2019独角兽企业重金招聘Python工程师标准>>> 
一个简单通过nginx日志封ip规则(仅仅自己方便使用)
#!/bin/bash
#Version:1.0
#Date:2016-08-09
#作用:防刷IP地址,解封蜘蛛,解封5天前封的IP地址function deny ()
{
Date=$(date +"%F-%H-%M")
Date2=$(date +%s)
#awk '{a[$1]++};END {for(i in a) print i,a[i]}' /usr/local/nginx/logs/access.log|sort -rnk 2 | head -n 15 >/home/scripts/denyip.txt
grep -v -i 'ajax' /usr/local/nginx/logs/access.log | awk '{a[$1]++};END {for(i in a) print i,a[i]}' | sort -rnk 2 | head -n 15 >/home/scripts/denyip.txt
DEFINE="5000"
while read IP NUM
doif [ $NUM -gt $DEFINE ];thengrep -w "$IP" /home/scripts/white_list.txt > /dev/nullif [ $? != 0 ];thengrep -w "$IP" /home/scripts/black_list.txt > /dev/nullif [ $? != 0 ];then/sbin/iptables -A INPUT -p tcp --dport 80 -s $IP -j DROPecho "$Date2 $Date kill $IP" >> /home/scripts/black_list.txtfififi
done</home/scripts/denyip.txt
}function minute ()
{
Date=`date +"%H:%M:%S"`
Date2=`date +"%H:%M:%S" -d "$(date -d '-1minute')"`
Date3=$(date +%s)
Date4=$(date +"%F-%H-%M")
#awk '{a[$1]++};END {for(i in a) print i,a[i]}' /usr/local/data/nginx/logs/access.log|sort -rnk 2 | head -n 15 >>/home/scripts/denyip.txt
sed -n "/$Date2/,/$Date/p" /usr/local/data/nginx/logs/access.log | grep -v 'jQuery' | awk '{a[$1]++};END {for(i in a) print i,a[i]}' |sort -rnk 2 |head -n 15 >/home/scripts/minuteip.txtDEFINE="60"
while read IP NUM
doif [ $NUM -gt $DEFINE ];thengrep -w "$IP" /home/scripts/white_list.txt > /dev/nullif [ $? != 0 ];thengrep -w "$IP" /home/scripts/black_list.txt > /dev/null || grep -w "$IP" /home/scripts/minute_black_list.txt > /dev/nullif [ $? != 0 ];then/sbin/iptables -A INPUT -p tcp --dport 80 -s $IP -j DROPecho "$Date3 $Date4 kill $IP" >> /home/scripts/minute_black_list.txtfififi
done</home/scripts/minuteip.txt
}function unlock ()
{
UNLOCK_DAY=`date +%s -d '-5 days'`
while read A B C D
doif [ $A -lt $UNLOCK_DAY ]then sed -n "/$D/p" /home/scripts/black_list.txt >> /home/scripts/black_list_long_time.txt/sbin/iptables -D INPUT -p tcp --dport 80 -s $D -j DROPsed -i "/$D/d" /home/scripts/black_list.txtfi
done</home/scripts/black_list.txt
}function spider ()
{
#/sbin/service iptables status > /home/scripts/iptables_list.txt
#sleep 5
#IP_LIST=`grep "DROP" /home/scripts/iptables_list.txt | awk '{print $5}'`
IP_LIST=`awk '{print $NF}' /home/scripts/black_list.txt`
for i in $IP_LIST
donslookup $i | grep -E "msn|googlebot|baiduspider|yahoo"if [ `echo $?` -eq 0 ]thenecho $i >> /home/scripts/white_list.txt/sbin/iptables -D INPUT -p tcp --dport 80 -s $i -j DROPsed -i "/$i/d" /home/scripts/black_list.txtfi
done
MINUTE_IP_LIST=`awk '{print $NF}' /home/scripts/minute_black_list.txt`
for i in $MINUTE_IP_LIST
donslookup $i | grep -E "msn|googlebot|baiduspider|sogouspider"if [ `echo $?` -eq 0 ]then echo $i >> /home/scripts/white_list.txt/sbin/iptables -D INPUT -p tcp --dport 80 -s $i -j DROPsed -i "/$i/d" /home/scripts/minute_black_list.txt fi
done
}function help ()
{echo -e "\033[31mUsage: \033[32m$0 deny|minute|unlock|spider|help\033[0m"
}case $1 in
deny)deny;;
unlock)unlock;;
spider)spider;;
help)help;;
*)echo -e "\033[31mUsage: \033[32m$0 deny|minute|unlock|spider|help\033[0m";;
esac
