DDoS Attack Stats

This of course only works, if you still have access to the machine.
Local access or out of band remote access would be required, if you really were under attack.

#!/bin/sh

# Regex that maches the attackers browserstring, 
# or prehaps the URL attacked, if it is possible to match.
BROWSERSTRING="008\/0\.85"
# The current log file
LOGFILE="/var/log/apache/access.log"

echo "List of highest attacking IP's"
grep ${BROWSERSTRING} ${LOGFILE} | awk '{print $1}' | sort | uniq -c | sort | tail -n 10

echo "Total number of attackers"
grep ${BROWSERSTRING} ${LOGFILE} | awk '{print $1}' | sort | uniq -c | sort | wc -l

echo "Time of first contact"
grep ${BROWSERSTRING} ${LOGFILE} | awk -F \  '{print $4 $5}' | sort | head -n 1

echo "Time of last contact"
grep ${BROWSERSTRING} ${LOGFILE} | awk -F \  '{print $4 $5}' | sort | tail -n 1
Dette indlæg blev udgivet i Knowledge Base. Bogmærk permalinket.

Skriv et svar