DDos攻击处理,封ip 

# FileName: ddos.sh
# Revision: 1.0
# Date: 2021-10-25
# Author: Linux_Boy
# Description: DDos攻击处理
file=$1
while true; do
	awk '{print $1}' $1|grep -v "^$"|sort|uniq -c > /tmp/tmp.log
	cat /tmp/tmp.log|while read line; do
		ip=`echo $line|awk '{print $2}'`
		count=`echo $line|awk '{print $1}'`
		if [ $count -gt 500 ] && [ `iptables -L -n|grep "$ip"|wc -l` -lt 1 ]; then
			iptables -I INPUT -s $ip -j DROP
			echo "$line is dropped" >> /tmp/droplist_$(date +%F).log
		fi
		#statements
	done
	#statements
	sleep 30
done

#!/bin/bash
logfile=/home/jht/projects/nginx-1.12.1/logs/access.log
while true; do
        echo -e "开始巡检 $(date +%F' '%H:%M)" >> /tmp/tmp.log
        for (( i = 0; i < 4; i++ )); do
                grep "^$(date +%d/\.*/%Y:%H:%M" -d "-$i min")" $logfile >> /tmp/tmp.log

        done
        awk '{print $1}' /tmp/tmp.log|grep -v "^$"|sort|uniq -c > /tmp/tmp2.log
        cat /tmp/tmp2.log|while read line; do
                ip=`echo $line|awk '{print $2}'`
                count=`echo $line|awk '{print $1}'`
                if [ $count -gt 500 ] && [ `iptables -L -n|grep "$ip"|wc -l` -lt 1 ]; then
                        iptables -I INPUT -s $ip -j DROP
                        echo "$line is dropped" >> /tmp/droplist_$(date +%F).log
                fi
        done
        # 每5分钟统计一次
        sleep 300
done



# grep `date +%d/\.*/%Y:%H:%M` access.log
[jht@dlpt-jcpt-xmpp logs]$ grep `date +%d/\.*/%Y:%H:%M` access.log
120.79.141.235 - - [25/Oct/2021:16:57:01 +0800] "POST /cloud HTTP/1.1" 200 2864 {\x22attributes\x22:{},\x22dataItems\x22:[{\x22attributes\x22:{\x22SUBSYSTEM_CODE\x22:\x22p191115859\x22,\x22URL\x22:\x22http://127.0.0.1/JSTPay/BookSearchByCarNO.aspx?sign_type=MD5&service_version=1.0&input_charset=GBK&partner=000000008013724&gcode_id=p191115859&goods_name=JSPAY&is_member=&member_no=&level=&coupon_list=&mer_gid=%BD%F2A2H887&sign=495E14FCCD51FE831ACCF5EC408DFAA5\x22},\x22objectId\x22:\x22\x22,\x22operateType\x22:\x22READ\x22,\x22subItems\x22:[]}],\x22requestType\x22:\x22DIRECTIVE\x22,\x22seqId\x22:\x22n9ha1g_ariuq\x22,\x22serviceId\x22:\x22NISSP_JSPAY_ORDER\x22} "-" "Apache-HttpClient/4.5.3 (Java/1.8.0_112)" -
120.79.141.235 - - [25/Oct/2021:16:57:02 +0800] "POST /cloud HTTP/1.1" 200 2864 {\x22attributes\x22:{},\x22dataItems\x22:[{\x22attributes\x22:{\x22SUBSYSTEM_CODE\x22:\x22p191115859\x22,\x22URL\x22:\x22http://127.0.0.1/JSTPay/BookSearchByCarNO.aspx?sign_type=MD5&service_version=1.0&input_charset=GBK&partner=000000008013724&gcode_id=p191115859&goods_name=JSPAY&is_member=&member_no=&level=&coupon_list=&mer_gid=%BD%F2A2H887&sign=495E14FCCD51FE831ACCF5EC408DFAA5\x22},\x22objectId\x22:\x22\x22,\x22operateType\x22:\x22READ\x22,\x22subItems\x22:[]}],\x22requestType\x22:\x22DIRECTIVE\x22,\x22seqId\x22:\x22n9ha1g_ariv5\x22,\x22serviceId\x22:\x22NISSP_JSPAY_ORDER\x22} "-" "Apache-HttpClient/4.5.3 (Java/1.8.0_112)" -
120.79.172.90 - - [25/Oct/2021:16:57:05 +0800] "POST /cloud HTTP/1.1" 200 2868 {\x22attributes\x22:{},\x22dataItems\x22:[{\x22attributes\x22:{\x22SUBSYSTEM_CODE\x22:\x22p191115859\x22,\x22URL\x22:\x22http://127.0.0.1/JSTPay/BookSearchByCarNO.aspx?sign_type=MD5&service_version=1.0&input_charset=GBK&partner=000000008013724&gcode_id=p191115859&goods_name=JSPAY&is_member=&member_no=&level=&coupon_list=&mer_gid=%BD%F2ADQ6982&sign=22ADE0D462227BF3269215CEF405E94C\x22},\x22objectId\x22:\x22\x22,\x22operateType\x22:\x22READ\x22,\x22subItems\x22:[]}],\x22requestType\x22:\x22DIRECTIVE\x22,\x22seqId\x22:\x22m8jcv9_ari1w\x22,\x22serviceId\x22:\x22NISSP_JSPAY_ORDER\x22} "-" "Apache-HttpClient/4.5.3 (Java/1.8.0_112)" -
120.79.172.90 - - [25/Oct/2021:16:57:06 +0800] "POST /cloud HTTP/1.1" 200 2868 {\x22attributes\x22:{},\x22dataItems\x22:[{\x22attributes\x22:{\x22SUBSYSTEM_CODE\x22:\x22p191115859\x22,\x22URL\x22:\x22http://127.0.0.1/JSTPay/BookSearchByCarNO.aspx?sign_type=MD5&service_version=1.0&input_charset=GBK&partner=000000008013724&gcode_id=p191115859&goods_name=JSPAY&is_member=&member_no=&level=&coupon_list=&mer_gid=%BD%F2ADQ6982&sign=22ADE0D462227BF3269215CEF405E94C\x22},\x22objectId\x22:\x22\x22,\x22operateType\x22:\x22READ\x22,\x22subItems\x22:[]}],\x22requestType\x22:\x22DIRECTIVE\x22,\x22seqId\x22:\x22m8jcv9_ari27\x22,\x22serviceId\x22:\x22NISSP_JSPAY_ORDER\x22} "-" "Apache-HttpClient/4.5.3 (Java/1.8.0_112)" -
120.79.172.90 - - [25/Oct/2021:16:57:07 +0800] "POST /cloud HTTP/1.1" 200 2863 {\x22attributes\x22:{},\x22dataItems\x22:[{\x22attributes\x22:{\x22SUBSYSTEM_CODE\x22:\x22p191115859\x22,\x22URL\x22:\x22http://127.0.0.1/JSTPay/BookSearchByCarNO.aspx?sign_type=MD5&service_version=1.0&input_charset=GBK&partner=000000008013724&gcode_id=p191115859&goods_name=JSPAY&is_member=&member_no=&level=&coupon_list=&mer_gid=%BD%F2JLB066&sign=D38298FAC1BA2EB4E09A1ED2E574A540\x22},\x22objectId\x22:\x22\x22,\x22operateType\x22:\x22READ\x22,\x22subItems\x22:[]}],\x22requestType\x22:\x22DIRECTIVE\x22,\x22seqId\x22:\x22-257wvt_arid0\x22,\x22serviceId\x22:\x22NISSP_JSPAY_ORDER\x22} "-" "Apache-HttpClient/4.5.3 (Java/1.8.0_112)" -
120.79.172.90 - - [25/Oct/2021:16:57:08 +0800] "POST /cloud HTTP/1.1" 200 2863 {\x22attributes\x22:{},\x22dataItems\x22:[{\x22attributes\x22:{\x22SUBSYSTEM_CODE\x22:\x22p191115859\x22,\x22URL\x22:\x22http://127.0.0.1/JSTPay/BookSearchByCarNO.aspx?sign_type=MD5&service_version=1.0&input_charset=GBK&partner=000000008013724&gcode_id=p191115859&goods_name=JSPAY&is_member=&member_no=&level=&coupon_list=&mer_gid=%BD%F2JLB066&sign=D38298FAC1BA2EB4E09A1ED2E574A540\x22},\x22objectId\x22:\x22\x22,\x22operateType\x22:\x22READ\x22,\x22subItems\x22:[]}],\x22requestType\x22:\x22DIRECTIVE\x22,\x22seqId\x22:\x22-257wvt_arida\x22,\x22serviceId\x22:\x22NISSP_JSPAY_ORDER\x22} "-" "Apache-HttpClient/4.5.3 (Java/1.8.0_112)" -
120.77.205.233 - - [25/Oct/2021:16:57:15 +0800] "POST /cloud HTTP/1.1" 200 2862 {\x22attributes\x22:{\x22__jht_orig_req_id\x22:\x22\x22},\x22dataItems\x22:[{\x22attributes\x22:{\x22SUBSYSTEM_CODE\x22:\x22p191115859\x22,\x22URL\x22:\x22http://127.0.0.1/JSTPay/BookSearchByCarNO.aspx?attach=&gcode_id=p191115859&goods_name=JSPAY&input_charset=GBK&member_no=&mer_gid=%C2%B3-Q6QA99&partner=000000008013724&service_version=1.0&sign_type=MD5&sign=9E733AE3543A07C179FB9836AFED7C4C\x22,\x22favourList\x22:[]},\x22failItems\x22:[],\x22objectId\x22:\x22\x22,\x22operateType\x22:\x22READ\x22,\x22subItems\x22:[]}],\x22requestType\x22:\x22DIRECTIVE\x22,\x22seqId\x22:\x22eeff2c387af74c4f9420eea793c9e3e2\x22,\x22serviceId\x22:\x22NISSP_JSPAY_ORDER\x22,\x22source\x22:\x22\x22} "-" "okhttp/3.11.0" -
120.79.172.90 - - [25/Oct/2021:16:57:23 +0800] "POST /cloud HTTP/1.1" 200 2899 {\x22attributes\x22:{},\x22dataItems\x22:[{\x22attributes\x22:{\x22SUBSYSTEM_CODE\x22:\x22p191115859\x22,\x22URL\x22:\x22http://127.0.0.1/JSTPay/BookSearchByCarNO.aspx?sign_type=MD5&service_version=1.0&input_charset=GBK&partner=000000008013724&gcode_id=p191115859&goods_nam

  

posted @ 2021-10-26 11:25  Linux_Boy  阅读(94)  评论(0编辑  收藏  举报