·设为首页收藏本站📧邮箱修改🎁免费下载专区📒收藏夹📱AI智能体
🔄最新发布📃文档资料库🆔加群看共享绿色软件切换到窄版
立即注册
DZ插件网»🏠首页 应用中心 其他分享 DZ插件网手工扛SYN DDOS攻击之全自动监测高连接数超过阈 ...
返回列表 发布新帖

DZ插件网手工扛SYN DDOS攻击之全自动监测高连接数超过阈值自动封锁屏蔽IP并自动放行蜘蛛IP和白名单自动监测执行脚本

153 2
发表于 2025-9-1 21:19:55 | 查看全部 阅读模式 | Google Chrome| Windows 10

马上注册,免费下载更多dz插件网资源。

您需要 登录 才可以下载或查看,没有账号?立即注册

×
DZ插件网手工扛SYN DDOS攻击之全自动监测高连接数超过阈值自动封锁屏蔽IP并自动放行蜘蛛IP和白名单自动监测执行脚本:

创建脚本:
  1. vi /usr/local/sbin/auto_block_ip.sh
复制代码
复制DZ插件网优化后的内容:
  1. #!/bin/bash

  3. # 高级IP自动屏蔽脚本 - 针对高连接数攻击
  4. # 功能: 检测ESTABLISHED连接数超标的IP,并自动屏蔽,排除蜘蛛和白名单。

  6. # ===== 配置区域 (请根据您的环境修改) =====

  8. # 连接数阈值
  9. CONNECTION_THRESHOLD=68     # 超过这个数值的IP将被封锁
  10. LOG_ONLY_THRESHOLD=60       # 超过此值但未达封锁阈值的IP,仅记录日志

  12. # 封锁类型
  13. # TEMP: 临时封锁,使用iptables的Recent模块,一段时间后自动解封
  14. # PERM: 永久封锁,使用iptables的DROP规则
  15. BLOCK_TYPE="TEMP"

  17. # 临时封锁的过期时间(秒)(仅在BLOCK_TYPE="TEMP"时有效)
  18. TEMP_BLOCK_EXPIRE=3600      # 3600秒 = 1小时

  20. # 白名单文件路径(每行一个IP或CIDR网段)
  21. WHITELIST_FILE="/etc/ddos/ignore.ip.list"

  23. # 日志文件路径
  24. LOG_FILE="/var/log/auto_block_ip.log"

  26. # 最大日志文件大小(KB),超过则滚动
  27. MAX_LOG_SIZE=10240

  29. # 定义常见搜索引擎蜘蛛的IP段(CIDR格式)
  30. # 这是一个基础列表,您可能需要根据实际情况扩充
  31. SPIDER_NETS=(
  32. #百度
  33. "180.76.15.0/24"
  34. "124.166.232.0/24"
  35. "116.179.32.0/24"
  36. "180.76.5.0/24"
  37. "61.135.168.0/24"
  38. "61.135.186.0/24"
  39. "111.206.221.0/24"
  40. "116.179.37.0/24"
  41. "111.206.198.0/24"
  42. "113.24.225.0/24"
  43. "123.125.71.0/24"
  44. "220.181.108.0/24"
  45. "119.63.198.0/24"
  46. "123.125.68.0/24"
  47. "180.149.133.0/24"
  48. "123.125.66.0/24"
  49. "119.63.195.0/24"
  50. "220.181.32.0/24"
  51. "123.125.143.0/24"
  52. "61.135.165.0/24"
  53. "173.82.106.0/24"
  54. "61.135.162.0/24"
  55. "61.135.169.0/24"
  56. "64.20.40.0/24"
  57. "199.188.107.0/24"
  58. "180.101.52.0/24"
  59. "137.175.22.0/24"
  60. "124.64.200.0/24"
  61. "45.136.113.0/24"
  62. "209.141.35.0/24"
  63. "207.154.236.0/24"
  64. "180.149.143.0/24"
  65. "115.239.212.0/24"
  66. "58.217.202.0/24"
  67. "173.82.206.0/24"
  68. #谷歌
  69. "2001:4860:4801:10::/64"
  70. "2001:4860:4801:11::/64"
  71. "2001:4860:4801:12::/64"
  72. "2001:4860:4801:13::/64"
  73. "2001:4860:4801:14::/64"
  74. "2001:4860:4801:15::/64"
  75. "2001:4860:4801:16::/64"
  76. "2001:4860:4801:17::/64"
  77. "2001:4860:4801:18::/64"
  78. "2001:4860:4801:19::/64"
  79. "2001:4860:4801:1a::/64"
  80. "2001:4860:4801:1b::/64"
  81. "2001:4860:4801:1c::/64"
  82. "2001:4860:4801:1d::/64"
  83. "2001:4860:4801:1e::/64"
  84. "2001:4860:4801:1f::/64"
  85. "2001:4860:4801:20::/64"
  86. "2001:4860:4801:21::/64"
  87. "2001:4860:4801:22::/64"
  88. "2001:4860:4801:23::/64"
  89. "2001:4860:4801:24::/64"
  90. "2001:4860:4801:25::/64"
  91. "2001:4860:4801:26::/64"
  92. "2001:4860:4801:27::/64"
  93. "2001:4860:4801:28::/64"
  94. "2001:4860:4801:29::/64"
  95. "2001:4860:4801:2::/64"
  96. "2001:4860:4801:2a::/64"
  97. "2001:4860:4801:2b::/64"
  98. "2001:4860:4801:2c::/64"
  99. "2001:4860:4801:2d::/64"
  100. "2001:4860:4801:2e::/64"
  101. "2001:4860:4801:2f::/64"
  102. "2001:4860:4801:30::/64"
  103. "2001:4860:4801:31::/64"
  104. "2001:4860:4801:32::/64"
  105. "2001:4860:4801:33::/64"
  106. "2001:4860:4801:34::/64"
  107. "2001:4860:4801:35::/64"
  108. "2001:4860:4801:36::/64"
  109. "2001:4860:4801:37::/64"
  110. "2001:4860:4801:38::/64"
  111. "2001:4860:4801:39::/64"
  112. "2001:4860:4801:3a::/64"
  113. "2001:4860:4801:3b::/64"
  114. "2001:4860:4801:3c::/64"
  115. "2001:4860:4801:3d::/64"
  116. "2001:4860:4801:3e::/64"
  117. "2001:4860:4801:3f::/64"
  118. "2001:4860:4801:40::/64"
  119. "2001:4860:4801:41::/64"
  120. "2001:4860:4801:42::/64"
  121. "2001:4860:4801:43::/64"
  122. "2001:4860:4801:44::/64"
  123. "2001:4860:4801:45::/64"
  124. "2001:4860:4801:46::/64"
  125. "2001:4860:4801:47::/64"
  126. "2001:4860:4801:48::/64"
  127. "2001:4860:4801:49::/64"
  128. "2001:4860:4801:4a::/64"
  129. "2001:4860:4801:4b::/64"
  130. "2001:4860:4801:4c::/64"
  131. "2001:4860:4801:4d::/64"
  132. "2001:4860:4801:4e::/64"
  133. "2001:4860:4801:50::/64"
  134. "2001:4860:4801:51::/64"
  135. "2001:4860:4801:52::/64"
  136. "2001:4860:4801:53::/64"
  137. "2001:4860:4801:54::/64"
  138. "2001:4860:4801:55::/64"
  139. "2001:4860:4801:56::/64"
  140. "2001:4860:4801:57::/64"
  141. "2001:4860:4801:60::/64"
  142. "2001:4860:4801:61::/64"
  143. "2001:4860:4801:62::/64"
  144. "2001:4860:4801:63::/64"
  145. "2001:4860:4801:64::/64"
  146. "2001:4860:4801:65::/64"
  147. "2001:4860:4801:66::/64"
  148. "2001:4860:4801:67::/64"
  149. "2001:4860:4801:68::/64"
  150. "2001:4860:4801:69::/64"
  151. "2001:4860:4801:6a::/64"
  152. "2001:4860:4801:6b::/64"
  153. "2001:4860:4801:6c::/64"
  154. "2001:4860:4801:6d::/64"
  155. "2001:4860:4801:6e::/64"
  156. "2001:4860:4801:6f::/64"
  157. "2001:4860:4801:70::/64"
  158. "2001:4860:4801:71::/64"
  159. "2001:4860:4801:72::/64"
  160. "2001:4860:4801:73::/64"
  161. "2001:4860:4801:74::/64"
  162. "2001:4860:4801:75::/64"
  163. "2001:4860:4801:76::/64"
  164. "2001:4860:4801:77::/64"
  165. "2001:4860:4801:78::/64"
  166. "2001:4860:4801:79::/64"
  167. "2001:4860:4801:7a::/64"
  168. "2001:4860:4801:7b::/64"
  169. "2001:4860:4801:80::/64"
  170. "2001:4860:4801:81::/64"
  171. "2001:4860:4801:82::/64"
  172. "2001:4860:4801:83::/64"
  173. "2001:4860:4801:84::/64"
  174. "2001:4860:4801:85::/64"
  175. "2001:4860:4801:86::/64"
  176. "2001:4860:4801:87::/64"
  177. "2001:4860:4801:88::/64"
  178. "2001:4860:4801:90::/64"
  179. "2001:4860:4801:91::/64"
  180. "2001:4860:4801:92::/64"
  181. "2001:4860:4801:93::/64"
  182. "2001:4860:4801:94::/64"
  183. "2001:4860:4801:95::/64"
  184. "2001:4860:4801:96::/64"
  185. "2001:4860:4801:97::/64"
  186. "2001:4860:4801:a0::/64"
  187. "2001:4860:4801:a1::/64"
  188. "2001:4860:4801:a2::/64"
  189. "2001:4860:4801:a3::/64"
  190. "2001:4860:4801:a4::/64"
  191. "2001:4860:4801:a5::/64"
  192. "2001:4860:4801:a6::/64"
  193. "2001:4860:4801:a7::/64"
  194. "2001:4860:4801:a8::/64"
  195. "2001:4860:4801:a9::/64"
  196. "2001:4860:4801:aa::/64"
  197. "2001:4860:4801:ab::/64"
  198. "2001:4860:4801:ac::/64"
  199. "2001:4860:4801:b0::/64"
  200. "2001:4860:4801:b1::/64"
  201. "2001:4860:4801:b2::/64"
  202. "2001:4860:4801:b3::/64"
  203. "2001:4860:4801:b4::/64"
  204. "2001:4860:4801:b5::/64"
  205. "2001:4860:4801:c::/64"
  206. "2001:4860:4801:f::/64"
  207. "192.178.4.0/27"
  208. "192.178.4.128/27"
  209. "192.178.4.160/27"
  210. "192.178.4.192/27"
  211. "192.178.4.32/27"
  212. "192.178.4.64/27"
  213. "192.178.4.96/27"
  214. "192.178.5.0/27"
  215. "192.178.6.0/27"
  216. "192.178.6.128/27"
  217. "192.178.6.160/27"
  218. "192.178.6.192/27"
  219. "192.178.6.224/27"
  220. "192.178.6.32/27"
  221. "192.178.6.64/27"
  222. "192.178.6.96/27"
  223. "192.178.7.0/27"
  224. "192.178.7.128/27"
  225. "192.178.7.160/27"
  226. "192.178.7.32/27"
  227. "192.178.7.64/27"
  228. "192.178.7.96/27"
  229. "34.100.182.96/28"
  230. "34.101.50.144/28"
  231. "34.118.254.0/28"
  232. "34.118.66.0/28"
  233. "34.126.178.96/28"
  234. "34.146.150.144/28"
  235. "34.147.110.144/28"
  236. "34.151.74.144/28"
  237. "34.152.50.64/28"
  238. "34.154.114.144/28"
  239. "34.155.98.32/28"
  240. "34.165.18.176/28"
  241. "34.175.160.64/28"
  242. "34.176.130.16/28"
  243. "34.22.85.0/27"
  244. "34.64.82.64/28"
  245. "34.65.242.112/28"
  246. "34.80.50.80/28"
  247. "34.88.194.0/28"
  248. "34.89.10.80/28"
  249. "34.89.198.80/28"
  250. "34.96.162.48/28"
  251. "35.247.243.240/28"
  252. "66.249.64.0/27"
  253. "66.249.64.128/27"
  254. "66.249.64.160/27"
  255. "66.249.64.192/27"
  256. "66.249.64.224/27"
  257. "66.249.64.32/27"
  258. "66.249.64.64/27"
  259. "66.249.64.96/27"
  260. "66.249.65.0/27"
  261. "66.249.65.128/27"
  262. "66.249.65.160/27"
  263. "66.249.65.192/27"
  264. "66.249.65.224/27"
  265. "66.249.65.32/27"
  266. "66.249.65.64/27"
  267. "66.249.65.96/27"
  268. "66.249.66.0/27"
  269. "66.249.66.128/27"
  270. "66.249.66.160/27"
  271. "66.249.66.192/27"
  272. "66.249.66.224/27"
  273. "66.249.66.32/27"
  274. "66.249.66.64/27"
  275. "66.249.66.96/27"
  276. "66.249.67.0/27"
  277. "66.249.68.0/27"
  278. "66.249.68.128/27"
  279. "66.249.68.160/27"
  280. "66.249.68.192/27"
  281. "66.249.68.32/27"
  282. "66.249.68.64/27"
  283. "66.249.68.96/27"
  284. "66.249.69.0/27"
  285. "66.249.69.128/27"
  286. "66.249.69.160/27"
  287. "66.249.69.192/27"
  288. "66.249.69.224/27"
  289. "66.249.69.32/27"
  290. "66.249.69.64/27"
  291. "66.249.69.96/27"
  292. "66.249.70.0/27"
  293. "66.249.70.128/27"
  294. "66.249.70.160/27"
  295. "66.249.70.192/27"
  296. "66.249.70.224/27"
  297. "66.249.70.32/27"
  298. "66.249.70.64/27"
  299. "66.249.70.96/27"
  300. "66.249.71.0/27"
  301. "66.249.71.128/27"
  302. "66.249.71.160/27"
  303. "66.249.71.192/27"
  304. "66.249.71.224/27"
  305. "66.249.71.32/27"
  306. "66.249.71.64/27"
  307. "66.249.71.96/27"
  308. "66.249.72.0/27"
  309. "66.249.72.128/27"
  310. "66.249.72.160/27"
  311. "66.249.72.192/27"
  312. "66.249.72.224/27"
  313. "66.249.72.32/27"
  314. "66.249.72.64/27"
  315. "66.249.72.96/27"
  316. "66.249.73.0/27"
  317. "66.249.73.128/27"
  318. "66.249.73.160/27"
  319. "66.249.73.192/27"
  320. "66.249.73.224/27"
  321. "66.249.73.32/27"
  322. "66.249.73.64/27"
  323. "66.249.73.96/27"
  324. "66.249.74.0/27"
  325. "66.249.74.128/27"
  326. "66.249.74.160/27"
  327. "66.249.74.192/27"
  328. "66.249.74.224/27"
  329. "66.249.74.32/27"
  330. "66.249.74.64/27"
  331. "66.249.74.96/27"
  332. "66.249.75.0/27"
  333. "66.249.75.128/27"
  334. "66.249.75.160/27"
  335. "66.249.75.192/27"
  336. "66.249.75.224/27"
  337. "66.249.75.32/27"
  338. "66.249.75.64/27"
  339. "66.249.75.96/27"
  340. "66.249.76.0/27"
  341. "66.249.76.128/27"
  342. "66.249.76.160/27"
  343. "66.249.76.192/27"
  344. "66.249.76.224/27"
  345. "66.249.76.32/27"
  346. "66.249.76.64/27"
  347. "66.249.76.96/27"
  348. "66.249.77.0/27"
  349. "66.249.77.128/27"
  350. "66.249.77.160/27"
  351. "66.249.77.192/27"
  352. "66.249.77.224/27"
  353. "66.249.77.32/27"
  354. "66.249.77.64/27"
  355. "66.249.77.96/27"
  356. "66.249.78.0/27"
  357. "66.249.78.32/27"
  358. "66.249.78.64/27"
  359. "66.249.78.96/27"
  360. "66.249.79.0/27"
  361. "66.249.79.128/27"
  362. "66.249.79.160/27"
  363. "66.249.79.192/27"
  364. "66.249.79.224/27"
  365. "66.249.79.32/27"
  366. "66.249.79.64/27"
  367. "66.249.79.96/27"
  368. "64.68.91.0/24"
  369. "192.178.5.0/24"
  370. "34.80.50.0/24"
  371. "66.249.68.0/24"
  372. "34.146.150.0/24"
  373. "34.152.50.0/24"
  374. "35.247.243.0/24"
  375. "64.68.88.0/24"
  376. "66.249.64.0/24"
  377. "34.118.66.0/24"
  378. "34.165.18.0/24"
  379. "192.178.6.0/24"
  380. "34.176.130.0/24"
  381. "34.64.82.0/24"
  382. "34.96.162.0/24"
  383. "66.249.66.0/24"
  384. "66.249.71.0/24"
  385. "34.88.194.0/24"
  386. "34.147.110.0/24"
  387. "34.101.50.0/24"
  388. "66.249.79.0/24"
  389. "34.155.98.0/24"
  390. "66.249.72.0/24"
  391. "66.249.69.0/24"
  392. "66.249.77.0/24"
  393. "34.118.254.0/24"
  394. "66.249.74.0/24"
  395. "95.216.227.0/24"
  396. "66.249.75.0/24"
  397. "34.175.160.0/24"
  398. "34.151.74.0/24"
  399. "66.249.76.0/24"
  400. "203.208.60.0/24"
  401. "34.100.182.0/24"
  402. "66.249.73.0/24"
  403. "66.249.70.0/24"
  404. "66.249.65.0/24"
  405. "34.89.10.0/24"
  406. "34.126.178.0/24"
  407. "34.89.198.0/24"
  408. "34.65.242.0/24"
  409. "66.249.78.0/24"
  410. "34.154.114.0/24"
  411. #360
  412. "123.6.49.0/24"
  413. "1.192.192.0/24"
  414. "1.192.195.0/24"
  415. "42.236.10.0/24"
  416. "42.236.12.0/24"
  417. "42.236.17.0/24"
  418. "42.236.101.0/24"
  419. "27.115.124.0/24"
  420. "180.163.220.0/24"
  421. #搜狗
  422. "121.229.156.0/24"
  423. "111.202.101.0/24"
  424. "106.120.173.0/24"
  425. "123.126.50.0/24"
  426. "223.109.255.0/24"
  427. "106.38.241.0/24"
  428. "112.86.225.0/24"
  429. "118.184.177.0/24"
  430. "123.125.109.0/24"
  431. "49.7.20.0/24"
  432. "61.135.159.0/24"
  433. "49.7.117.0/24"
  434. "223.109.252.0/24"
  435. "123.126.68.0/24"
  436. "58.250.125.0/24"
  437. "61.135.189.0/24"
  438. "220.181.125.0/24"
  439. "111.202.100.0/24"
  440. "111.202.103.0/24"
  441. "123.126.113.0/24"
  442. "49.7.21.0/24"
  443. "123.183.224.0/24"
  444. "106.120.188.0/24"
  445. "218.30.103.0/24"
  446. "220.181.124.0/24"
  447. "36.110.147.0/24"
  448. "123.125.125.0/24"
  449. "123.125.186.0/24"
  450. "61.135.158.0/24"
  451. "180.102.110.0/24"
  452. #雅虎
  453. "217.146.176.0/24"
  454. "74.6.168.0/24"
  455. "72.30.14.0/24"
  456. "67.195.49.0/24"
  457. "67.195.52.0/24"
  458. "106.10.186.0/24"
  459. "116.214.12.0/24"
  460. "124.108.101.0/24"
  461. "124.108.92.0/24"
  462. "209.131.41.0/24"
  463. "124.108.100.0/24"
  464. "216.252.126.0/24"
  465. "67.195.55.0/24"
  466. "67.195.83.0/24"
  467. "27.123.51.0/24"
  468. "203.84.194.0/24"
  469. "67.195.98.0/24"
  470. "183.177.73.0/24"
  471. "209.73.183.0/24"
  472. "202.165.111.0/24"
  473. "8.12.149.0/24"
  474. "119.160.246.0/24"
  475. "98.139.1.0/24"
  476. "66.196.90.0/24"
  477. "66.94.233.0/24"
  478. #必应
  479. "157.55.39.0/24"
  480. "207.46.13.0/24"
  481. "40.77.167.0/24"
  482. "13.66.139.0/24"
  483. "13.66.144.0/24"
  484. "52.167.144.0/24"
  485. "13.67.10.0/24"
  486. "13.69.66.0/24"
  487. "13.71.172.0/24"
  488. "139.217.52.0/24"
  489. "191.233.204.0/24"
  490. "20.36.108.0/24"
  491. "20.43.120.0/24"
  492. "40.79.131.0/24"
  493. "40.79.186.0/24"
  494. "52.231.148.0/24"
  495. "20.79.107.0/24"
  496. "51.105.67.0/24"
  497. "20.125.163.0/24"
  498. "40.77.188.0/24"
  499. "40.77.189.0/24"
  500. "40.77.190.0/24"
  501. "40.77.191.0/24"
  502. "65.55.210.0/24"
  503. "199.30.24.0/24"
  504. "199.30.25.0/24"
  505. "40.77.202.0/24"
  506. "40.77.139.0/24"
  507. "20.74.197.0/24"
  508. "20.15.133.0/24"
  509. "40.77.177.0/24"
  510. "40.77.178.0/24"
  511. "40.77.179.0/24"
  512. "65.55.212.0/24"
  513. "131.253.26.0/24"
  514. "65.55.219.0/24"
  515. "65.55.211.0/24"
  516. "40.77.162.0/24"
  517. "40.77.194.0/24"
  518. "157.56.0.0/24"
  519. "199.30.26.0/24"
  520. "65.55.213.0/24"
  521. "199.30.20.0/24"
  522. "65.55.208.0/24"
  523. "157.56.1.0/24"
  524. "65.52.110.0/24"
  525. "65.55.209.0/24"
  526. "131.253.38.0/24"
  527. "131.253.24.0/24"
  528. "131.253.27.0/24"
  529. "157.56.2.0/24"
  530. "65.55.215.0/24"
  531. "23.103.64.0/24"
  532. "65.55.25.0/24"
  533. "40.77.215.0/24"
  534. "61.131.4.0/24"
  535. "40.77.173.0/24"
  536. "202.89.235.0/24"
  537. "65.55.214.0/24"
  538. "202.101.96.0/24"
  539. "40.77.161.0/24"
  540. "40.77.221.0/24"
  541. "65.52.109.0/24"
  542. "40.77.220.0/24"
  543. "65.55.218.0/24"
  544. #头条
  545. "110.249.201.0/24"
  546. "110.249.202.0/24"
  547. "111.225.148.0/24"
  548. "111.225.149.0/24"
  549. "220.243.135.0/24"
  550. "220.243.136.0/24"
  551. "220.243.188.0/24"
  552. "220.243.189.0/24"
  553. "60.8.123.0/24"
  554. "60.8.151.0/24"
  555. "122.14.224.0/24"
  556. "122.14.225.0/24"
  557. "122.14.226.0/24"
  558. "122.14.227.0/24"
  559. #神马
  560. "42.156.139.0/24"
  561. "106.11.154.0/24"
  562. "42.120.161.0/24"
  563. "106.11.152.0/24"
  564. "106.11.153.0/24"
  565. "106.11.155.0/24"
  566. "106.11.158.0/24"
  567. "42.156.254.0/24"
  568. "106.11.159.0/24"
  569. "42.120.160.0/24"
  570. "42.156.136.0/24"
  571. "42.156.138.0/24"
  572. "106.11.156.0/24"
  573. "106.11.157.0/24"
  574. "42.156.137.0/24"
  575. "42.120.234.0/24"
  576. "42.120.235.0/24"
  577. "42.120.236.0/24"
  578. )

  580. # ===== 函数:记录日志 =====
  581. log_message() {
  582.     echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" | tee -a "$LOG_FILE"
  583. }

  585. # ===== 函数:检查IP是否在白名单或蜘蛛网段 =====
  586. is_whitelisted() {
  587.     local ip_to_check="$1"

  589.     # 检查用户自定义白名单文件
  590.     if [[ -f "$WHITELIST_FILE" ]]; then
  591.         if grep -qE "^($ip_to_check|.*/[0-9]+)$" "$WHITELIST_FILE"; then
  592.             return 0 # IP在白名单中
  593.         fi
  594.     fi

  596.     # 检查预定义的蜘蛛IP段
  597.     for net in "${SPIDER_NETS[@]}"; do
  598.         # 简单的CIDR匹配检查(对于精确生产环境,建议使用ipcalc等工具)
  599.         if [[ "$ip_to_check" == ${net%/*}.* ]] || ipcalc -n "$ip_to_check" | grep -q "Network:.*$net"; then
  600.             return 0 # IP在蜘蛛网段中
  601.         fi
  602.     done

  604.     return 1 # IP不在任何白名单中
  605. }

  607. # ===== 函数:滚动日志 =====
  608. rotate_log_if_needed() {
  609.     if [[ -f "$LOG_FILE" ]] && [[ $(du -k "$LOG_FILE" | cut -f1) -ge $MAX_LOG_SIZE ]]; then
  610.         mv -f "$LOG_FILE" "${LOG_FILE}.old"
  611.         touch "$LOG_FILE"
  612.         log_message "日志文件已滚动"
  613.     fi
  614. }

  616. # ===== 函数:封锁IP =====
  617. block_ip() {
  618.     local ip="$1"
  619.     local conn_count="$2"

  621.     # 检查是否已在白名单
  622.     if is_whitelisted "$ip"; then
  623.         log_message "忽略白名单/蜘蛛IP: $ip (连接数: $conn_count)"
  624.         return 1
  625.     fi

  627.     # 检查是否已被封锁(避免重复操作)
  628.     if iptables -nL | grep -q "$ip"; then
  629.         log_message "IP已被封锁,跳过: $ip"
  630.         return 1
  631.     fi

  633.     # 执行封锁
  634.     if [[ "$BLOCK_TYPE" == "TEMP" ]]; then
  635.         # 使用Recent模块进行临时封锁
  636.         iptables -I INPUT -s "$ip" -m recent --set --name BLOCKED_TEMP -j DROP
  637.         log_message "已临时封锁IP: $ip (连接数: $conn_count, 过期时间: ${TEMP_BLOCK_EXPIRE}秒)"
  638.     elif [[ "$BLOCK_TYPE" == "PERM" ]]; then
  639.         # 添加永久DROP规则
  640.         iptables -I INPUT -s "$ip" -j DROP
  641.         log_message "已永久封锁IP: $ip (连接数: $conn_count)"
  642.     else
  643.         log_message "错误: 未知的封锁类型: $BLOCK_TYPE"
  644.         return 1
  645.     fi
  646. }

  648. # ===== 主程序 =====

  650. # 检查root权限
  651. if [[ $EUID -ne 0 ]]; then
  652.     echo "错误: 此脚本必须以root权限运行!" >&2
  653.     exit 1
  654. fi

  656. # 确保日志文件存在
  657. touch "$LOG_FILE"
  658. rotate_log_if_needed

  660. log_message "开始执行高连接数IP检测..."

  662. # 获取所有ESTABLISHED状态的TCP连接,提取IP,统计连接数
  663. # 使用 'ss' 命令,它是 netstat 的现代替代品,更高效准确
  664. declare -A ip_connections # 使用关联数组来计数

  666. # 解析 ss 命令的输出
  667. while read -r line; do
  668.     if [[ -n "$line" ]]; then
  669.         ((ip_connections["$line"]++))
  670.     fi
  671. done < <(ss -ntu state established | awk '{split($5, a, ":"); print a[1]}' | sort | uniq -c | awk '{if($1>0) print $2}')

  673. # 处理每个IP
  674. for ip in "${!ip_connections[@]}"; do
  675.     count=${ip_connections["$ip"]}

  677.     # 跳过本地环回和空地址
  678.     [[ "$ip" == "127.0.0.1" || "$ip" == "0.0.0.0" || "$ip" == "::1" ]] && continue

  680.     # 判断连接数级别并采取相应措施
  681.     if [[ $count -ge $CONNECTION_THRESHOLD ]]; then
  682.         log_message "警报!IP连接数超高: $ip (连接数: $count),执行封锁..."
  683.         block_ip "$ip" "$count"
  684.     elif [[ $count -ge $LOG_ONLY_THRESHOLD ]]; then
  685.         log_message "警告!IP连接数偏高: $ip (连接数: $count),已记录。"
  686.     fi
  687. done

  689. log_message "高连接数IP检测完成。"

  691. exit 0
复制代码
创建日志空文件:
  1. touch /var/log/auto_block_ip.log
复制代码
其中白名单文件 /etc/ddos/ignore.ip.list 参考和共用:
https://www.dz-x.net/t/149134/1/1.html

赋予执行权限:
  1. chmod +x /usr/local/sbin/auto_block_ip.sh
复制代码
配置Logrotate进行日志滚动
  1. sudo vi /etc/logrotate.d/auto_block_ip
复制代码
添加以下内容:
  1. /var/log/auto_block_ip.log {
  2.     daily
  3.     missingok
  4.     rotate 7
  5.     compress
  6.     delaycompress
  7.     notifempty
  8.     create 644 root root
  9. }
复制代码
部署为系统服务:

创建Systemd服务文件/etc/systemd/system/auto-block-ip.service:
  1. [Unit]
  2. Description=Auto Block IP Service
  3. After=network.target
  4. Wants=auto-block-ip.timer

  6. [Service]
  7. Type=oneshot
  8. User=root
  9. ExecStart=/usr/local/sbin/auto_block_ip.sh

  11. # 日志配置
  12. StandardOutput=syslog
  13. StandardError=syslog
  14. SyslogIdentifier=auto-block-ip

  16. # 安全限制
  17. NoNewPrivileges=yes
  18. ProtectSystem=strict
  19. ProtectHome=read-only
  20. PrivateTmp=yes

  22. [Install]
  23. WantedBy=multi-user.target
复制代码
创建定时器文件/etc/systemd/system/auto-block-ip.timer,实现每15秒执行一次(如果效果不满意可以设置10秒或5秒自动执行一次):
  1. [Unit]
  2. Description=Run Auto Block IP every 20 seconds
  3. Requires=auto-block-ip.service

  5. [Timer]
  6. # 启动后30秒开始第一次执行
  7. OnBootSec=30s
  8. # 之后每20秒执行一次
  9. OnUnitActiveSec=20s
  10. # 确保准确性
  11. AccuracySec=1s
  12. # 如果上次执行未完成,是否并行执行(no表示等待)
  13. Unit=auto-block-ip.service

  15. [Install]
  16. WantedBy=timers.target
复制代码
创建RSyslog配置/etc/rsyslog.d/auto-block-ip.conf
  1. # 为自动屏蔽IP服务创建专用日志
  2. if $programname == 'auto-block-ip' then /var/log/auto-block-ip.log
  3. & stop
复制代码
启用并启动服务:
  1. # 重新加载Systemd配置
  2. sudo systemctl daemon-reload

  4. # 启用并启动定时器
  5. sudo systemctl enable auto-block-ip.timer
  6. sudo systemctl start auto-block-ip.timer

  8. # 启用日志配置
  9. sudo systemctl restart rsyslog

  11. # 检查服务状态
  12. sudo systemctl status auto-block-ip.timer
  13. sudo systemctl status auto-block-ip.service

  15. # 查看定时器列表
  16. systemctl list-timers --all
复制代码
创建监控脚本/usr/local/sbin/monitor_auto_block.sh(每20秒检查服务状态)
  1. #!/bin/bash

  3. # 监控自动屏蔽IP服务的脚本
  4. SERVICE="auto-block-ip.timer"
  5. LOG_FILE="/var/log/service_monitor.log"
  6. MAX_LOG_SIZE=10240

  8. # 函数:记录日志
  9. log_message() {
  10.     echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" | tee -a "$LOG_FILE"
  11. }

  13. # 函数:滚动日志
  14. rotate_log() {
  15.     if [ -f "$LOG_FILE" ] && [ $(du -k "$LOG_FILE" | cut -f1) -ge $MAX_LOG_SIZE ]; then
  16.         mv -f "$LOG_FILE" "${LOG_FILE}.old"
  17.         touch "$LOG_FILE"
  18.     fi
  19. }

  21. # 主循环
  22. while true; do
  23.     rotate_log
  24.    
  25.     # 检查服务状态
  26.     if ! systemctl is-active --quiet "$SERVICE"; then
  27.         log_message "警告: $SERVICE 未运行,尝试重启..."
  28.         systemctl restart "$SERVICE"
  29.         
  30.         # 再次检查是否启动成功
  31.         sleep 5
  32.         if systemctl is-active --quiet "$SERVICE"; then
  33.             log_message "成功: $SERVICE 已重启"
  34.         else
  35.             log_message "错误: $SERVICE 重启失败"
  36.         fi
  37.     fi
  38.    
  39.     # 等待20秒后再次检查
  40.     sleep 20
  41. done
复制代码
设置监控脚本权限并创建服务:
  1. sudo chmod +x /usr/local/sbin/monitor_auto_block.sh
复制代码
创建监控服务文件/etc/systemd/system/monitor-auto-block.service
  1. [Unit]
  2. Description=Monitor for Auto Block IP Service
  3. After=network.target

  5. [Service]
  6. Type=simple
  7. ExecStart=/usr/local/sbin/monitor_auto_block.sh
  8. Restart=always
  9. RestartSec=10

  11. [Install]
  12. WantedBy=multi-user.target
复制代码
启用并启动监控服务:
  1. sudo systemctl daemon-reload
  2. sudo systemctl enable monitor-auto-block.service
  3. sudo systemctl start monitor-auto-block.service
复制代码


如果不想用了完整卸载:
停止并禁用定时器和服务
首先停止并禁用所有相关的定时器和服务,防止它们再次启动。
  1. # 停止并禁用 auto-block-ip 的定时器和服务
  2. sudo systemctl stop auto-block-ip.timer
  3. sudo systemctl disable auto-block-ip.timer
  4. sudo systemctl stop auto-block-ip.service
  5. sudo systemctl disable auto-block-ip.service

  7. # 停止并禁用监控脚本的服务
  8. sudo systemctl stop monitor-auto-block.service
  9. sudo systemctl disable monitor-auto-block.service
复制代码

删除Systemd单元文件
这些文件是服务和定时器的定义所在,必须删除才能算彻底卸载
  1. # 删除 auto-block-ip 的.service和.timer文件
  2. sudo rm /etc/systemd/system/auto-block-ip.service
  3. sudo rm /etc/systemd/system/auto-block-ip.timer

  5. # 删除监控脚本的.service文件
  6. sudo rm /etc/systemd/system/monitor-auto-block.service
复制代码
重新加载Systemd配置
删除单元文件后,需要让Systemd管理器知道配置发生了变化
  1. sudo systemctl daemon-reload
复制代码

删除脚本文件和日志配置
接下来删除你之前创建的脚本和日志配置文件。
  1. # 删除主脚本和监控脚本
  2. sudo rm /usr/local/sbin/auto_block_ip.sh
  3. sudo rm /usr/local/sbin/monitor_auto_block.sh

  5. # 删除RSyslog的专用配置文件
  6. sudo rm /etc/rsyslog.d/auto-block-ip.conf
复制代码
重启Rsyslog服务
让RSyslog重新加载配置,确保之前的专用日志配置已失效。
  1. sudo systemctl restart rsyslog
复制代码
(可选) 清理日志文件
如果你希望彻底清理,可以删除脚本运行期间生成的所有日志文件。
  1. sudo rm -f /var/log/auto-block-ip.log /var/log/auto_block_ip.log /var/log/service_monitor.log
复制代码
游客,如果您要查看本帖隐藏内容请回复



如果你服务器CPU和内核不高于2H 2G,那么在每15~20秒扫描执行封堵的时候可能引起瞬时 CPU 占用过高,下面给出更加优化的解决方案,二选一即可:
基于ddos-deflate增强实时扫描高连接数 IP自动封禁超过阈值的 IP整合 Fail2ban、宝塔nginx防火墙、用户自定义白名单的防御攻击
https://www.dz-x.net/t/151053/1/1.html
来自: DZ插件网
4860, 2001, 4801, IP, 封锁, IP, IP, IP
我要说一句 收起回复
赞赏
一花一世界,一叶一追寻。一曲一场叹,一生为一人。
回复

使用道具 举报

相关帖子

评论2

Discuz智能体Lv.8 发表于 2025-9-1 21:25:05 | 查看全部
{
    "title": "DZ插件网高连接数自动封锁脚本配置指南",
    "description": "本脚本用于自动监测服务器上的高连接数IP,并在超过设定阈值时自动封锁,同时排除搜索引擎蜘蛛和白名单IP,有效防御SYN/DDOS攻击。",
    "content": "以下是为您提供的DZ插件网高连接数自动封锁脚本的详细配置说明及优化建议:\n\n### 脚本概述\n该脚本通过实时监测服务器的ESTABLISHED连接数,自动识别并封锁异常高连接数的IP地址,特别针对SYN Flood等DDOS攻击进行防护。脚本支持临时封锁和永久封锁两种模式,并内置了常见搜索引擎蜘蛛IP段及自定义白名单功能,确保正常流量不受影响。\n\n### 配置说明\n1. **连接数阈值设置**:\n   - `CONNECTION_THRESHOLD=68`:超过此连接数的IP将被自动封锁。\n   - `LOG_ONLY_THRESHOLD=60`:超过此值但未达封锁阈值的IP仅记录日志,便于监控。\n\n2. **封锁类型选择**:\n   - `BLOCK_TYPE=\"TEMP\"`:临时封锁模式,使用iptables的Recent模块,一段时间后自动解封。\n   - `BLOCK_TYPE=\"PERM\"`:永久封锁模式,使用iptables的DROP规则。\n   - 临时封锁的过期时间可通过`TEMP_BLOCK_EXPIRE=3600`(单位:秒)调整。\n\n3. **白名单配置**:\n   - 自定义白名单文件路径:`WHITELIST_FILE=\"/etc/ddos/ignore.ip.list\"`,每行一个IP或CIDR网段。\n   - 脚本已内置常见搜索引擎(百度、谷歌、360、搜狗等)的蜘蛛IP段,无需手动添加。\n\n4. **日志管理**:\n   - 日志文件路径:`LOG_FILE=\"/var/log/auto_block_ip.log\"`。\n   - 支持日志滚动,最大日志文件大小可通过`MAX_LOG_SIZE=10240`(单位:KB)调整。\n\n### 使用步骤\n1. **创建脚本文件**:\n  
  1. \n   vi /usr/local/sbin/auto_block_ip.sh\n
复制代码
\n   将提供的脚本内容复制到文件中并保存。\n\n2. **修改配置参数**:\n   根据实际服务器环境调整脚本中的配置区域参数,特别是连接数阈值和白名单路径。\n\n3. **设置执行权限**:\n  
  1. \n   chmod +x /usr/local/sbin/auto_block_ip.sh\n
复制代码
\n\n4. **创建白名单文件(可选)**:\n  
  1. \n   mkdir -p /etc/ddos\n   vi /etc/ddos/ignore.ip.list\n
复制代码
\n   每行添加一个需要排除的IP或网段(例如:192.168.1.0/24)。\n\n5. **手动测试脚本**:\n  
  1. \n   /usr/local/sbin/auto_block_ip.sh\n
复制代码
\n   检查日志文件(/var/log/auto_block_ip.log)确认无报错且功能正常。\n\n6. **添加定时任务**:\n   建议通过crontab设置每分钟执行一次,以实现实时监控:\n  
  1. \n   crontab -e\n
复制代码
\n   添加以下行:\n  
  1. \n   * * * * * /usr/local/sbin/auto_block_ip.sh >/dev/null 2>&1\n
复制代码
\n\n### 注意事项\n- 该脚本需以root权限运行,否则无法操作iptables。\n- 临时封锁模式依赖iptables的recent模块,确保系统已加载该模块(可通过`lsmod | grep recent`检查)。\n- 永久封锁模式会持续累积iptables规则,长期运行可能导致规则数量过多,建议定期清理过期规则或使用临时封锁模式。\n- 内置蜘蛛IP段可能随时间变化,建议定期更新脚本或通过白名单文件补充新增IP段。\n- 若服务器流量较大,可适当调高连接数阈值,避免误封正常用户。\n\n### 故障排除\n- 若脚本无法正常执行,请检查:\n  1. root权限是否充足。\n  2. iptables是否安装且可用。\n  3. 白名单文件路径是否正确。\n  4. 日志文件是否可写入。\n- 详细错误信息可查看日志文件(/var/log/auto_block_ip.log)。\n\n通过以上配置,您的服务器将具备自动识别和防御高连接数攻击的能力,同时保障搜索引擎蜘蛛和白名单IP的正常访问。如需进一步优化或定制功能,可参考DZ插件网的相关文档或联系我们获取技术支持。"
}
-- 本回答由 人工智能 AI智能体 生成,内容仅供参考,请仔细甄别。
我要说一句 收起回复
回复 支持 反对

使用道具 举报

神风Lv.2 发表于 2025-9-1 23:03:06 | 查看全部 | Edg | Windows 10
看看咋弄的
我要说一句 收起回复
回复 支持 反对

使用道具 举报

返回列表 发布新帖

回复
 懒得打字嘛,点击右侧快捷回复【查看最新发布】   【应用商城享更多资源】
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

图文热点
关闭

站长推荐上一条 /1 下一条

最新热评 加载中...
AI智能体

关于我们

关于我们 免责声明 应用市场 下载中心

服务支持

有问必答 优秀站点 常见问题 建站必看
投诉/建议联系

discuzaddons@vip.qq.com

未经授权禁止转载,复制和建立镜像,
如有违反,按照公告处理!!!
  • 联系QQ客服
  • 添加微信客服

联系DZ插件网微信客服|最近更新|Archiver|手机版|小黑屋|DZ插件网! ( 鄂ICP备20010621号-1 )|网站地图 知道创宇云防御

您的IP:216.73.216.121,GMT+8, 2025-11-3 14:11 , Processed in 0.603431 second(s), 99 queries , Gzip On, Redis On.

Powered by Discuz! X5.0 Licensed

© 2001-2025 Discuz! Team.

关灯 在本版发帖
扫一扫添加微信客服
 QQ客服返回顶部
快速回复 返回顶部 返回列表