Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!
Guest

Untitled

By: a guest on Oct 1st, 2012  |  syntax: None  |  size: 0.49 KB  |  views: 39  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. #!/bin/bash
  2. iptables -n -L |grep DROP | awk '{ print $4 }'|sort|uniq| grep -v \/>bips
  3. netstat -apn | grep :80| grep SYN_RECV | awk '{ print $5 }'| cut -d : -f1| sort| uniq>dosips
  4. tail -3000 /usr/local/apache/logs/access_log| grep -w  408 | awk '{ print $1 }'>>dosips
  5. cat dosips|sort|uniq>dosip
  6. for i in `cat dosip`
  7. do
  8.  if ( ! grep -q  $i bips )
  9. then
  10. echo " The new SYN attack ip that is being blocked is $i"
  11. iptables -A INPUT -s $i  -p tcp --dport 80 -j DROP
  12. fi
  13. done
  14. service iptables save