本帖最后由 andy 于 2009-10-16 14:58 编辑
#! /bin/bash
grep 'spider' /home/logs/client/access.log |grep -v 'Baidu' |awk '{print $1}' >/root/ip1.txt //日志中大部分蜘蛛都有spider的关键字,但是百度的不能封,所以过滤掉百度
grep 'YoudaoBot' /home/logs/client/access.log | awk '{print $1}' >>/root/ip1.txt // 封掉网易的有道
grep 'Yahoo!' /home/logs/client/access.log | awk '{print $1}' >>/root/ip1.txt //封掉雅虎
sort -n /root/ip1.txt |uniq |sort |grep -v '192.168.0.' |grep -v '127.0.0.1'>/root/ip2.txt // 过滤掉信任IP
/sbin/iptables -nvL |awk '$1 <= 30 {print $8}' >/root/ip3.txt // 如果一小时内,发包不超过30个就要解封
for ip in `cat /root/ip3.txt`; do /sbin/iptables -D INPUT -s $ip -j DROP ; done
/sbin/iptables -Z // 将iptables计数器置为0
for ip in `cat /root/ip2.txt`; do /sbin/iptables -I INPUT -s $ip -j DROP ; done
#! /bin/bash
grep 'spider' /home/logs/client/access.log |grep -v 'Baidu' |awk '{print $1}' >/root/ip1.txt //日志中大部分蜘蛛都有spider的关键字,但是百度的不能封,所以过滤掉百度
grep 'YoudaoBot' /home/logs/client/access.log | awk '{print $1}' >>/root/ip1.txt // 封掉网易的有道
grep 'Yahoo!' /home/logs/client/access.log | awk '{print $1}' >>/root/ip1.txt //封掉雅虎
sort -n /root/ip1.txt |uniq |sort |grep -v '192.168.0.' |grep -v '127.0.0.1'>/root/ip2.txt // 过滤掉信任IP
/sbin/iptables -nvL |awk '$1 <= 30 {print $8}' >/root/ip3.txt // 如果一小时内,发包不超过30个就要解封
for ip in `cat /root/ip3.txt`; do /sbin/iptables -D INPUT -s $ip -j DROP ; done
/sbin/iptables -Z // 将iptables计数器置为0
for ip in `cat /root/ip2.txt`; do /sbin/iptables -I INPUT -s $ip -j DROP ; done
编辑回复