#!/bin/sh
#########################
#monitor 恶意IP地址
#by zkg
#日期:2019-08-23
#########################

. /etc/init.d/functions
WEBFILE=/data/nginx/logs/access.log-2019-08-19
while true
do
tail -n 200 $WEBFILE|awk '{print $1}'|sort|uniq -c >/tmp/iptables.log
while read line
do
IP=echo $line|awk '{print $2}'
COUNT=echo $line|awk '{print $1}'
IPTABLESCOUNT=iptables -L -n|grep "$IP"|wc -l
if [ $COUNT -ge 50 -a $IPTABLESCOUNT -lt 1 ];then
iptables -I INPUT -s $IP -j DROP && \
/etc/init.d/iptables save
[ $? -eq 0 ]&&
echo "$IP may be a malicious attack on IP, successfully blocking this IP" /bin/true
fi
done </tmp/iptables.log
sleep 5
done