home > security > www > finding-spammers-in-the-apache-log

Finding spammers in the apache log

25 | 17 Jul 2011

This is one of a few scripts to come that can be made into a daemon to crunch down on unwanted crawler, brute force's / spam traffic...

The goal of this script is to identify ip's that are accessing the server too many times... It will search by the hour and return the ip if the user's ip appears too many times within any hour.

#!/bin/bash
#
# mike's script to find baddie's in the apache logs...
#

if [ -z "$1" ]; then
    echo "Please specify apache log file to analyse..."
else
    i=0
    while [ "$i" -lt "24" ]; do
    grep "2011:$i" "$1" | cut -d " " -f 1 | sort | uniq | while read ip; do
        if [ "$(grep "2011:$i" "$1" | grep "$ip" | wc -l)" -gt "360" ]; then
            echo "$ip had $(($(grep "2011:$i" "$1" | grep "$ip" | wc -l)/60)) hits per minute [hour:$i]...";        fi

    done
    ((i++))
    done
fii

Post a Comment