几行bash分析日志并报警强力蜘蛛
被SB蜘蛛抓烦了,今天早上一看,有2个IP一小时就抓了我80G的页面,还都是动态页面。
首先让 Apache 记的日志最小化,好处不用说了。
SetEnvIfNoCase Request_URI \.gif$ dontlog
SetEnvIfNoCase Request_URI \.jpg$ dontlog
SetEnvIfNoCase Request_URI \.png$ dontlog
SetEnvIfNoCase Request_URI \.swf$ dontlog
SetEnvIfNoCase Request_URI \.css$ dontlog
SetEnvIfNoCase Request_URI \.js$ dontlog
SetEnvIfNoCase Request_URI \.ico$ dontlog
CustomLog "|/usr/local/sbin/cronolog /var/log/httpd/%Y-%m/%d-%H.ip" "%{X-Forwarded-For}i" env=!dontlog
因为我的 Apache 是躲在 n 层代理的后面,所以只能记录 %{X-Forwarded-For},里面包含真实 IP,但是需要下一步分析去取出。
cd /var/log/httpd
f=`date -d '1 hours ago' +%Y-%m/%d-%H.ip`
ip=`cat $f | sed 's#^\([0-9\.]\{1,\}\)[0-9 \.,\s]\{1,\}#\1#' | awk '{a[$1]++ } END{for(i in a){print a[i] " " i}}' | sort -rn | head`
curl -u 机器人的饭否登录名:密码 -d status="$ip" http://api.fanfou.com/statuses/update.xml
rm $f
测试下来一小时 10M 的 log,分析一下也就 3 秒左右,还有1秒是发送给饭否的报警的。如果记录的直接就是真实 IP,那可以去掉 sed 那段,分析应该还会快很多(log文件就小很多了)。
看到有夸张的,不是常规搜索引擎蜘蛛的话,就咔嚓掉。
iptables -A INPUT -s xxx.xxx.xxx.xxx/29 -j DROP
1 202.106.186.* 163蜘蛛
2 202.108.36.* 163蜘蛛
3 202.108.44.* 163蜘蛛
4 202.108.45.* 163蜘蛛
5 202.108.5.* 163蜘蛛
6 202.108.9.* 163蜘蛛
7 220.181.12.* 163蜘蛛
8 220.181.13.* 163蜘蛛
9 220.181.14.* 163蜘蛛
10 220.181.15.* 163蜘蛛
11 220.181.28.* 163蜘蛛
12 220.181.31.* 163蜘蛛
13 222.185.245.* 163蜘蛛
14 202.165.100.* 3721蜘蛛
15 220.181.19.* 百度蜘蛛
16 159.226.50.* 百度蜘蛛
17 202.108.11.* 百度蜘蛛
18 202.108.22.* 百度蜘蛛
19 202.108.23.* 百度蜘蛛
20 202.108.249.* 百度蜘蛛
21 202.108.250.* 百度蜘蛛
22 61.135.145.* 百度蜘蛛
23 61.135.146.* 百度蜘蛛
24 64.124.85.* become.com
25 61.151.243.* china蜘蛛
26 202.165.96.* gais.cs.ccu.edu.tw
27 216.239.33.* google蜘蛛
28 216.239.35.* google蜘蛛
29 216.239.37.* google蜘蛛
30 216.239.39.* google蜘蛛
31 216.239.51.* google蜘蛛
32 216.239.53.* google蜘蛛
33 216.239.55.* google蜘蛛
34 216.239.57.* google蜘蛛
35 216.239.59.* google蜘蛛
36 64.233.161.* google蜘蛛
37 64.233.189.* google蜘蛛
38 66.102.11.* google蜘蛛
39 66.102.7.* google蜘蛛
40 66.102.9.* google蜘蛛
41 66.249.64.* google蜘蛛
42 66.249.65.* google蜘蛛
43 66.249.66.* google蜘蛛
44 66.249.71.* google蜘蛛
45 66.249.72.* google蜘蛛
46 72.14.207.* google蜘蛛
47 61.135.152.* iask蜘蛛
48 65.54.188.* msn蜘蛛
49 65.54.225.* msn蜘蛛
50 65.54.226.* msn蜘蛛
51 65.54.228.* msn蜘蛛
52 65.54.229.* msn蜘蛛
53 207.46.98.* msn蜘蛛
54 207.68.157.* msn蜘蛛
55 194.224.199.* noxtrumbot
56 220.181.8.* Outfox
57 221.239.209.* Outfox
58 217.212.224.* psbot
59 219.133.40.* QQ蜘蛛
60 202.96.170.* QQ蜘蛛
61 202.104.129.* QQ蜘蛛
62 61.135.157.* QQ蜘蛛
63 219.142.118.* sina蜘蛛
64 219.142.78.* sina蜘蛛
65 61.135.132.* sohu蜘蛛
66 220.181.26.* sohu蜘蛛
220.181.19.*
67 61.135.158.* tom蜘蛛
68 66.196.90.* yahoo蜘蛛
69 66.196.91.* yahoo蜘蛛
70 68.142.249.* yahoo蜘蛛
71 68.142.250.* yahoo蜘蛛
72 68.142.251.* yahoo蜘蛛
73 202.165.102.* yahoo中国蜘蛛
74 202.160.178.* yahoo中国蜘蛛
75 202.160.179.* yahoo中国蜘蛛
76 202.160.180.* yahoo中国蜘蛛
77 202.160.181.* yahoo中国蜘蛛
78 202.160.183.* yahoo中国蜘蛛
79 72.30.101.* yahoo蜘蛛
80 72.30.102.* yahoo蜘蛛
81 72.30.103.* yahoo蜘蛛
82 72.30.104.* yahoo蜘蛛
83 72.30.107.* yahoo蜘蛛
84 72.30.110.* yahoo蜘蛛
85 72.30.111.* yahoo蜘蛛
86 72.30.128.* yahoo蜘蛛
87 72.30.129.* yahoo蜘蛛
88 72.30.131.* yahoo蜘蛛
89 72.30.133.* yahoo蜘蛛
90 72.30.134.* yahoo蜘蛛
91 72.30.135.* yahoo蜘蛛
92 72.30.216.* yahoo蜘蛛
93 72.30.226.* yahoo蜘蛛
94 72.30.252.* yahoo蜘蛛
95 72.30.97.* yahoo蜘蛛
96 72.30.98.* yahoo蜘蛛
97 72.30.99.* yahoo蜘蛛
98 74.6.74.* yahoo蜘蛛
99 202.108.4.* 中搜蜘蛛
100 202.108.4.* 中搜蜘蛛
101 202.108.33.* 中搜蜘蛛
102 202.96.51.* 中搜蜘蛛
103 219.142.53.* 中搜蜘蛛
iPhone的通讯录以拼音排序
在iphone中安装php
将代码保存为py.php
ssh 登陆iphone或者在iphone安装Term-vt100
执行 php py.php 等待重启完成
结束
支持的中文貌似很有限,拼音表的处理看来要自己搞一个了,这个在网上找的。
py.php
/** * @desc 将iPhone的通讯录以拼音排序, 需要安装PHP * @author Kafeifei <http://www.nimab.org> * @version 0.2beta */ error_reporting(0); $sqlite_file = '/private/var/root/Library/AddressBook/AddressBook.sqlitedb'; // 1.1.3 以前的版本 $sqlite_file = '/private/var/mobile/Library/AddressBook/AddressBook.sqlitedb'; // 1.1.3 以后的版本 if (!file_exists($sqlite_file)) { println("SQLiteDB:File Notfound."); die; } $dsn = "sqlite:{$sqlite_file}"; try { $dbh = new PDO($dsn); println("Open {$dsn} OK."); } catch (Exception $e) { println("Open {$dsn} ERROR:".$e->getMessage()); die; } $stmt = $dbh->query("SELECT ROWID, First, Last FROM ABPerson"); while ($person = $stmt->fetch(PDO::FETCH_ASSOC)) { $first = ucfirst(Py::parse(u2g($person['First']))); $last = ucfirst(Py::parse(u2g($person['Last']))); $dbh->query("update ABPerson set FirstSort='{$first}', LastSort='{$last}' where ROWID = {$person['ROWID']} ;\n"); println("{$person['ROWID']}\tOK."); } println("done."); println("rebooting..."); system('launchctl stop com.apple.SpringBoard'); function u2g($str) { return iconv('utf-8', 'gbk', $str); } function println($str) { echo "$str\n"; flush(); } class Py { private static $table = array( array("a",-20319), array("ai",-20317), array("an",-20304), array("ang",-20295), array("ao",-20292), array("ba",-20283), array("bai",-20265), array("ban",-20257), array("bang",-20242), array("bao",-20230), array("bei",-20051), array("ben",-20036), array("beng",-20032), array("bi",-20026), array("bian",-20002), array("biao",-19990), array("bie",-19986), array("bin",-19982), array("bing",-19976), array("bo",-19805), array("bu",-19784), array("ca",-19775), array("cai",-19774), array("can",-19763), array("cang",-19756), array("cao",-19751), array("ce",-19746), array("ceng",-19741), array("cha",-19739), array("chai",-19728), array("chan",-19725), array("chang",-19715), array("chao",-19540), array("che",-19531), array("chen",-19525), array("cheng",-19515), array("chi",-19500), array("chong",-19484), array("chou",-19479), array("chu",-19467), array("chuai",-19289), array("chuan",-19288), array("chuang",-19281), array("chui",-19275), array("chun",-19270), array("chuo",-19263), array("ci",-19261), array("cong",-19249), array("cou",-19243), array("cu",-19242), array("cuan",-19238), array("cui",-19235), array("cun",-19227), array("cuo",-19224), array("da",-19218), array("dai",-19212), array("dan",-19038), array("dang",-19023), array("dao",-19018), array("de",-19006), array("deng",-19003), array("di",-18996), array("dian",-18977), array("diao",-18961), array("die",-18952), array("ding",-18783), array("diu",-18774), array("dong",-18773), array("dou",-18763), array("du",-18756), array("duan",-18741), array("dui",-18735), array("dun",-18731), array("duo",-18722), array("e",-18710), array("en",-18697), array("er",-18696), array("fa",-18526), array("fan",-18518), array("fang",-18501), array("fei",-18490), array("fen",-18478), array("feng",-18463), array("fo",-18448), array("fou",-18447), array("fu",-18446), array("ga",-18239), array("gai",-18237), array("gan",-18231), array("gang",-18220), array("gao",-18211), array("ge",-18201), array("gei",-18184), array("gen",-18183), array("geng",-18181), array("gong",-18012), array("gou",-17997), array("gu",-17988), array("gua",-17970), array("guai",-17964), array("guan",-17961), array("guang",-17950), array("gui",-17947), array("gun",-17931), array("guo",-17928), array("ha",-17922), array("hai",-17759), array("han",-17752), array("hang",-17733), array("hao",-17730), array("he",-17721), array("hei",-17703), array("hen",-17701), array("heng",-17697), array("hong",-17692), array("hou",-17683), array("hu",-17676), array("hua",-17496), array("huai",-17487), array("huan",-17482), array("huang",-17468), array("hui",-17454), array("hun",-17433), array("huo",-17427), array("ji",-17417), array("jia",-17202), array("jian",-17185), array("jiang",-16983), array("jiao",-16970), array("jie",-16942), array("jin",-16915), array("jing",-16733), array("jiong",-16708), array("jiu",-16706), array("ju",-16689), array("juan",-16664), array("jue",-16657), array("jun",-16647), array("ka",-16474), array("kai",-16470), array("kan",-16465), array("kang",-16459), array("kao",-16452), array("ke",-16448), array("ken",-16433), array("keng",-16429), array("kong",-16427), array("kou",-16423), array("ku",-16419), array("kua",-16412), array("kuai",-16407), array("kuan",-16403), array("kuang",-16401), array("kui",-16393), array("kun",-16220), array("kuo",-16216), array("la",-16212), array("lai",-16205), array("lan",-16202), array("lang",-16187), array("lao",-16180), array("le",-16171), array("lei",-16169), array("leng",-16158), array("li",-16155), array("lia",-15959), array("lian",-15958), array("liang",-15944), array("liao",-15933), array("lie",-15920), array("lin",-15915), array("ling",-15903), array("liu",-15889), array("long",-15878), array("lou",-15707), array("lu",-15701), array("lv",-15681), array("luan",-15667), array("lue",-15661), array("lun",-15659), array("luo",-15652), array("ma",-15640), array("mai",-15631), array("man",-15625), array("mang",-15454), array("mao",-15448), array("me",-15436), array("mei",-15435), array("men",-15419), array("meng",-15416), array("mi",-15408), array("mian",-15394), array("miao",-15385), array("mie",-15377), array("min",-15375), array("ming",-15369), array("miu",-15363), array("mo",-15362), array("mou",-15183), array("mu",-15180), array("na",-15165), array("nai",-15158), array("nan",-15153), array("nang",-15150), array("nao",-15149), array("ne",-15144), array("nei",-15143), array("nen",-15141), array("neng",-15140), array("ni",-15139), array("nian",-15128), array("niang",-15121), array("niao",-15119), array("nie",-15117), array("nin",-15110), array("ning",-15109), array("niu",-14941), array("nong",-14937), array("nu",-14933), array("nv",-14930), array("nuan",-14929), array("nue",-14928), array("nuo",-14926), array("o",-14922), array("ou",-14921), array("pa",-14914), array("pai",-14908), array("pan",-14902), array("pang",-14894), array("pao",-14889), array("pei",-14882), array("pen",-14873), array("peng",-14871), array("pi",-14857), array("pian",-14678), array("piao",-14674), array("pie",-14670), array("pin",-14668), array("ping",-14663), array("po",-14654), array("pu",-14645), array("qi",-14630), array("qia",-14594), array("qian",-14429), array("qiang",-14407), array("qiao",-14399), array("qie",-14384), array("qin",-14379), array("qing",-14368), array("qiong",-14355), array("qiu",-14353), array("qu",-14345), array("quan",-14170), array("que",-14159), array("qun",-14151), array("ran",-14149), array("rang",-14145), array("rao",-14140), array("re",-14137), array("ren",-14135), array("reng",-14125), array("ri",-14123), array("rong",-14122), array("rou",-14112), array("ru",-14109), array("ruan",-14099), array("rui",-14097), array("run",-14094), array("ruo",-14092), array("sa",-14090), array("sai",-14087), array("san",-14083), array("sang",-13917), array("sao",-13914), array("se",-13910), array("sen",-13907), array("seng",-13906), array("sha",-13905), array("shai",-13896), array("shan",-13894), array("shang",-13878), array("shao",-13870), array("she",-13859), array("shen",-13847), array("sheng",-13831), array("shi",-13658), array("shou",-13611), array("shu",-13601), array("shua",-13406), array("shuai",-13404), array("shuan",-13400), array("shuang",-13398), array("shui",-13395), array("shun",-13391), array("shuo",-13387), array("si",-13383), array("song",-13367), array("sou",-13359), array("su",-13356), array("suan",-13343), array("sui",-13340), array("sun",-13329), array("suo",-13326), array("ta",-13318), array("tai",-13147), array("tan",-13138), array("tang",-13120), array("tao",-13107), array("te",-13096), array("teng",-13095), array("ti",-13091), array("tian",-13076), array("tiao",-13068), array("tie",-13063), array("ting",-13060), array("tong",-12888), array("tou",-12875), array