Treba se to muze nekomu hodit.
<?
$x=array();
exec("tail -n 5000 /var/log/asterisk/messages",$d);
foreach ($d as $s) {
if (ereg("Registration.*failed.*'([0-9\\.]{7,15})'",$s,$r))
if (isset($x[$r[1]])) {
$x[$r[1]]++;
} else {
$x[$r[1]]=1;
};
}
exec("iptables -S net2fw | grep DROP",$y);
$b=array();
foreach ($y as $s) {
if (ereg(" ([0-9\\.]{7,15})(/| )",$s,$r) and !in_array($r[1],$b)) $b[]=$r[1
}
foreach ($x as $ip=>$cnt) {
if (($cnt>10) and !in_array($ip,$b)) {
exec("iptables -I net2fw -s $ip -j DROP");
echo "blokace $ip\n";
}
}
?>
to echo se da zmenit na mail, nebo zaremovat. Jednou nas prekvapilo, co ze to ta ustredna vyvadi, ze ma tak zatizeny procesor (dle statistiky hypervisoru). No a krome bezpecnosti to prineslo taky snizeni zateze.