ec保驾护航 可自动停掉大量连接ip的脚本,适用 Linux
2016-07-07 15:14 来源:www.chinab4c.com 作者:ecshop专家
############################################## #version="20100718" #author="phpsir" #author_email="733905@qq.com" ############################################## maxnum=100 runmin_max=120 #runmin_max is run iptables -F timeout banip_data_file="/root/banip_data.txt" ipopenfile="/root/openip.txt" ipfile="/tmp/80link.txt" nsfile="/tmp/netstat80.txt" myip=`/sbin/ifconfig eth0 | grep inet | awk '{print $2}' | sed 's/addr://' | grep .` if [ ! -f $ipopenfile ] then echo "init $ipopenfile" touch $ipopenfile fi if [ -f $banip_data_file ] then source $banip_data_file echo"last runtime=$runtime" else echo "init $banip_data_file" echo 'runtime='`date "+%s"` > $banip_data_file source $banip_data_file runmin_max=-1 fi echo "start shell" `date "+%Y-%m-%d %H:%M:%S"` runmin=$((`date "+%s"`-$runtime)) if [ $runmin -gt $runmin_max ] then echo $runmin "is bigger than " $runmin_max echo "clear ips" /sbin/iptables -F echo 'runtime='`date "+%s"` > $banip_data_file else echo $runmin "is lowwer than " $runmin_max fi netstat -an | grep "$myip:80" > $nsfile echo "Total Links = " `cat $nsfile | wc -l ` echo "Total Links ESTABLISHED = " `cat $nsfile | grep ESTABLISHED | wc -l ` echo "Total Links SYNC = " `cat $nsfile | grep SYN | wc -l ` cat $nsfile | awk '{print $5}' | awk -F: '{print $1}' | sort|uniq -c|sort -rn | head -n 10 >$ipfile cat $ipfile| while read oneline do ip=`echo $oneline | cut -d " " -f 2` num=`echo $oneline | cut -d " " -f 1` str="$ip has linked$num " banme="yes" for allowip in `cat $ipopenfile` do echo $ip | grep $allowip > /dev/null if [ $? -eq 0 ] then banme="no" echo $allowip "banme = " $banme /sbin/iptables -DINPUT-p tcp -s $ip-d $myip--dport 80 -j REJECT> /dev/null2>&1 continue fi done if [ $banme = "yes" ] then if [ $num -gt "$maxnum" ] then /sbin/iptables -L -n | grep "$ip" >/dev/null status=`echo $?` if [ $status -eq 1 ] then echo "deny$ip ,because $str " /sbin/iptables -AINPUT-p tcp -s $ip-d $myip--dport 80 -j REJECT echo "BAN " $ip " OK " #/sbin/iptables -L -n | grep "$ip" else echo > /dev/null #echo "$stralread reject" fi else echo > /dev/null #echo "$str$ip ok ,less$maxnum " fi fi done echo "stop shell" `date "+%Y-%m-%d %H:%M:%S"` |
回答:
防CC的东东? |
是的。。。。。。。。。。。。。 |
谢谢楼主分享 |
根据ip links 使用iptables ban ip |
最近更新
常用插件
- ecshop按分类筛选销售排行
ecshop按分类筛选销售排行...
- ecshop快递发货单打印商品
ecshop快递发货单打印商品信息,大家都知道ecshop快递单打印的时候,只能...
- ecshop二次开发售后维修卡
插件介绍: 本插件是用于专门从事电子,信息,软件等售后服务关键比...
- ecshop供应商插件免费下载
ecshop供应商插件免费下载...
- ecshop选择下单时间插件
ecshop选择下单时间插件主要是根据不同的下单配送要求,在ecshop购物车...
ecshop热门问答
ecshop热门资料
ecshop推广员
ecshop右面
ecshop推荐分成
ecshop价格变化
ecshop怎么给排
ecshopEcshop后台
ecshop配制
ecshop白屏
ecshop圣诞程序
zencart购物车
ecshopalt
ecshopECMALL佣金提成
ecshop网银在线支付
ecm_define函数
ecshop使用经验
ecshopcovert
ecshop京东360
ecshop品牌页
ecshopEC广告位
ecshop大地
ecshopset
ecshopget_data
ecshop助销
ecshopold
ecshop支付接口
ecshop商业
ecmall登陆分析
ecshop二次开发
ecshophash
ecshop逛街