封灌水机ip脚本
#! /bin/bash
## This script if for kill post robots.
## Writen by Li Shiming 2010-08-19.
while :; do
logf=/home/logs/client/access.log
tmplog=/tmp/tmplog.txt
ipf=/tmp/killpost.ip
badipf=/var/log/badip.log
conf=/etc/killpost.conf
n1=`grep 'n1=' $conf|awk -F'=' '{print $2}' `
n2=`grep 'n2=' $conf|awk -F'=' '{print $2}' `
n3=`grep 'n3=' $conf|awk -F'=' '{print $2}' `
/sbin/iptables -nvL |grep REJECT |grep tcp |grep 80 |awk '$1<10 {print $8}'|grep -v '0.0.0.0' |xargs -n1 -i{} /sbin/iptables -D INPUT -s {} -p tcp --dport 80 -j REJECT
/sbin/iptables -Z
for i in 1 2; do
tail -n $n1 $logf >$tmplog
cat $tmplog | grep 'submit' |awk '$6~/\/post.*php?/ {print $1}' |grep -v '192.168.0.' |grep -v '192.168.4.'|grep -v '127.0.0.'|grep -v '121.10.121.' |grep -v '124.238.249.' |grep -v '221.194.139.' | grep -v '124.238.246.' |grep -v '124.207.144.194'|grep -v '124.238.252.'|sort -n |uniq -c |sort -n |awk '$1>"'$n2'" {print $2}'>$ipf
for ip in `cat $ipf`; do
n=`grep $ip $tmplog |awk '{print $5}'|grep -v '-' |sort |uniq |wc -l`
if [ $n -gt 2 ] ; then
/sbin/iptables -I INPUT -s $ip -p tcp --dport 80 -j REJECT
echo $ip >>$badipf
fi
done
sort -n $badipf |uniq >/tmp/tmp.log
cat /tmp/tmp.log >$badipf
sleep $n3
done
sleep $n3
done
## This script if for kill post robots.
## Writen by Li Shiming 2010-08-19.
while :; do
logf=/home/logs/client/access.log
tmplog=/tmp/tmplog.txt
ipf=/tmp/killpost.ip
badipf=/var/log/badip.log
conf=/etc/killpost.conf
n1=`grep 'n1=' $conf|awk -F'=' '{print $2}' `
n2=`grep 'n2=' $conf|awk -F'=' '{print $2}' `
n3=`grep 'n3=' $conf|awk -F'=' '{print $2}' `
/sbin/iptables -nvL |grep REJECT |grep tcp |grep 80 |awk '$1<10 {print $8}'|grep -v '0.0.0.0' |xargs -n1 -i{} /sbin/iptables -D INPUT -s {} -p tcp --dport 80 -j REJECT
/sbin/iptables -Z
for i in 1 2; do
tail -n $n1 $logf >$tmplog
cat $tmplog | grep 'submit' |awk '$6~/\/post.*php?/ {print $1}' |grep -v '192.168.0.' |grep -v '192.168.4.'|grep -v '127.0.0.'|grep -v '121.10.121.' |grep -v '124.238.249.' |grep -v '221.194.139.' | grep -v '124.238.246.' |grep -v '124.207.144.194'|grep -v '124.238.252.'|sort -n |uniq -c |sort -n |awk '$1>"'$n2'" {print $2}'>$ipf
for ip in `cat $ipf`; do
n=`grep $ip $tmplog |awk '{print $5}'|grep -v '-' |sort |uniq |wc -l`
if [ $n -gt 2 ] ; then
/sbin/iptables -I INPUT -s $ip -p tcp --dport 80 -j REJECT
echo $ip >>$badipf
fi
done
sort -n $badipf |uniq >/tmp/tmp.log
cat /tmp/tmp.log >$badipf
sleep $n3
done
sleep $n3
done
none