This is one of a few scripts to come that can be made into a daemon to crunch down on unwanted crawler, brute force's / spam traffic...
The goal of this script is to identify ip's that are accessing the server too many times... It will search by the hour and return the ip if the user's ip appears too many times within any hour.
#!/bin/bash
#
# mike's script to find baddie's in the apache logs...
#
if [ -z "$1" ]; then
echo "Please specify apache log file to analyse..."
else
i=0
while [ "$i" -lt "24" ]; do
grep "2011:$i" "$1" | cut -d " " -f 1 | sort | uniq | while read ip; do
if [ "$(grep "2011:$i" "$1" | grep "$ip" | wc -l)" -gt "360" ]; then
echo "$ip had $(($(grep "2011:$i" "$1" | grep "$ip" | wc -l)/60)) hits per minute [hour:$i]..."; fi
done
((i++))
done
fii