naokij · October 24, 2012 03:24
diff --git a/spider-killer.sh b/spider-killer.sh
 #! /bin/bash
 LOGFILE=/var/log/nginx/access.log
 PREFIX=/etc/spiders
 #日志中大部分蜘蛛都有spider的关键字，但是百度的不能封，所以过滤掉百度
 grep 'spider' $LOGFILE |grep -v 'Baidu' |awk '{print $1}' >$PREFIX/ip1.txt  
 # 封掉网易的有道
 grep 'YoudaoBot' $LOGFILE  | awk '{print $1}' >>$PREFIX/ip1.txt  
 #封掉雅虎
 grep 'Yahoo!' $LOGFILE  | awk '{print $1}' >>$PREFIX/ip1.txt  
 # 过滤掉信任IP
 sort -n $PREFIX/ip1.txt |uniq  |sort |grep -v '192.168.0.' |grep -v '127.0.0.1'>$PREFIX/ip2.txt 
 # 如果一小时内，发包不超过30个就要解封
 /sbin/iptables -nvL |awk '$1 <= 30 {print $8}' >$PREFIX/ip3.txt  
 for ip in `cat $PREFIX/ip3.txt`; do /sbin/iptables -D INPUT -s $ip -j DROP ; done
 /sbin/iptables -Z // 将iptables计数器置为0
 for ip in `cat $PREFIX/ip2.txt`; do /sbin/iptables -I INPUT -s $ip -j DROP ; done
	#! /bin/bash
	LOGFILE=/var/log/nginx/access.log
	PREFIX=/etc/spiders
	#日志中大部分蜘蛛都有spider的关键字，但是百度的不能封，所以过滤掉百度
	grep 'spider' $LOGFILE \|grep -v 'Baidu' \|awk '{print $1}' >$PREFIX/ip1.txt
	# 封掉网易的有道
	grep 'YoudaoBot' $LOGFILE \| awk '{print $1}' >>$PREFIX/ip1.txt
	#封掉雅虎
	grep 'Yahoo!' $LOGFILE \| awk '{print $1}' >>$PREFIX/ip1.txt
	# 过滤掉信任IP
	sort -n $PREFIX/ip1.txt \|uniq \|sort \|grep -v '192.168.0.' \|grep -v '127.0.0.1'>$PREFIX/ip2.txt
	# 如果一小时内，发包不超过30个就要解封
	/sbin/iptables -nvL \|awk '$1 <= 30 {print $8}' >$PREFIX/ip3.txt
	for ip in `cat $PREFIX/ip3.txt`; do /sbin/iptables -D INPUT -s $ip -j DROP ; done
	/sbin/iptables -Z // 将iptables计数器置为0
	for ip in `cat $PREFIX/ip2.txt`; do /sbin/iptables -I INPUT -s $ip -j DROP ; done