tail -n 15000 nginx.access.log > tail.log
cat tail.log | grep "POST / "|awk '{print $1}'|sort|uniq > blacklist.ip