封灌水机ip脚本

#! /bin/bash

## This script if for kill post robots.
## Writen by Li Shiming 2010-08-19.

while :; do
logf=/home/logs/client/access.log
tmplog=/tmp/tmplog.txt
ipf=/tmp/killpost.ip
badipf=/var/log/badip.log
conf=/etc/killpost.conf
n1=`grep 'n1=' $conf|awk -F'=' '{print $2}' `
n2=`grep 'n2=' $conf|awk -F'=' '{print $2}' `
n3=`grep 'n3=' $conf|awk -F'=' '{print $2}' `

/sbin/iptables -nvL |grep REJECT |grep tcp |grep 80 |awk '$1<10 {print $8}'|grep -v '0.0.0.0' |xargs -n1 -i{} /sbin/iptables -D INPUT -s {} -p tcp --dport 80 -j REJECT
/sbin/iptables -Z

for i in 1 2; do

        tail -n $n1 $logf >$tmplog

        cat $tmplog | grep 'submit' |awk '$6~/\/post.*php?/ {print $1}' |grep -v '192.168.0.' |grep -v '192.168.4.'|grep -v '127.0.0.'|grep -v '121.10.121.' |grep -v '124.238.249.' |grep -v '221.194.139.' | grep -v '124.238.246.' |grep -v '124.207.144.194'|grep -v '124.238.252.'|sort -n |uniq -c |sort -n |awk '$1>"'$n2'" {print $2}'>$ipf

        for ip in `cat $ipf`; do
           n=`grep $ip $tmplog |awk '{print $5}'|grep -v '-' |sort |uniq |wc -l`
           if [ $n -gt 2 ] ; then
                /sbin/iptables -I INPUT -s $ip -p tcp --dport 80 -j REJECT
                echo  $ip >>$badipf
           fi
        done
        sort -n $badipf |uniq >/tmp/tmp.log
        cat /tmp/tmp.log >$badipf
        sleep $n3
done

sleep $n3

done