• DDos攻击处理,封ip

    # FileName: ddos.sh
# Revision: 1.0
# Date: 2021-10-25
# Author: Linux_Boy
# Description: DDos攻击处理
file=$1
while true; do
	awk '{print $1}' $1|grep -v "^$"|sort|uniq -c > /tmp/tmp.log
	cat /tmp/tmp.log|while read line; do
		ip=`echo $line|awk '{print $2}'`
		count=`echo $line|awk '{print $1}'`
		if [ $count -gt 500 ] && [ `iptables -L -n|grep "$ip"|wc -l` -lt 1 ]; then
			iptables -I INPUT -s $ip -j DROP
			echo "$line is dropped" >> /tmp/droplist_$(date +%F).log
		fi
		#statements
	done
	#statements
	sleep 30
done

#!/bin/bash
logfile=/home/jht/projects/nginx-1.12.1/logs/access.log
while true; do
        echo -e "开始巡检 $(date +%F' '%H:%M)" >> /tmp/tmp.log
        for (( i = 0; i < 4; i++ )); do
                grep "^$(date +%d/.*/%Y:%H:%M" -d "-$i min")" $logfile >> /tmp/tmp.log

        done
        awk '{print $1}' /tmp/tmp.log|grep -v "^$"|sort|uniq -c > /tmp/tmp2.log
        cat /tmp/tmp2.log|while read line; do
                ip=`echo $line|awk '{print $2}'`
                count=`echo $line|awk '{print $1}'`
                if [ $count -gt 500 ] && [ `iptables -L -n|grep "$ip"|wc -l` -lt 1 ]; then
                        iptables -I INPUT -s $ip -j DROP
                        echo "$line is dropped" >> /tmp/droplist_$(date +%F).log
                fi
        done
        # 每5分钟统计一次
        sleep 300
done



# grep `date +%d/.*/%Y:%H:%M` access.log
[jht@dlpt-jcpt-xmpp logs]$ grep `date +%d/.*/%Y:%H:%M` access.log
120.79.141.235 - - [25/Oct/2021:16:57:01 +0800] "POST /cloud HTTP/1.1" 200 2864 {x22attributesx22:{},x22dataItemsx22:[{x22attributesx22:{x22SUBSYSTEM_CODEx22:x22p191115859x22,x22URLx22:x22http://127.0.0.1/JSTPay/BookSearchByCarNO.aspx?sign_type=MD5&service_version=1.0&input_charset=GBK&partner=000000008013724&gcode_id=p191115859&goods_name=JSPAY&is_member=&member_no=&level=&coupon_list=&mer_gid=%BD%F2A2H887&sign=495E14FCCD51FE831ACCF5EC408DFAA5x22},x22objectIdx22:x22x22,x22operateTypex22:x22READx22,x22subItemsx22:[]}],x22requestTypex22:x22DIRECTIVEx22,x22seqIdx22:x22n9ha1g_ariuqx22,x22serviceIdx22:x22NISSP_JSPAY_ORDERx22} "-" "Apache-HttpClient/4.5.3 (Java/1.8.0_112)" -
120.79.141.235 - - [25/Oct/2021:16:57:02 +0800] "POST /cloud HTTP/1.1" 200 2864 {x22attributesx22:{},x22dataItemsx22:[{x22attributesx22:{x22SUBSYSTEM_CODEx22:x22p191115859x22,x22URLx22:x22http://127.0.0.1/JSTPay/BookSearchByCarNO.aspx?sign_type=MD5&service_version=1.0&input_charset=GBK&partner=000000008013724&gcode_id=p191115859&goods_name=JSPAY&is_member=&member_no=&level=&coupon_list=&mer_gid=%BD%F2A2H887&sign=495E14FCCD51FE831ACCF5EC408DFAA5x22},x22objectIdx22:x22x22,x22operateTypex22:x22READx22,x22subItemsx22:[]}],x22requestTypex22:x22DIRECTIVEx22,x22seqIdx22:x22n9ha1g_ariv5x22,x22serviceIdx22:x22NISSP_JSPAY_ORDERx22} "-" "Apache-HttpClient/4.5.3 (Java/1.8.0_112)" -
120.79.172.90 - - [25/Oct/2021:16:57:05 +0800] "POST /cloud HTTP/1.1" 200 2868 {x22attributesx22:{},x22dataItemsx22:[{x22attributesx22:{x22SUBSYSTEM_CODEx22:x22p191115859x22,x22URLx22:x22http://127.0.0.1/JSTPay/BookSearchByCarNO.aspx?sign_type=MD5&service_version=1.0&input_charset=GBK&partner=000000008013724&gcode_id=p191115859&goods_name=JSPAY&is_member=&member_no=&level=&coupon_list=&mer_gid=%BD%F2ADQ6982&sign=22ADE0D462227BF3269215CEF405E94Cx22},x22objectIdx22:x22x22,x22operateTypex22:x22READx22,x22subItemsx22:[]}],x22requestTypex22:x22DIRECTIVEx22,x22seqIdx22:x22m8jcv9_ari1wx22,x22serviceIdx22:x22NISSP_JSPAY_ORDERx22} "-" "Apache-HttpClient/4.5.3 (Java/1.8.0_112)" -
120.79.172.90 - - [25/Oct/2021:16:57:06 +0800] "POST /cloud HTTP/1.1" 200 2868 {x22attributesx22:{},x22dataItemsx22:[{x22attributesx22:{x22SUBSYSTEM_CODEx22:x22p191115859x22,x22URLx22:x22http://127.0.0.1/JSTPay/BookSearchByCarNO.aspx?sign_type=MD5&service_version=1.0&input_charset=GBK&partner=000000008013724&gcode_id=p191115859&goods_name=JSPAY&is_member=&member_no=&level=&coupon_list=&mer_gid=%BD%F2ADQ6982&sign=22ADE0D462227BF3269215CEF405E94Cx22},x22objectIdx22:x22x22,x22operateTypex22:x22READx22,x22subItemsx22:[]}],x22requestTypex22:x22DIRECTIVEx22,x22seqIdx22:x22m8jcv9_ari27x22,x22serviceIdx22:x22NISSP_JSPAY_ORDERx22} "-" "Apache-HttpClient/4.5.3 (Java/1.8.0_112)" -
120.79.172.90 - - [25/Oct/2021:16:57:07 +0800] "POST /cloud HTTP/1.1" 200 2863 {x22attributesx22:{},x22dataItemsx22:[{x22attributesx22:{x22SUBSYSTEM_CODEx22:x22p191115859x22,x22URLx22:x22http://127.0.0.1/JSTPay/BookSearchByCarNO.aspx?sign_type=MD5&service_version=1.0&input_charset=GBK&partner=000000008013724&gcode_id=p191115859&goods_name=JSPAY&is_member=&member_no=&level=&coupon_list=&mer_gid=%BD%F2JLB066&sign=D38298FAC1BA2EB4E09A1ED2E574A540x22},x22objectIdx22:x22x22,x22operateTypex22:x22READx22,x22subItemsx22:[]}],x22requestTypex22:x22DIRECTIVEx22,x22seqIdx22:x22-257wvt_arid0x22,x22serviceIdx22:x22NISSP_JSPAY_ORDERx22} "-" "Apache-HttpClient/4.5.3 (Java/1.8.0_112)" -
120.79.172.90 - - [25/Oct/2021:16:57:08 +0800] "POST /cloud HTTP/1.1" 200 2863 {x22attributesx22:{},x22dataItemsx22:[{x22attributesx22:{x22SUBSYSTEM_CODEx22:x22p191115859x22,x22URLx22:x22http://127.0.0.1/JSTPay/BookSearchByCarNO.aspx?sign_type=MD5&service_version=1.0&input_charset=GBK&partner=000000008013724&gcode_id=p191115859&goods_name=JSPAY&is_member=&member_no=&level=&coupon_list=&mer_gid=%BD%F2JLB066&sign=D38298FAC1BA2EB4E09A1ED2E574A540x22},x22objectIdx22:x22x22,x22operateTypex22:x22READx22,x22subItemsx22:[]}],x22requestTypex22:x22DIRECTIVEx22,x22seqIdx22:x22-257wvt_aridax22,x22serviceIdx22:x22NISSP_JSPAY_ORDERx22} "-" "Apache-HttpClient/4.5.3 (Java/1.8.0_112)" -
120.77.205.233 - - [25/Oct/2021:16:57:15 +0800] "POST /cloud HTTP/1.1" 200 2862 {x22attributesx22:{x22__jht_orig_req_idx22:x22x22},x22dataItemsx22:[{x22attributesx22:{x22SUBSYSTEM_CODEx22:x22p191115859x22,x22URLx22:x22http://127.0.0.1/JSTPay/BookSearchByCarNO.aspx?attach=&gcode_id=p191115859&goods_name=JSPAY&input_charset=GBK&member_no=&mer_gid=%C2%B3-Q6QA99&partner=000000008013724&service_version=1.0&sign_type=MD5&sign=9E733AE3543A07C179FB9836AFED7C4Cx22,x22favourListx22:[]},x22failItemsx22:[],x22objectIdx22:x22x22,x22operateTypex22:x22READx22,x22subItemsx22:[]}],x22requestTypex22:x22DIRECTIVEx22,x22seqIdx22:x22eeff2c387af74c4f9420eea793c9e3e2x22,x22serviceIdx22:x22NISSP_JSPAY_ORDERx22,x22sourcex22:x22x22} "-" "okhttp/3.11.0" -
120.79.172.90 - - [25/Oct/2021:16:57:23 +0800] "POST /cloud HTTP/1.1" 200 2899 {x22attributesx22:{},x22dataItemsx22:[{x22attributesx22:{x22SUBSYSTEM_CODEx22:x22p191115859x22,x22URLx22:x22http://127.0.0.1/JSTPay/BookSearchByCarNO.aspx?sign_type=MD5&service_version=1.0&input_charset=GBK&partner=000000008013724&gcode_id=p191115859&goods_nam

      
  • 相关阅读:
    MS SQL 错误 :17883,严重度: 1,状态: 0
    秒杀架构中高性能可扩展高可用的一点思考
    让IE10等支持classList2.0
    判定元素是否刚插入到DOM树
    accept巨坑
    for in 循环的输出顺序问题
    css斜线
    angular的directive笔记
    avalon最佳实践
    迷你MVVM框架 avalonjs 0.97发布
  • 原文地址:https://www.cnblogs.com/zhouzhiguo/p/15464965.html
Copyright © 2020-2023  润新知