利用SHELL脚本自动拦截DDOS攻击
2015-06-01 12:45
459 查看
| #!/bin/bash #fix by leipore at 2014-12-18 ddos-autoprotection.sh touch /root/back_bad_ip.txt time=`date +"%Y-%m-%d %H:%M:%S"` ar=`wc -l /root/back_bad_ip.txt |awk '{print $1}'` sleep 1 netstat -an |grep 80 |grep -v "STREAM"|awk '{print $5 }'|sort | awk -F: '{print $1}'|uniq -c |awk '$1 > 200 {print $1,$2}' > /root/bad_ip; cat /root/bad_ip |awk -vtime="$time" '{print time" | " $1" | "$2}' >>/root/back_bad_ip.txt ar2=`wc -l /root/back_bad_ip.txt |awk '{print $1}'` for i in `awk '{print $2}' /root/bad_ip`;do if [ '$i' = " " ];then exit :q else iptables -I INPUT -s $i -j DROP fi done sum=$[$ar2 - $ar] if [ "$sum" -eq 0 ];then exit else /usr/lib/sendmail -f 189XXXXXXX@189.c-t 214999212@qq.com -s smtp.xx.cn -u "Subject:Report" -xu 1891XXXXXXX@189.cN-xp xxxxxx -m </root/back_bad_ip.txt fi |
| #!/bin/bash while [ 1 ] do sh /scripts/ddos-autoprotection.sh sleep 30 done |
弊端 :
重复iptables 禁用 。
不写入iptables日常,也就是说 重启失效
需要重启iptables(可选)
代理跟代理下端的链接超过此限制也会被限制 例如 lo网卡 本地网卡 等
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 