My servers have been recently hit by a few spam bots whether they are malicious or not. The spamer causes high CPU spikes and I have to ban those IPs with no exception. Luckily the cloudflare, serves as a Proxy, stands in front of my real servers – thus it is very convenient to add the malicious IPs to the blacklist and block them for good.
I use the following BASH command to list the top 10 IPs by their visit frequencies. The sort, uniq, awk and head LINUX commands are combined by pipeline to sort the visitors’ IP by their frequencies in the apache2 access log.
1 | cat access.log | awk '{print $1}' | sort | uniq -c | sort -nr | awk '{printf "%-8s ==> %s\n", $2, $1}' | head -10 |
cat access.log | awk '{print $1}' | sort | uniq -c | sort -nr | awk '{printf "%-8s ==> %s\n", $2, $1}' | head -10
Example output:
200.167.184.130 ==> 54487 189.11.199.82 ==> 30796 169.57.142.70 ==> 22209 187.7.215.35 ==> 21290 201.49.164.75 ==> 11104 200.167.184.168 ==> 10838 93.158.239.25 ==> 2747 2804:7f3:6980:4e90:4d67:871c:a75b:f5e4 ==> 1588 156.67.242.53 ==> 1407 198.71.230.54 ==> 1078
The cat access.log | awk ‘{print $1}’ will extract the first column – which is the visitor’s IP in the apache access log. And the rest command will group them, count the frequencies and output them in the descending order.
–EOF (The Ultimate Computing & Technology Blog) —
loading...
Last Post: Using Parallel For in Java to Compute PI using Monte Carlo Algorithm
Next Post: Fixing Profile Query Command due to API Change in Steem Blockchain