#!/bin/bash
#fix by leipore at 2014-12-18 ddos-autoprotection.sh
touch /root/back_bad_ip.txt
time=`date +"%Y-%m-%d %H:%M:%S"`
ar=`wc -l /root/back_bad_ip.txt |awk ‘{print $1}‘`
sleep 1
netstat -an |grep 80 |grep -v "STREAM"|awk ‘{print $5 }‘|sort | awk -F: ‘{print $1}‘|uniq -c |awk ‘$1 > 200 {print $1,$2}‘ > /root/bad_ip;
cat /root/bad_ip |awk -vtime="$time" ‘{print time" | " $1" | "$2}‘ >>/root/back_bad_ip.txt
ar2=`wc -l /root/back_bad_ip.txt |awk ‘{print $1}‘`
for i in `awk ‘{print $2}‘ /root/bad_ip`;do
if [ ‘$i‘ = " " ];then
exit :q
else
iptables -I INPUT -s $i -j DROP
fi
done
sum=$[$ar2 - $ar]
if [ "$sum" -eq 0 ];then
exit
else
/usr/lib/sendmail -f [email protected] [email protected] -s smtp.xx.cn -u "Subject:Report" -xu [email protected]-xp xxxxxx -m </root/back_bad_ip.txt
fi |
#!/bin/bash while [ 1 ] do sh /scripts/ddos-autoprotection.sh sleep 30 done |
nohup sh /scripts/ddos-check.sh & (开机启动)
弊端 :
