Eric Litak elitak
elitak
/ anti_ddos.sh
Last active
August 29, 2015 14:03
— forked from anonymous/anti_ddos.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # in one window, get the offenders (change ack filter to whatever's most accurate) | |
| sudo tail -f /var/log/nginx/access.log | ack 'GET / ' | awk '{print $1}' | teesample | |
| # in the other, have a look at the worst with this: | |
| sort sample | uniq -c | sort -n | tail -n 50 | |
| # and then ban them | |
| sort sample | uniq -c | sort -n | awk '{print }' | tail -n 50 | xargs -i echo {} tcp http | sudo tee -a /etc/shorewall/blacklist | |
| # restart shorewall, then nginx to clear up latent connections | |
| # Then, restart the sampler to get a new batch. |