Defending against DDoS attacks under Linux

Linux Server operation process may be subject to hacker attacks, common attack methods have Syn,ddos, etc. By replacing the IP, it may be possible to circumvent the attack by locating the attacked site, but the service will be interrupted for a long time. A more thorough solution is to add a hardware firewall. However, the hardware firewall price is more expensive. In the absence of hard-to-prevent, looking for software replacement is the most direct method, such as with iptables, but iptables can not be automatically shielded, can only be manually shielded. Here's a piece of software that automatically shields DDoS attackers ' IPs:DDoS Deflate.

Filter out the IP with the most visited pages:

650) this.width=650; "title=" H ' 5ws9yy8v8%[k{y4hqli48.png "src=" http://s2.51cto.com/wyfs02/M00/84/31/ Wkiol1eir-ctts-6aabefk-kli4697.png "alt=" Wkiol1eir-ctts-6aabefk-kli4697.png "/>

DDOS deflate is a lightweight script that assists in the process of blocking denial of service attacks during bash shell scripting.

install:

# wget http://www.inetbase.com/scripts/ddos/install.sh  # chmod 0700  install.sh# cat install.sh#!/bin/shif [ -d  '/usr/local/ddos '  ]; then          echo; echo; echo  "please un-install  The previous version first "         exit  0else         mkdir /usr/local/ddosficlearecho; echo   ' installing dos-deflate 0.6 '; echoecho; echo -n  ' Downloading source  files. ' wget -q -o /usr/local/ddos/ddos.conf http://www.inetbase.com/scripts/ddos/ ddos.confecho -n  '. ' wget -q -o /usr/local/ddos/license http://www.inetbase.com/scripts/ddos/licenseecho - n  '. ' Wget -q -o /usr/local/ddos/ignore.ip.list http://www.inetbase.com/scripts/ddos/ignore.ip.listecho -n  '. ' wget -q -o /usr/local/ddos/ddos.sh http://www.inetbase.com/scripts/ddos/ddos.shchmod  0755 /usr/local/ddos/ddos.shcp -s /usr/local/ddos/ddos.sh /usr/local/sbin/ddosecho  ' ... done ' echo; echo -n  ' Creating cron to run script every minute ..... (default setting) '/usr/local/ddos/ddos.sh --cron > /dev/null 2>&1echo  ' ... done ' echo; echo  ' installation has completed. ' echo  ' config file is at /usr/local/ddos/ddos.conf ' echo  ' Please send in  your comments and/or suggestions to [email protected] ' echocat /usr/ local/ddos/license | less# ./install.sh

Configuration file:

# ll /usr/local/ddos/Total dosage  24-rw-r--r--.  1 root root   971   1 Month  10 2006 ddos.conf-rwxr-xr-x. 1 root root  3945  1 Month  10 2006 ddos.sh-rw-r--r--.  1 root root    10  1 Month  10 2006 ignore.ip.list-rw-r--r--.  1 root root 10113  1 Month  10  2006 license# cat /usr/local/ddos/ddos.conf##### paths of the script  and other filesprogdir= "/usr/local/ddos"    #文件存放目录PROG = "/usr/local/ddos/ddos.sh"   #主要功能脚本IGNORE_IP_LIST = "/usr/local/ddos/ignore.ip.list"   #白名单地址列表CRON = "/etc/cron.d/ddos.cron"  # Crond timed Task Script apf= "/ETC/APF/APF" ipt= "/sbin/iptables" ##### frequency in minutes for  running the script##### caution: every time this setting is  Changed, run the sCript with --cron#####          option so  that the new frequency takes effectFREQ=1  #ddos. Sh frequency of execution, in minutes, with crontab to perform .##### how many connections define a bad ip? indicate that  below.no_of_connections=150  #最大连接数设置, IP that exceeds this number will block ##### apf_ban=1  (make sure your  apf version is atleast 0.96) ##### apf_ban=0  (Uses iptables for  BANNING IPS INSTEAD OF APF) apf_ban=1  #1: Using apf 0: Using Iptables, Normally you use Iptables to make a firewall, so here you need to change the value of Apf_ban to 0##### kill=0  (Bad ips are ' nt banned,  Good for interactive execution of script) ##### kill=1  (Recommended  setting) kill=1  #将非法的的IP加入iptables的INPUT链中, drop of .##### an email is sent to  The following address when an ip is banned.##### blank would suppress sending of  mailsemail_to= "root"     #发送电子邮件报警的邮箱地址 ##### number of seconds the  Banned ip should remain in blacklist. ban_period=600   #屏蔽IP的时间, adjust according to the situation

650) this.width=650; "title=" Image.png "src=" http://s2.51cto.com/wyfs02/M01/84/32/ Wkiom1eivukil0u1aac4lb59vp0599.png "alt=" Wkiom1eivukil0u1aac4lb59vp0599.png "/>

Modify the above file 19 lines:

650) this.width=650; "title=" Image.png "src=" http://s4.51cto.com/wyfs02/M01/84/31/ Wkiol1eiv5fcgitlaabhxu60olo232.png "alt=" Wkiol1eiv5fcgitlaabhxu60olo232.png "/>

Task Execution Plan:

650) this.width=650; "title=" Image.png "src=" http://s3.51cto.com/wyfs02/M02/84/31/ Wkiol1eiv9bddtm0aaax7t20-pk491.png "alt=" Wkiol1eiv9bddtm0aaax7t20-pk491.png "/>

This article from "ZPP" blog, declined reprint!

Defending against DDoS attacks under Linux