TA的每日心情 | 怒 前天 13:01 |
---|
签到天数: 1643 天 [LV.Master]伴坛终老
|
最近服务器经常受到攻击,并且还大多数是晚上,实在是受不了晚上起来处理,直接从网上搜了个写得不错的shell封ddos脚本,这个脚本是老外写的,我觉得效果还不错,发给大家看看吧.
系统:centos 5.9 64位
脚本内容:
vi ipdrop.sh- #!/bin/bash
- #Collecting list of ip addresses connected to port 80
- netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1 > /root/iplist
- #Limit the no of connections
- LIMIT=100;
- for ip in `cat /root/iplist |awk '{print $2}'`;do
- if [ `grep $ip /root/iplist | awk '{print $1}'` -gt $LIMIT ]
- then
- echo "100 connection from $ip... `grep $ip /root/iplist | awk '{print $1}'` number of connections... Blocking $ip";
- #Blocking the ip ...
- /etc/rc.d/init.d/iptables save > /dev/null;
- CHECK_IF_LOCALIP=0;
- /sbin/ifconfig | grep $ip > /dev/null;
- if [ $? -ne $CHECK_IF_LOCALIP ]
- then
- {
- FLAG=0;
- grep $ip /etc/sysconfig/iptables | grep DROP > /dev/null;
- if [ $? -ne $FLAG ]
- then
- iptables -I INPUT -s $ip -j DROP;
- else
- echo " Ipaddress $ip is already blocked ";
- fi
- }
- else
- echo " Sorry, the ip $ip cannot be blocked since this is a local ip of the server ";
- fi
- fi
- done
复制代码 |
|