You have chosen to sponsor your bid up to a maximum amount of .
I am looking for a very simple PHP script that will be executed via a cron job once per minute to identify if someone is spamming (think DoS attack) my site causing high load and needs to be blocked.
The script will first check the current load of the server (1 min). If the load is over the threshold (say [url removed, login to view], but make it a variable) then the next step is to l read an nginx access log file, which I will provide a sample of. I then need to count the number of times an IP address appears in the log over a set period of time (in seconds). I am unsure of this figure, so it needs to be configurable as a variable in the script.
If the log file contains too many matches (IP address is occurring too often in the log within a certain time period) then I need an exec() command issued, which is basically a command of: ufw insert 1 deny from . I then need the output of that command captured and emailed to me along with the gzip'd log file using php mail.
The log file is standard nginx access log format. I can provide a snippet.
Additional Project Description:
01/24/2013 at 16:59 CST
Oops, forgot to mention one small thing. Any IP address that is blocked -- exec() ufw insert 1 deny ipaddress -- I need to track and unblock after 60 minutes. If the spamming starts again, it would be re-blocked automatically. So I am thinking the php script just needs to create a cron job to track that.