Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Auto-ban website spammers via the Apache access_log
# Config
# if more than the threshold, the IP will be banned
# search this many recent lines of the access log
# term to search for
# logfile to search
# email to alert upon banning
# Get the last n lines of the access_log, and search for the term. Sort and count by IP, outputting the IP if it's
# larger than the threshold.
for ip in `tail -n $LINESTOSEARCH $LOGFILE | grep "$SEARCHTERM" | awk "{print \\$1}" | sort | uniq -c | sort -rn | head -20 | awk "{if (\\$1 > $THRESHOLD) print \\$2}"`
# Look in iptables to see if this IP is already banned
if ! iptables -L INPUT -n | grep -q $ip
# Ban the IP
iptables -A INPUT -s $ip -j DROP
# Notify the alert email
iptables -L -n | mail -s "Apache access_log banned '$SEARCHTERM': $ip" $ALERTEMAIL
Copy link

ghost commented Jul 9, 2014

Can I add 2 simple features in your code?

Copy link

Leendert-JanFloor commented Oct 27, 2021

This is amazing, I modified it a bit for my needs. Very clear comments, thank you very much!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment