贴个半自动封IP代码
1.设置nginx的访问日志,日志文件为: /www/web_logs/fecmall-access.log
2.执行命令行:cat /www/web_logs/fecmall-access.log | awk '{print $1}' | sort | uniq -c | sort -k 1 -n -r |head -n 20
输出为:
1663 39.107.110.239
1620 8.142.99.147
1466 103.142.110.98
1309 121.37.255.79
1301 39.106.69.122
1284 114.115.181.74
1262 47.99.142.165
1258 116.205.189.176
1223 116.205.224.136
左边为ip访问的次数,右边为ip
3.通过php代码,生成iptables封禁ip的代码:
$s = "
2041 147.226.7.161
1663 39.107.110.239
1620 8.142.99.147
1466 103.142.110.98
1309 121.37.255.79
1301 39.106.69.122
1284 114.115.181.74
1262 47.99.142.165
1258 116.205.189.176
1223 116.205.224.136
";
$ss = explode("\r\n", $s);
$arrr = [];
foreach ($ss as $s) {
$d = trim($s);
if (empty($d)) {
continue;
}
$arr = explode(' ', $d);
$ip = $arr[1] ?? '';
if (!$ip) {
continue;
}
$arrr[] = 'iptables -I INPUT -s '.$ip. ' -j DROP';
}
$arrr[] = 'service iptables save';
echo implode("\r\n", $arrr);exit;
输出结果如下:
iptables -I INPUT -s 147.226.7.161 -j DROP
iptables -I INPUT -s 39.107.110.239 -j DROP
iptables -I INPUT -s 8.142.99.147 -j DROP
iptables -I INPUT -s 103.142.110.98 -j DROP
iptables -I INPUT -s 121.37.255.79 -j DROP
iptables -I INPUT -s 39.106.69.122 -j DROP
iptables -I INPUT -s 114.115.181.74 -j DROP
iptables -I INPUT -s 47.99.142.165 -j DROP
iptables -I INPUT -s 116.205.189.176 -j DROP
iptables -I INPUT -s 116.205.224.136 -j DROP
iptables -I INPUT -s 116.205.242.129 -j DROP
service iptables save
粘贴到linux执行即可封禁IP、