August 9th, 2013, 02:00 PM
Awk Script for IP null routing
I am brand new to these forums and hope to get some useful information from some knowledgeable people on linux/unix scripting.
My problem at the moment is that I have a form on my webserver that allows for some spammers to test credit card validation. I have the ability to track the IP down and block it at my firewall but the spammers are smart enough to change their IP and continue to check stolen credit cards (I'm assuming). The IP's are logged in my /var/log/httpd/ssl_access_log and ssl_access_log.1 files. The format is...
126.96.36.199 - - [09/Aug/2013:18:40:55 +0000] "GET /css/print.css /1.1" 200 159 - 0 "Mozilla/5.0 (iPad; CPU OS 6_1_3 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10B329 Safari/8536.25"
I am looking for a script to basically pull the IP and date field and test to see if the IP has been used against the form 5 times in the past 6 hours. If the same IP is used against the form 5 times in the past 6 hours the IP is added to the route table and the IP should route to the loopback interface or localhost. I am by no means a shelling scriptor but I was told I should be able to use fgrep and awk to complete all these tasks. Also, the only lines that I need to test against have a specific URL in the ssl_access_log and ssl_access_log.1. So I started to basically fgrep the lines with the specific URL in both ssl access logs. I pipe that output to the /tmp directory and then use awk to compare the fields. This is where I am having trouble since I know very little about awk. Anyone out there that can potentially help me? I would be very willing to give more detailed information if need be.