#!/bin/bash

for i in $( tail -n50 /usr/local/apache/logs/*log | grep '301 ' | awk '{print $1}' | sort | uniq -c | awk '$1 >30 {print $2}'); do
echo "$i blocked"
/root/block $i
done

sleep 30

for i in $( tail -n50 /usr/local/apache/logs/*log | grep '301 ' | awk '{print $1}' | sort | uniq -c | awk '$1 >30 {print $2}'); do
echo "$i blocked"
/root/block $i
done

for i in $(tail -n50 /usr/local/apache/logs/*log | grep 'htmGET' | awk '{print $2}' | grep -v 'Jan'); do

echo "$i blocked"

/root/block $i

done

cat block 

#!/usr/local/bin/php

<?

posix_setuid(0);

$ip = $argv[1];

//$id = sem_get(0x12341234, 1);

//sem_acquire($id);

$a = `iptables -L -n | grep $ip`;

if(!$a)`iptables -I INPUT -s $ip -j DROP`;

//sem_release($id);

?>

 

 

더 좋은 방법 있으면 공유 부탁 드립니다.