From a7593180de85baa73e506e8796e370da314a6197 Mon Sep 17 00:00:00 2001 From: hjdhnx Date: Sat, 4 Nov 2023 12:16:28 +0800 Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E6=96=87=E6=A1=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- doc/banips.sh | 137 ++++++++++++++++++++++++++++++++ doc/海阔视界道长仓库搭建说明.md | 13 +++ 2 files changed, 150 insertions(+) create mode 100644 doc/banips.sh diff --git a/doc/banips.sh b/doc/banips.sh new file mode 100644 index 0000000..a436ac9 --- /dev/null +++ b/doc/banips.sh @@ -0,0 +1,137 @@ +#!/bin/bash +banip_run(){ + # https://help.baidu.com/search?keywords=hiker.nokia.press 访问这个直接dd + nginx_home=/usr/sbin/nginx + log_path=/var/log/nginx + nginx_etc=/etc/nginx/conf.d + maxcn=3000 + history=50000 + cat /dev/null > $log_path/ban_ip_tmp.txt + tail -n$history $log_path/access.log \ + |awk '{print $1,$12}' \ + |grep -i -v -E "google|yahoo|baidu|msnbot|FeedSky|sogou" \ + |awk '{print $1}'|sort|uniq -c|sort -rn \ + |awk '{if($1>'$maxcn')print "deny "$2";"}' >$log_path/ban_ip_tmp.txt + spiders=`awk 'END{print NR}' $log_path/ban_ip_tmp.txt` + now_time=$(date "+%Y-%m-%d %H:%M:%S") + if [ $spiders -gt 0 ] + then + cat $log_path/ban_ip_tmp.txt > $nginx_etc/ban_ip.conf + blacks=`cat $log_path/ban_ip_tmp.txt` + echo "$now_time 本次封禁以下$spiders个IP:$blacks" + service nginx reload + echo "nginx重载完毕" + #docker restart hiker + docker exec hiker odoo restart + echo "道长仓库重载完毕" +else + echo "$now_time 很棒,本次检测未发现恶意访问的ip" + hiker_test + fi +} +hiker_test(){ + httpcode=`curl -I localhost:8025 -w "%{http_code}\n" -o /dev/null -s` + # httpcode=`curl -I -s localhost:8025|head -1|cut -d " " -f2` + if [ "$httpcode" == "200" ];then + echo "hiker服务运行正常" + else + echo "hiker服务已经异常,返回$httpcode,开始重启服务" + docker exec hiker odoo restart + echo "道长仓库重载完毕" +fi +} + +banip_num(){ + # 500000 10000 + log_path=/var/log/nginx + tail -n$1 $log_path/access.log \ + |awk '{print $1,$12}' \ + |grep -i -v -E "google|yahoo|baidu|msnbot|FeedSky|sogou" \ + |awk '{print $1}'|sort|uniq -c|sort -rn \ + |awk '{if($1>'$2')print ""$2""}' >$log_path/ban_ip_tmps.txt + cat $log_path/ban_ip_tmps.txt + } + + banip_kill(){ + log_path=/var/log/nginx + for line in `cat $log_path/ban_ip_tmps.txt` + do + iptables -I INPUT -s $line -j DROP + echo '封禁了:'$line + done + } + + ipkill(){ + iptables -I INPUT -s $1 -j DROP + echo '封禁了:'$1 + } + ipallow(){ + iptables -D INPUT -s $1 -j DROP + echo '解封了:'$1 + } + ipshow(){ + # iptables --list + iptables -L + } + log(){ + log_path=/var/log/nginx + tail -f $log_path/access.log + } + + banip_log(){ + awk '{print $1}' /var/log/nginx/access.log |sort |uniq -c|sort -n + } + + banip_clear(){ + cat /dev/null > ban_ip.conf + } + + banip_show(){ + nginx_etc=/etc/nginx/conf.d + cat $nginx_etc/ban_ip.conf + } + # cat /dev/null > banips.sh + #ln -s /etc/nginx/conf.d/banips.sh /usr/local/bin/banips + #rm -rf /usr/local/bin/banips + #crontab -e + #15分钟执行一次封ip + # */15 * * * * banips run >> /etc/nginx/conf.d/banips.log 2>&1 + # iptables -L -n --line-numbers + # iptables -I INPUT -s 168.138.198.222 -j DROP + # cat /var/log/nginx/access.log | grep HEAD + msg='run 启动ip封杀\nlog 打印访问ip记录\nshow 显示被封的ip\nclear 清空封禁列表\nlogs 显示nginx实时日志\nnum输出异常ip到文本\nkills 封禁文本异常ip\nipkill 手动封单ip\nipshow 显示规则\nipallow 解封ip' + case "$1" in + run) + banip_run + ;; + log) + banip_log + ;; + logs) + log + ;; + num) + banip_num $2 $3 + ;; + kills) + banip_kill + ;; + show) + banip_show + ;; + clear) + banip_clear + ;; + ipkill) + ipkill $2 + ;; + ipallow) + ipallow $2 + ;; + ipshow) + ipshow + ;; + *) + echo -e $msg + ;; + esac \ No newline at end of file diff --git a/doc/海阔视界道长仓库搭建说明.md b/doc/海阔视界道长仓库搭建说明.md index b381a79..7235d2d 100644 --- a/doc/海阔视界道长仓库搭建说明.md +++ b/doc/海阔视界道长仓库搭建说明.md @@ -159,4 +159,17 @@ server{ ##### other directive } +``` + +### 设置封Ip和仓库重启策略 +```shell +cd /etc/nginx/conf.d +chmod +x ./banips.sh +ln -s /etc/nginx/conf.d/banips.sh /usr/local/bin/banips +banips run + +crontab -e + +#5分钟执行一次封ip +*/2 * * * * banips run >> /etc/nginx/conf.d/banips.log 2>&1 ``` \ No newline at end of file