Web访问异常简单报警

先分享一个简单的报警脚本：#!/bin/bash#Writer:lin_credible@163.com#---------------10分钟内访问超过600次的访问IP---------------------------#+ 这个10分钟来得不严谨！#-----------------------------------if [ $# -ne 1 ]then        echo "Wrong Enter!"        echo "Usage: `basename $0` logs_file's_path"        exit 1fiif [ ! -e $1 ]then        echo "The log_file is not exists!"        exit 1fi#-----------------------------------date_now=`date +%d/%b/%Y:%H:%M`date=`date -d "10 minute ago" +%d/%b/%Y:%H:%M`date1=${date%[0-9]}cat $1|grep "$date1"|awk '{print $3}'|sort|uniq -c|sort -nr|awk '{if($1 > 30) print $2}'> ip_list_10minute.txtwhile read ado                arr[x++]="${a}";done < ip_list_10minute.txtj="${#arr[@]}"if [ $j -gt 0 ]        then                echo  "10分钟内访问数超过600次的ip列表如下" >> bad_ip_list.txt        else                exit 0fifor (( i=$(( $j - 1 ));i>=0;i-- ))do        echo  "${date_now} ----> IP: ${arr[$i]}" >> bad_ip_list.txt        cat $1|grep -E "\s${arr[$i]}\s"|sort -nr|awk 'NR==1{print $0}' >>bad_ip_list.txt        echo  " " >>bad_ip_list.txtdonesend_mail(){        while (( $# > 0 ))        do                mail -s "web访问报警" $1@163.com < bad_ip_list.txt                shift        done}#send_mail lin_credible xxx yyy zzzsend_mail lin_crediblerm -rf bad_ip_list.txt &> /dev/null rm -rf ip_list_10minute.txt &> /dev/null

Linux下 自动屏蔽DDOS攻击者IP DDoS deflate

链接限制的iptables规则：

#iptables -I INPUT -p tcp dport 80 -m connlimit connlimit-above 10 -j REJECT

Notice：如果相关站点做了CDN加速的，别错杀了连接！
PS: 转了一篇好文章！Nginx简单防御CC攻击的两种方法