« *.ipchina.org 域名系统改版 |
Main
| 代理自动封禁 squid autodeny.pl »
March 25, 2004
www 的自动封禁 80autodeny.pl
版权声明:可以任意转载,转载时请务必以超链接形式标明文章原始出处和作者信息及本声明。
https://windtear.net/archives/2004/03/25/000500.html
原理都一样 盯着log看 看着不顺眼就封
正好刚回了一封信 就顺便blog一下好了
#!/usr/bin/perl
#
# http log 自动封禁
# 用法:
# tail -f /var/log/httpd/ipcn.org.txt | /usr/local/bin/80autodeny.pl
#
# Zhang Xiuling (windtear@ipcn.org)
#
use strict;
my ($badip, $date);
open(OUT,">>/var/log/httpd/deny.log") || die("cannot open deny.log");
open(OUT2,">>/var/log/httpd/deny") || die("cannot open deny");
while (<STDIN>){
chomp $_;
$badip="";
if ( /(\d+\.\d+\.\d+\.\d+)(.*)GET\ \/default.ida\?XXXXXXXXXXXXXXXXXX/ ) {
$badip=$1;
}
elsif ( /(\d+\.\d+\.\d+\.\d+)(.*)GET\ \/scripts\//i ) {
$badip=$1;
}
elsif ( /(\d+\.\d+\.\d+\.\d+)(.*)GET\ \/msadc\//i ) {
$badip=$1;
}
elsif ( /(\d+\.\d+\.\d+\.\d+)(.*)GET.*\.\./ ) {
$badip=$1;
}
elsif ( /(\d+\.\d+\.\d+\.\d+)(.*)GET\ \/_vti_bin\// ) {
$badip=$1;
}
if (! $badip ) {
next;
}
if ($badip =~ /^166.111.154/ ) {
next;
}
$date = `date`;
chomp $date;
printf OUT "%s %-15sn",$date,$badip;
printf OUT2 "%sn",$badip;
system("/sbin/iptables -A www -p tcp --dport 80 -j DROP -s $badip");
}
close(OUT);
close(OUT2);
|
|
Posted by windtear at March 25, 2004 4:07 PM
