Find all the ip adresses that have repeat offenses according to the NGINX or Apache access logs.
The only requirement is that the log files have the ip address as the first field of every log entry.
Uses a threshold number of your choosing to match against a list of offending http response codes that increments per ip address.
Installation
(Optional) Edit the script file with your threshold and http response code parameters
Making sure it is executable. (sudo chmod +x bad_actors.sh)
Run it. (sudo ./bad_actors.sh)