#!/bin/bash
echo "init..."
now=$(date +%T)
ago=$(date +%T -d ‘10 min ago‘)
tail -200000 /home/work/opbin/nginx/logs/access.log |awk -F "[T+\",]" ‘{if($2>="‘${ago}‘" && $2<="‘$now‘") ++S[$4]} END {for (i in S) print i,S[i]}‘|sort -k2rn|grep -Ev ‘123.125.125.146|106.120.151.93|183.81.181.178|101.201.142.123|36.110.170.250|101.201.142.242|123.57.52.20|106.2.203.188|127.0.0.1|121.42.0|123.57.173.121|183.81.181.178|101.96.129.66‘ |while read line
do
echo "start...."
ip=`echo $line|awk ‘{print $1}‘`
count=`echo $line|awk ‘{print $2}‘`
if [ $count -ge 200 ];then
echo $line
echo "curl..."
curl -s "http://ip.chinaz.com/?ip=$ip" |grep ‘span class="Whwtdhalf w50-0‘|egrep ‘阿里云|数据|IDC|机房‘
if [ $? -eq 0 ];then
echo ‘/sbin/iptables -A INPUT -s ‘$ip‘ -p tcp --dport 80 -j DROP‘ >> /home/work/opbin/nginx/new_ban_ip.sh
echo "$(date +%F_%T) $ip" >> /home/work/opbin/nginx/firewall_black.txt
echo -e "$(date +$F_%T) /sbin/iptables -A INPUT -s ‘$ip‘ -p tcp --dport 80 -j DROP" >> /home/work/opbin/nginx/nginx_iptables.log
for i in nginx-2 nginx-1 nginx-3
do
echo "ban ip..."
echo -e "ssh $i /sbin/iptables -A INPUT -s $ip -p tcp --dport 80 -j DROP" >> /home/work/opbin/nginx/nginx_iptables.log
ssh $i /sbin/iptables -A INPUT -s $ip -p tcp --dport 80 -j DROP
done
fi
else
echo -e "$line no ban and break" >> /home/work/opbin/nginx/nginx_iptables.log
break;
fi
echo "end."
done原文:http://dihuo.blog.51cto.com/1657091/1898747