此脚本为nginx守护脚本,配合shell进程监控脚本实现简单的恶意访问屏蔽

  1. #!/usr/bin/python2.6
  2. #coding=utf-8
  3. import os
  4. import time
  5. #日志记录
  6. num_file = '/data/www/www.521php.com/log/num'
  7. log_file = '/data/www/www.521php.com/log/www.521php.com.log'
  8. #ip屏蔽函数
  9. def shellcmd(ip,con):
  10.     os.system('/root/shell/nginx/editblocksip.sh add '+ip)
  11.     os.system('echo '+con+' | mail -s "log info" zhangcunchao_cn@163.com')                                                                                                         
  13. nowfile = os.getcwd()+"/"+__file__
  14. stime = os.stat(nowfile).st_mtime
  15. #修改时间变化退出
  16. while stime == os.stat(nowfile).st_mtime:
  17.     log_num = str(int(os.popen("cat "+num_file).read()))
  18.     real_num = str(int(os.popen("cat "+log_file+" | wc -l").read()))
  19.     if log_num != real_num:
  20.         #插入新记录条数
  21.         os.system('echo '+real_num+' > '+num_file)
  22.         content =  os.popen("tail -n +"+log_num+" "+log_file).read().split("\n")
  23.         for con in content:
  24.             if ""!=con:
  25.                 c = con.split(' ')
  26.                 if '403' != c[8] and '112.253.28.43' != c[0]:
  27.                     if ".rar" in  c[6]:
  28.                         shellcmd(c[0],con)
  29.                     elif '/wp-comments-post.php' in c[6] and 'MSIE' == c[13] and '6.0;'== c[14]:
  30.                         shellcmd(c[0],con)
  31.                     elif '"-"' == c[11] and '"-"' == c[12] and  '.php' in c[6]:
  32.                         shellcmd(c[0],con)
  33.     time.sleep(1)