首先要安装jq:安装jq非常简单,cenos只需运行以下命令
该命令将自动下载并安装jq工具及其依赖项。
- sudo yum install jq -y
那接下来就进入宝塔的计划任务,任务类型选择shell脚本,任务名称“定位恶意IP”执行周期每15分钟。脚本内容如下
记得要在/www/server/nginx/conf/目录下面新建一个baidu_spider_ips.txt,这文件存放蜘蛛的IP,每行一个。比如:
- #!/bin/bash
- logfiles=(
- "/www/wwwlogs/www.*****.com.log"
- "/www/wwwlogs/www.*****.cn.log"
- "/www/wwwlogs/www.*****.com.log"
- )
- baidu_spider_ips="/www/server/nginx/conf/baidu_spider_ips.txt"
- blockiplogfile="/www/server/nginx/conf/blockip.conf"
- geolocation_file="/www/wwwlogs/blockipinfo.txt"
- last_minutes=1
- start_time=$(date -d "${last_minutes} minutes ago" +"%d/%b/%Y:%H:%M:%S")
- stop_time=$(date +"%d/%b/%Y:%H:%M:%S")
- merged_log=$(mktemp)
- geolocation_txt=$(mktemp)
- for logfile in "${logfiles[@]}"; do
- tac "$logfile" | awk -v st="$start_time" -v et="$stop_time" -F' ' '
- BEGIN {
- while (getline < "'$baidu_spider_ips'") spider[$0]
- }
- {
- t = substr($4, 2, 19); # 时间戳是每行的第四个字段,格式为[dd/Mmm/YYYY:HH:MM:SS]
- if (t >= st && t <= et && !($1 in spider)) { # 排除百度蜘蛛IP
- print $1; # IP地址是每行的第一个字段
- }
- }
- ' >> "$merged_log"
- done
- sort "$merged_log" | uniq -c | sort -nr > "${merged_log}.sorted"
- threshold=60
- api_url="https://www.meiweny.cn/e/extend/chat/info.php?enews=ipcha&ip="
- > "$blockiplogfile"
- while IFS=' ' read -r count ip; do
- if (( count > threshold )); then
- response=$(curl -s "$api_url$ip")
- if [[ -n "$response" ]]; then
- location=$(echo "$response" | jq -r '.ip1' 2>/dev/null)
- if [[ $? -eq 0 ]]; then # 检查jq命令是否成功
- echo "$ip - $count requests - $location" >> "$geolocation_txt"
- echo "deny $ip;" >> "$blockiplogfile"
- echo "IP $ip blocked due to excessive requests."
- else
- echo "$ip - $count requests - Failed to extract location with jq" >> "$geolocation_txt"
- fi
- else
- echo "$ip - $count requests - Unable to retrieve location" >> "$geolocation_txt"
- fi
- fi
- done < "${merged_log}.sorted"
- while IFS=' ' read -r ip _; do
- grep -qF "deny $ip;" "$blockiplogfile" || echo "deny $ip;" >> "$blockiplogfile"
- done < "$geolocation_txt"
- cat "$geolocation_txt" > "$geolocation_file"
- rm "$merged_log" "${merged_log}.sorted" "$geolocation_txt"
- echo "Blacklist updated."
- echo "saved to $geolocation_file."
另外提供一个将大部分蜘蛛的IP详情生成TXT的方法
- 116.179.32.1
- 116.179.32.2
- 116.179.32.3
- 116.179.32.4
- 116.179.32.5
- 116.179.32.6
- 116.179.32.7
- 116.179.32.8
- 116.179.32.9
- 116.179.32.10
- 116.179.32.11
- 116.179.32.12
- 116.179.32.13
- 116.179.32.14
- 116.179.32.15
- 116.179.32.16
- 116.179.32.17
- 116.179.32.18
- 116.179.32.19
- 116.179.32.20
- 116.179.32.21
- 116.179.32.22
- 116.179.32.23
- 116.179.32.24
- 116.179.32.25
- 116.179.32.26
- 116.179.32.27
- 116.179.32.28
- 116.179.32.29
- 116.179.32.30
- 116.179.32.31
- 116.179.32.32
- 116.179.32.33
- 116.179.32.34
满满的干货,应该是大家都需要的吧!小编手打码字辛苦就知识付费下吧!不要经常都想着白嫖的!也算是给小编继续原创写作的动力。
- <?php
- function cidrToIpRangeGenerator($cidr) {
- list($ip, $mask) = explode('/', $cidr);
- $ipInt = ip2long($ip);
- $maskInt = ~((1 << (32 - $mask)) - 1);
- $networkAddress = $ipInt & $maskInt;
- $broadcastAddress = $networkAddress | (~$maskInt);
- for ($currentIpInt = $networkAddress + 1; $currentIpInt < $broadcastAddress; $currentIpInt++) {
- yield long2ip($currentIpInt);
- }
- }
- function batchProcessCidrs($cidrs, $batchSize, $outputFile) {
- $file = fopen($outputFile, 'w');
- if (!$file) {
- die('无法打开文件');
- }
- $count = 0;
- $totalCidrs = count($cidrs);
- $batchCount = ceil($totalCidrs / $batchSize);
- echo "开始处理CIDR块...n";
- for ($batch = 0; $batch < $batchCount; $batch++) {
- $batchCidrs = array_slice($cidrs, $batch * $batchSize, $batchSize);
- foreach ($batchCidrs as $cidr) {
- foreach (cidrToIpRangeGenerator($cidr) as $ip) {
- fwrite($file, $ip . PHP_EOL);
- }
- $count++;
- echo "已处理CIDR {$count}/{$totalCidrs}n";
- }
- sleep(10); // 暂停10秒
- }
- fclose($file);
- echo "所有IP地址范围已写入{$outputFile}文件。n";
- }
- $cidrs = [
- //百度蜘蛛
- '116.179.32.0/24',
- '180.76.15.0/24',
- '119.63.196.0/24',
- '115.239.212./24',
- '119.63.199.0/24',
- '122.81.208.0/22',
- '123.125.71.0/24',
- '180.76.4.0/24',
- '180.76.5.0/24',
- '180.76.6.0/24',
- '185.10.104.0/24',
- '220.181.108.0/24',
- '220.181.51.0/24',
- '111.13.102.0/24',
- '123.125.67.144/29',
- '123.125.67.152/31',
- '61.135.169.0/24',
- '123.125.68.68/30',
- '123.125.68.72/29',
- '123.125.68.80/28',
- '123.125.68.96/30',
- '202.46.48.0/20',
- '220.181.38.0/24',
- '123.125.68.80/30',
- '123.125.68.84/31',
- '123.125.68.0/24',
- //神马蜘蛛
- '106.11.0.0/16',
- '42.156.0.0/16',
- '42.120.0.0/16',
- //头条蜘蛛
- '111.225.148.0/24',
- '111.225.149.0/24',
- '220.243.135.0/24',
- '220.243.136.0/24',
- '60.8.123.0/24',
- '110.249.201.0/24',
- '110.249.202.0/24',
- //搜狗蜘蛛
- '106.38.241.0/24',
- '43.250.200.0/24',
- '43.250.201.0/24',
- '58.250.125.0/24',
- '49.7.20.0/24',
- '49.7.21.0/24',
- '61.158.148.0/24',
- '61.158.208.0/24',
- '36.157.174.185',
- //360蜘蛛
- '180.153.232.0/24',
- '180.153.234.0/24',
- '180.153.236.0/24',
- '180.163.220.0/24',
- '42.236.101.0/24',
- '42.236.102.0/24',
- '42.236.103.0/24',
- '42.236.10.0/24',
- '42.236.12.0/24',
- '42.236.13.0/24',
- '42.236.14.0/24',
- '42.236.15.0/24',
- '42.236.16.0/24',
- '42.236.17.0/24',
- '42.236.46.0/24',
- '42.236.48.0/24',
- '42.236.49.0/24',
- '42.236.50.0/24',
- '42.236.51.0/24',
- '42.236.52.0/24',
- '42.236.53.0/24',
- '42.236.54.0/24',
- '42.236.55.0/24',
- '42.236.99.0/24',
- //Bing蜘蛛
- '40.77.169.0/24',
- '65.52.104.0/24',
- '65.52.108.0/22',
- '65.55.24.0/24',
- '65.55.52.0/24',
- '65.55.55.0/24',
- '65.55.213.0/24',
- '65.55.217.0/24',
- '131.253.24.0/22',
- '131.253.46.0/23',
- '40.77.167.0/24',
- '199.30.27.0/24',
- '157.55.13.0/24',
- '157.55.16.0/23',
- '157.55.18.0/24',
- '157.55.32.0/22',
- '157.55.36.0/24',
- '157.55.48.0/24',
- '157.55.109.0/24',
- '157.55.110.40/29',
- '157.55.110.48/28',
- '157.56.92.0/24',
- '157.56.93.0/24',
- '157.56.94.0/23',
- '157.56.229.0/24',
- '199.30.16.0/24',
- '207.46.12.0/23',
- '207.46.192.0/24',
- '207.46.195.0/24',
- '207.46.199.0/24',
- '207.46.204.0/24',
- '157.55.39.0/24'
- ];
- $batchSize = 100; // 设置批次大小
- $outputFile = 'ip_ranges.txt';
- batchProcessCidrs($cidrs, $batchSize, $outputFile);