I wrote this, to quickly stop the issue. Fail2ban would work also.
<?php
$limit = 10;
exec('grep requestSecureToken /var/log/apache2/access.log | sed -e \'s/\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*$/\1/\' | sort | uniq -c',$output);
foreach($output as $line)
{
echo $line . "\n";
$parts = preg_split("/[\s]+/", $line);
$count = $parts[1];
$ip = $parts[2];
if($count >= $limit)
{
$msg = gethostname() . " has a high count of paypal hits: " . $count . "\n";
$msg .= "IP: " . $ip . " Hits: " . $count . "\n";
$msg = wordwrap($msg,70);
echo $msg;
$cmd = "ufw insert 1 deny from " . $ip;
exec($cmd);
mail("address@test", "CRITICAL Paypal Issue", $msg);
}
else
{
# $msg = "All Good";
# mail("address@test", "CRITICAL Paypal Issue", $msg);
}
}
?>