22serviceIdx22:x22NISSP_JSPAY_ORDERx22} "-" "Apache-HttpClient/4.5.3 (Java/1.8.0_112)" -
120.79.172.90 - - [25/Oct/2021:16:57:07 +0800] "POST /cloud HTTP/1.1" 200 2863 {x22attributesx22:{},x22dataItemsx22:[{x22attributesx22:{x22SUBSYSTEM_CODEx22:x22p191115859x22,x22URLx22:x22http://127.0.0.1/JSTPay/BookSearchByCarNO.aspx?sign_type=MD5&service_version=1.0&input_charset=GBK&partner=000000008013724&gcode_id=p191115859&goods_name=JSPAY&is_member=&member_no=&level=&coupon_list=&mer_gid=%BD%F2JLB066&sign=D38298FAC1BA2EB4E09A1ED2E574A540x22},x22objectIdx22:x22x22,x22operateTypex22:x22READx22,x22subItemsx22:[]}],x22requestTypex22:x22DIRECTIVEx22,x22seqIdx22:x22-257wvt_arid0x22,x22serviceIdx22:x22NISSP_JSPAY_ORDERx22} "-" "Apache-HttpClient/4.5.3 (Java/1.8.0_112)" -
120.79.172.90 - - [25/Oct/2021:16:57:08 +0800] "POST /cloud HTTP/1.1" 200 2863 {x22attributesx22:{},x22dataItemsx22:[{x22attributesx22:{x22SUBSYSTEM_CODEx22:x22p191115859x22,x22URLx22:x22http://127.0.0.1/JSTPay/BookSearchByCarNO.aspx?sign_type=MD5&service_version=1.0&input_charset=GBK&partner=000000008013724&gcode_id=p191115859&goods_name=JSPAY&is_member=&member_no=&level=&coupon_list=&mer_gid=%BD%F2JLB066&sign=D38298FAC1BA2EB4E09A1ED2E574A540x22},x22objectIdx22:x22x22,x22operateTypex22:x22READx22,x22subItemsx22:[]}],x22requestTypex22:x22DIRECTIVEx22,x22seqIdx22:x22-257wvt_aridax22,x22serviceIdx22:x22NISSP_JSPAY_ORDERx22} "-" "Apache-HttpClient/4.5.3 (Java/1.8.0_112)" -
120.77.205.233 - - [25/Oct/2021:16:57:15 +0800] "POST /cloud HTTP/1.1" 200 2862 {x22attributesx22:{x22__jht_orig_req_idx22:x22x22},x22dataItemsx22:[{x22attributesx22:{x22SUBSYSTEM_CODEx22:x22p191115859x22,x22URLx22:x22http://127.0.0.1/JSTPay/BookSearchByCarNO.aspx?attach=&gcode_id=p191115859&goods_name=JSPAY&input_charset=GBK&member_no=&mer_gid=%C2%B3-Q6QA99&partner=000000008013724&service_version=1.0&sign_type=MD5&sign=9E733AE3543A07C179FB9836AFED7C4Cx22,x22favourListx22:[]},x22failItemsx22:[],x22objectIdx22:x22x22,x22operateTypex22:x22READx22,x22subItemsx22:[]}],x22requestTypex22:x22DIRECTIVEx22,x22seqIdx22:x22eeff2c387af74c4f9420eea793c9e3e2x22,x22serviceIdx22:x22NISSP_JSPAY_ORDERx22,x22sourcex22:x22x22} "-" "okhttp/3.11.0" -
120.79.172.90 - - [25/Oct/2021:16:57:23 +0800] "POST /cloud HTTP/1.1" 200 2899 {x22attributesx22:{},x22dataItemsx22:[{x22attributesx22:{x22SUBSYSTEM_CODEx22:x22p191115859x22,x22URLx22:x22http://127.0.0.1/JSTPay/BookSearchByCarNO.aspx?sign_type=MD5&service_version=1.0&input_charset=GBK&partner=000000008013724&gcode_id=p191115859&goods_nam

      
  • 相关阅读:
    bzoj1477: 青蛙的约会
    数论/the second wave
    bzoj2818: Gcd
    bzoj2705: [SDOI2012]Longge的问题
    数论/the first wave
    bzoj3942: [Usaco2015 Feb]Censoring
    BZOJ 1059: [ZJOI2007]矩阵游戏( 匈牙利 )
    BZOJ 1013: [JSOI2008]球形空间产生器sphere( 高斯消元 )
    BZOJ 1823: [JSOI2010]满汉全席( 2-sat )
    BZOJ 4260: Codechef REBXOR( trie )
  • 原文地址:https://www.cnblogs.com/zhouzhiguo/p/15464965.html
Copyright © 2020-2023  润新知