将频繁攻击的ip加入黑名单

举例：

tail -200 selectstock_web.log |grep 'code 400, message Bad request version'|more

文件中很多异常的请求，而确认这些请求非业务中的

[取数：] 2024-04-24 14:09:13,106 - ERROR - 198.199.104.19 - - [24/Apr/2024 14:09:13] code 400, message Bad request version
[取数：] 2024-04-24 14:36:56,568 - ERROR - 45.79.128.205 - - [24/Apr/2024 14:36:56] code 400, message Bad request version
[取数：] 2024-04-24 15:17:43,932 - ERROR - 123.249.90.84 - - [24/Apr/2024 15:17:43] code 400, message Bad request version
[取数：] 2024-05-07 19:21:54,691 - ERROR - 114.92.163.12 - - [07/May/2024 19:21:54] code 400, message Bad request version
[取数：] 2024-05-07 19:21:54,753 - ERROR - 114.92.163.12 - - [07/May/2024 19:21:54] code 400, message Bad request version
[取数：] 2024-05-07 19:21:55,576 - ERROR - 114.92.163.12 - - [07/May/2024 19:21:55] code 400, message Bad request version
[取数：] 2024-05-08 01:03:28,628 - ERROR - 111.7.96.148 - - [08/May/2024 01:03:28] code 400, message Bad request version (
[取数：] 2024-05-08 11:28:46,685 - ERROR - 64.62.197.206 - - [08/May/2024 11:28:46] code 400, message Bad request version
[取数：] 2024-05-08 17:18:15,530 - ERROR - 159.203.208.34 - - [08/May/2024 17:18:15] code 400, message Bad request version
[取数：] 2024-05-09 01:18:33,181 - ERROR - 123.56.163.240 - - [09/May/2024 01:18:33] code 400, message Bad request version
[取数：] 2024-05-09 20:26:14,262 - ERROR - 64.62.156.78 - - [09/May/2024 20:26:14] code 400, message Bad request version (

--大部都是攻击行为

现在我们提取其中的ip地址加入到deny.ip里

grep 'Bad request version' selectstock_web.log| grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}" >deny.ip

将文件中的ip 去重：

awk '!a[$0]++' deny.ip > deny.ip.tmp && mv -f deny.ip.tmp deny.ip

wc -l deny.ip #统计ip个数

在每个ip 的前面加上 ufw deny from

sed -i 's/^/ufw deny from /g' deny.ip

将deny.ip 加上执行权限

chmod +x deny.ip

执行 deny.ip

./deny.ip