以前我用shell script 封鎖撞shadowsocks password嘅IP都係幾行寫完,只係count吓撞嘅次數
#! /bin/bash
# $PROG: badip.sh
# $description: ban the IP tries to crack ss-server's password
# rules: ERROR greater than 50 times from ss.log will be blocked.
# $usage: crontab -e add line */15 * * * * /path/to/badip.sh
# clear block list at 03:00am with crontab -e
# 0 3 * * * /sbin/iptables -F
# clear ss.log at 03:00am with crontab -e
# 0 3 * * * : > /path/to/ss.log
# works on shadowsocks-libev only, execute ss-server with '-v' argument
# ex: nohup ss-server -v -u -c /path/to/whatever.json &>> /path/to/ss.log &
# Public domain use as your own risk!
logfile="$HOME/ss.log" #change if it is not your ss.log directory
awk '$0 ~ /^.+ERROR: .+[1-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/{
ip[$NF]++
}END{
for (x in ip)
if (ip[x] > 50)
print x
}' "$logfile" | while read -r bad_ip ; do
if ! /sbin/iptables -L | grep -qE "^DROP.+ $bad_ip" ; then
/sbin/iptables -A INPUT -s "$bad_ip" -j DROP
echo "$bad_ip blocked."
else
echo "$bad_ip already in block list."
fi
done
exit 0
所以連登要做唔難嘅,我都唔係正式IT人,讀都冇讀過IT相關嘅嘢