I am looking for a very simple PHP script that will be executed via a cron job once per minute to identify if someone is spamming (think DoS attack) my site causing high load and needs to be blocked.
The script will first check the current load of the server (1 min). If the load is over the threshold (say [url removed, login to view], but make it a variable) then the next step is to l read an nginx access log file, which I will provide a sample of. I then need to count the number of times an IP address appears in the log over a set period of time (in seconds). I am unsure of this figure, so it needs to be configurable as a variable in the script.
If the log file contains too many matches (IP address is occurring too often in the log within a certain time period) then I need an exec() command issued, which is basically a command of: ufw insert 1 deny from . I then need the output of that command captured and emailed to me along with the gzip'd log file using php mail.
The log file is standard nginx access log format. I can provide a snippet.