Bash script to block top 10 most accessing ips using csf

If you are in the server via ssh and feeling the ddos attack is coming. You can easily block the most accessing ips via csf firewall.

First, you should check if the ddos is coming. You can make a conclusion by analyzing the result of the below script.

netstat -plan | grep :80 | awk ‘{print $5}’ | cut -d: -f 1 | sort | uniq -c | sort -n

This will list the ips that trying to access the port 80 ie, the webserver port

If you found there were a large access from the list, you can block the ips in the firewall if you have csf installed in the server.

for i in `netstat -plan | grep :80 | awk ‘{print $5}’ | cut -d: -f 1 | sort | uniq -c | sort -n| awk ‘{print $2}’|tail -10`; do csf -d $i ; done

This is only a suggestion. This may block other ips so please analyze the result of the first script and do this.

Thank you 🙂 😉

Leave a Reply

Your email address will not be published. Required fields are marked *