zoukankan      html  css  js  c++  java
  • 自动封杀脚本

    自动化防御脚本:
    1. 取的每分钟调用接口频繁的IP地址
    #!/usr/bin/perl
    #取文件行数
    ##循环开始清空文件
    use POSIX;
    use CGI;
    use DBI;
    use HTTP::Date qw(time2iso str2time time2iso time2isoz);  
    use Net::SMTP;
    sub send_mail{
    if (@_ != 2){print "请输入2个参数
    ";exit 1};
        ($m,$n) = @_; #将参数赋值给变量  
        my $to_address  = $m;
    my $CurrTime = time2iso(time());
        my $to_address  = $m;
    
     my $mail_user   = 'zhaoyangjian@zjcap.cn';
        my $mail_pwd    = 'xxxx55';
        my $mail_server = 'smtp.exmail.qq.com';
    
        my $from    = "From: $mail_user
    ";
        my $subject = "Subject: zjcap info
    ";
        my $info = "$CurrTime--$n";
         my $message = <<CONTENT; 
         $info
    CONTENT
        my $smtp = Net::SMTP->new($mail_server);
    
        $smtp->auth($mail_user, $mail_pwd) || die "Auth Error! $!";
        $smtp->mail($mail_user);
        $smtp->to($to_address);
    
        $smtp->data();             # begin the data
        $smtp->datasend($from);    # set user
        $smtp->datasend($subject); # set subject
        $smtp->datasend("
    
    ");
        $smtp->datasend("$message
    "); # set content
        $smtp->dataend();
        $smtp->quit();
    };
    
    my $SDATE = strftime("%Y-%m-%d",localtime());
    my $XDATE = strftime("%Y%m%d%H%M%S",localtime());
    my $dir  = '/usr/local/apache-tomcat-7.0.55_8081/logs';
    my $file = "localhost_access_log.$SDATE.txt";
    $mon_file = "$dir/$file";
    print "$mon_file is $mon_file
    ";
    ##如果文件存在,清空文件
    if (-f "tmp.out"){
    open FILE,">tmp.out";
    close FILE;}
    
    if (-f "sum_acc.log"){
    open FILE,">sum_acc.log";
    close FILE;}
    
    if (-f "ip.txt"){
    open FILE,">ip.txt";
    close FILE;}
    ###上次文件的记录数
    open( A, "<", "count.txt" );
                while (<A>) {
                $count = $_;
                            };
    print "上次记录的记录数为$count
    ";
    
    ###文件的最新记录数
    open(my $fh, '<', "$mon_file");
    $. = 0;
    while (<$fh>) {
        ($num=$.) if eof;
    };
    print "文件最新的记录数为$num"."
    ";
    ###最新的文件记录数 写入count.txt
    open( B, ">", "count.txt" );
    print B ("$num
    ");
    
    ##记录最新的日志
    if ( defined($count)  && $num != $count && $num !=0  )
    {print "开始处理
    ";
         open( C, "<", "$mon_file" ) || die "$!
    ";
           while (<C>) {
                 if  ($. > "$count" ){ 
                  open( D, ">>", "tmp.out" );
                  print D ("$_");
                 }
                      }
    };
                   close D;
    ##########监控关键字,以空格隔开################
    open (LOG ,"<","/home/tomcat/sum_acc/tmp.out");  
                        while (<LOG>) {  
                        chomp; 
     if ($_ =~ /.*s+"GETs*(.*?)=.*s+(d{1,3}.d{1,3}.d{1,3}.d{1,3})$/){
    $ip=$2;
     $hash{$ip}++;
    }
                                   };
    while(my($ip, $times) = each %hash) {
                       print "$ip access count(*) ==   $times
    ";
    open( E, ">>", "sum_acc.log" );
    print E ("$ip access count(*) ==   $times
    ");                     
    open( F, ">>", "ip.txt" );
    if ( "$times" > "30" ){send_mail('zhaoyangjian@zjcap.cn',"flow01-$ip access count(*) ==   $times
    ");print F ("$ip 
    ");;
    close E;
    close F;
    }};
    
    
    2. 把地址rsync到前台
    . ~/.bash_profile
    passwd=xxx
    expect <<!
    spawn rsync -avH ip.txt root@121.0.1.108:/root/sbin/
    expect {
        "(yes/no)?" {
            send "yes
    "
            expect "password:"
            send "$passwd
    "
        }
            "password:" {
            send "$passwd
    "
        }
     }
    expect eof
    exit
    !
    ##########################################################
    expect <<!
    spawn rsync -avH ip.txt root@11.40.16.5:/root/sbin/
    expect {
        "(yes/no)?" {
            send "yes
    "
            expect "password:"
            send "$passwd
    "
        }
            "password:" {
            send "$passwd
    "
        }
     }
    expect eof
    exit
    !
    
    
    第三步: 加入到iptables
    cd /root/sbin
    while :
    do
    if [ -s "ip.txt" ]
       then
    cat ip.txt |grep -v '115.236.160.82' | while read A
       do
        if [ $(grep $A /etc/sysconfig/iptables |grep -v grep |wc -l ) -eq 0  ] 
            then
              sh ./reject_ip.sh $A
            else
              continue
       fi
    done
    fi
    sleep 10
    done

  • 相关阅读:
    LCD
    数组转字符串,字符串转数组
    谷歌浏览器中安装JsonView扩展程序
    获取文件后缀名(zip,rar等)
    jquery图片懒加载效果
    ajax 上传文件,显示进度条,进度条100%,进度条隐藏,出现卡顿就隐藏进度条,显示正在加载,再显示上传完成
    localStorage使用总结
    同源策略、跨域解决方案
    原生js获取到页面上所有的checkbox
    input="file" 浏览时只显示指定excel文件,筛选特定文件类型
  • 原文地址:https://www.cnblogs.com/hzcya1995/p/13351515.html
Copyright © 2011-2022 走看看