shell防ddos攻击脚本

定位

  最近服务器经常受到攻击,并且还大多数是晚上,实在是受不了晚上起来处理,直接从网上搜了个写得不错的shell封ddos脚本,这个脚本是老外写的,我觉得效果还不错,发给大家看看吧.

   系统:centos 5.9 64位

脚本内容:
vi ipdrop.sh

1. #!/bin/bash
   
2. 
   
3. #Collecting list of ip addresses connected to port 80
   
4. 
   
5. netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1 > /root/iplist
   
6. 
   
7. #Limit the no of connections
   
8. LIMIT=100;
   
9. 
   
10. for ip in `cat /root/iplist |awk '{print $2}'`;do
    
11. 
    
12. if [ `grep $ip /root/iplist | awk '{print $1}'` -gt $LIMIT ]
    
13. then
    
14. echo "100 connection from $ip... `grep $ip /root/iplist | awk '{print $1}'` number of connections... Blocking $ip";
    
15. 
    
16. #Blocking the ip ...
    
17. 
    
18. /etc/rc.d/init.d/iptables save > /dev/null;
    
19. CHECK_IF_LOCALIP=0;
    
20. /sbin/ifconfig | grep $ip > /dev/null;
    
21. if [ $? -ne $CHECK_IF_LOCALIP ]
    
22. then
    
23. {
    
24. FLAG=0;
    
25. grep $ip /etc/sysconfig/iptables | grep DROP > /dev/null;
    
26. if [ $? -ne $FLAG ]
    
27. then
    
28. iptables -I INPUT -s $ip -j DROP;
    
29. else
    
30. echo " Ipaddress $ip is already blocked ";
    
31. fi
    
32. }
    
33. else
    
34. echo " Sorry, the ip $ip cannot be blocked since this is a local ip of the server ";
    
35. fi
    
36. fi
    
37. done

复制代码