shell實戰之:定時分析nginx日志,並將對本站使用webscan的同學擋住
01
定時分析nginx日志,並將對本站使用webscan的同學擋住
02
查看nginx日志時發現
03
atible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)"
04
220.181.55.30 - - [20/Jul/2013:19:55:57 +0400] "GET /article/show/14/?classid=2-%28-9999995%29-9999995-0-0-0 HTTP/1.1" 200 5285 "http://scpman.com:80/article/show/14/?classid=2-%28-9999995%29-9999995-0-0-0" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; WebscanSpider )"
05
220.181.55.29 - - [20/Jul/2013:20:06:05 +0400] "GET /web-console/ HTTP/1.1" 404 225 "http://scpman.com:80/web-console/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; WebscanSpider )"
06
於是:
07
# cat /usr/shell_work/iptab_nginx.sh
08
#!/bin/bash
09
#code by scpman
10
#把對本站使用webscan的同學封在外面了,又少了一些用戶。。
11
for ip in `cat /usr/local/nginx/logs/access.log |grep 'WebscanSpider'|awk '{print $1}'|sort -u`
12
do
13
/sbin/iptables -I INPUT -s $ip -p TCP --dport 80 -j DROP
14
done
15
#加到定時裡,每10分鐘來一次吧
16
*/10 * * * * /usr/shell_work/iptab_nginx.sh
17
Chain INPUT (policy ACCEPT)
18
num target prot opt source destination
19
1 DROP tcp -- 220.181.55.30 0.0.0.0/0 tcp dpt:80
20
2 DROP tcp -- 220.181.55.29 0.0.0.0/0 tcp dpt:80
21
效果很明顯