<?
$log_file="/var/log/httpd/access_log_1";
$c_ip=array("103.21","103.22","103.31","104.16","108.162","131.0","141.101","162.158","172.64","173.245","188.114","190.93","197.234","198.41","199.27","172.64","172.65","172.66","172.67","172.68","172.69","172.70","172.71");
$t=sizeof($c_ip);
$f=file($log_file);
$f2=fopen("/root/ddos_ip.txt","w");
$o=1;
$c_var="POST /bbs/board.php";
//$c_var="POST /bbs/search.php";
foreach($f as $key=>$value)
{
$pos=strpos($value,$c_var);
if($pos !== false)
{
// echo"$value";
$ip_t=explode("- - ",$value);
$ip_t2=trim($ip_t[0]);
$ip_t3=explode(".",$ip_t2);
$ip_t4=$ip_t3[0].".".$ip_t3[1];
for($i=0;$i<$t;$i++)
{
if($ip_t4 == $c_ip[$i])
{
$o--;
echo"$ip_t4 == $c_ip[$i] \t\n";
}
else
{
// echo"aa \r\n";
//echo"$ip_t4 == $c_ip[$i] \t\n";
}
}
if($o)
{
fwrite($f2,"$ip_t2 \r\n");
}
$o=1;
}
}
fclose($f2);
?>
=======================================================================
<?
$ip_file="/root/ddos_ip.txt";
$f=file($ip_file);
//$re=array_unique($f);
$re=array_count_values($f);
foreach($re as $key=>$value)
{
if($value>30)
{
$key=trim($key);
$value=trim($value);
echo"$key : $value \r\n";
//echo"/bin/ip_t $value \r\n";
exec("/bin/ip_t $key");
}
}
echo"ok";
?>
여행
윈도우서버 
