Log file analyzer and take action based on frequency of event

IN PROGRESS
Bids
3
Avg Bid (USD)
$85
Project Budget (USD)
$30 - $35

Project Description:
I am looking for a very simple PHP script that will be executed via a cron job once per minute to identify if someone is spamming (think DoS attack) my site causing high load and needs to be blocked.

The script will first check the current load of the server (1 min). If the load is over the threshold (say [url removed, login to view], but make it a variable) then the next step is to l read an nginx access log file, which I will provide a sample of. I then need to count the number of times an IP address appears in the log over a set period of time (in seconds). I am unsure of this figure, so it needs to be configurable as a variable in the script.

If the log file contains too many matches (IP address is occurring too often in the log within a certain time period) then I need an exec() command issued, which is basically a command of: ufw insert 1 deny from . I then need the output of that command captured and emailed to me along with the gzip'd log file using php mail.

The log file is standard nginx access log format. I can provide a snippet.

Additional Project Description:
01/24/2013 at 16:59 CST
Oops, forgot to mention one small thing. Any IP address that is blocked -- exec() ufw insert 1 deny ipaddress -- I need to track and unblock after 60 minutes. If the spamming starts again, it would be re-blocked automatically. So I am thinking the php script just needs to create a cron job to track that.

Skills required:
PHP, Software Architecture
About the employer:
Verified
Public Clarification Board
Bids are hidden by the project creator. Log in as the employer to view bids or to bid on this project.
You will not be able to bid on this project if you are not qualified in one of the job categories. To see your qualifications click here.


$ 75
in 7 days
$ 80
in 3 days
$ 100
in 5 days