Data hosted with ♥ by Pastebin.com - Download Raw - See Original
  1. <?php
  2.  
  3. $threshold = 30;
  4.  
  5. $connections = ` netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort `;
  6.  
  7. $lines = explode("\n", $connections);
  8.  
  9. $counts = array();
  10.  
  11. foreach($lines as $line){
  12.     $line = trim($line);
  13.    
  14.     if(strlen($line)<= 0 )
  15.         continue;
  16.    
  17.     if($line == "0.0.0.0")
  18.         continue;
  19.    
  20.     if($line == "replace with ip of other servers that connect to your server i.e. mysql replication")
  21.         continue;
  22.  
  23.     if($line == "127.0.0.1")
  24.         continue;
  25.    
  26.     //echo "$line\n";
  27.    
  28.     if(isset($counts[$line]))
  29.         $count = $counts[$line];
  30.     else
  31.         $count = 0;
  32.    
  33.     $counts[$line] = ++$count;
  34. }
  35.  
  36.  
  37. foreach($counts as $ip=>$ipCount){
  38.     if($ipCount>$threshold){
  39.         `logger "[blocker.php] blocking ip $ip for exceeding $threshold simultanious connections. current count = $ipCount"`;
  40.     $output = `/sbin/iptables -A INPUT -s $ip -j DROP `;
  41.     }
  42. }