Ban IPs which use Brute force attack to shadowsocks-libev server
說明
badip.sh是bash腳本,以shadowsocks-libev產生的log文件量度IP連接錯誤數目封鎖
counter.awk是awk腳本,以shadowsocks-libev產生的log文件計算每個IP錯誤連接數目
ip_free.sh是bash腳本,清空iptables的封鎖列表
使用方法
以root登錄VPS,下載腳本,執行 chmod +x badip.sh ip_free.sh
編輯badip.sh,找到
logfile="$HOME/ss.log" #change if it is not your ss.log directory
如果不是/root/ss.log,改為正確的目錄和文件名
找到
if (ip[x] > 50)
預定該IP連接錯誤大於50次,可以改為適合的數字,儲存文件並離開文字編輯器
執行crontab -e , 加入
*/15 * * * * /path/to/badip.sh
0 3 * * * /path/to/ip_free.sh
59 2 * * * cat /dev/null > /path/to/whatever_of_shadowsocks-libev_log
儲存並離開crontab
計算每個IP錯誤連接數目,執行 awk -f counter.awk /path/to/whatever_of_shadowsocks-libev_log
主意:執行ss-server必須有'-v'參數並導入一個文件內,例如
nohup ss-server -v -u -c /path/to/whatever.json &>> /path/to/whatever_of_shadowsocks-libev_log &
Explanation
badip.sh is a bash shell script reading information from shadowsocks-libev server's log to ban IP
counter.awk is a awk script to mesure every IPs' ERROR connection to shadowsocks-libev server
ip_free.sh is a bash shell script to clear iptables' INPUT chain Block list.
Usage
Login your VPS with user 'root' via ssh client and downloading these scripts.
Input: chmod +x badip.sh ip_free.sh
edit badip.sh , find the line as below
logfile="$HOME/ss.log" #change if it is not your ss.log directory
change to correct directory and log file name if not suit for you , then find the line
if (ip[x] > 50)
change to any number if you like to count more or less error connection to ban the IP
save and exit text editor.
Input: crontab -e add new cronjob , add some lines one by one as below
*/15 * * * * /path/to/badip.sh
0 3 * * * /path/to/ip_free.sh
59 2 * * * cat /dev/null > /path/to/whatever_of_shadowsocks-libev_log
save and exit crontab program.
Mesure every IPs error connection by input: awk -f counter.awk /path/to/whatever_of_shadowsocks-libev_log
Note: 'ss-server' command must be had '-v' argument when you execute it. For example:
nohup ss-server -v -u -c /path/to/whatever.json &>> /path/to/whatever_of_shadowsocks-libev_log &