Linux Server operation process may be subject to hacker attacks, common attack methods have Syn,ddos, etc. By replacing the IP, it may be possible to circumvent the attack by locating the attacked site, but the service will be interrupted for a long time. A more thorough solution is to add a hardware firewall. However, the hardware firewall price is more expensive. In the absence of hard-to-prevent, looking for software replacement is the most direct method, such as with iptables, but iptables can not be automatically shielded, can only be manually shielded. Here's a piece of software that automatically shields DDoS attackers ' IPs:DDoS Deflate.
Filter out the IP with the most visited pages:
650) this.width=650; "title=" H ' 5ws9yy8v8%[k{y4hqli48.png "src=" http://s2.51cto.com/wyfs02/M00/84/31/ Wkiol1eir-ctts-6aabefk-kli4697.png "alt=" Wkiol1eir-ctts-6aabefk-kli4697.png "/>
DDOS deflate is a lightweight script that assists in the process of blocking denial of service attacks during bash shell scripting.
install:
# wget http://www.inetbase.com/scripts/ddos/install.sh # chmod 0700 install.sh# cat install.sh#!/bin/shif [ -d '/usr/local/ddos ' ]; then echo; echo; echo "please un-install The previous version first " exit 0else mkdir /usr/local/ddosficlearecho; echo ' installing dos-deflate 0.6 '; echoecho; echo -n ' Downloading source files. ' wget -q -o /usr/local/ddos/ddos.conf http://www.inetbase.com/scripts/ddos/ ddos.confecho -n '. ' wget -q -o /usr/local/ddos/license http://www.inetbase.com/scripts/ddos/licenseecho - n '. ' Wget -q -o /usr/local/ddos/ignore.ip.list http://www.inetbase.com/scripts/ddos/ignore.ip.listecho -n '. ' wget -q -o /usr/local/ddos/ddos.sh http://www.inetbase.com/scripts/ddos/ddos.shchmod 0755 /usr/local/ddos/ddos.shcp -s /usr/local/ddos/ddos.sh /usr/local/sbin/ddosecho ' ... done ' echo; echo -n ' Creating cron to run script every minute ..... (default setting) '/usr/local/ddos/ddos.sh --cron > /dev/null 2>&1echo ' ... done ' echo; echo ' installation has completed. ' echo ' config file is at /usr/local/ddos/ddos.conf ' echo ' Please send in your comments and/or suggestions to [email protected] ' echocat /usr/ local/ddos/license | less# ./install.sh
Configuration file:
# ll /usr/local/ddos/Total dosage 24-rw-r--r--. 1 root root 971 1 Month 10 2006 ddos.conf-rwxr-xr-x. 1 root root 3945 1 Month 10 2006 ddos.sh-rw-r--r--. 1 root root 10 1 Month 10 2006 ignore.ip.list-rw-r--r--. 1 root root 10113 1 Month 10 2006 license# cat /usr/local/ddos/ddos.conf##### paths of the script and other filesprogdir= "/usr/local/ddos" #文件存放目录PROG = "/usr/local/ddos/ddos.sh" #主要功能脚本IGNORE_IP_LIST = "/usr/local/ddos/ignore.ip.list" #白名单地址列表CRON = "/etc/cron.d/ddos.cron" # Crond timed Task Script apf= "/ETC/APF/APF" ipt= "/sbin/iptables" ##### frequency in minutes for running the script##### caution: every time this setting is Changed, run the sCript with --cron##### option so that the new frequency takes effectFREQ=1 #ddos. Sh frequency of execution, in minutes, with crontab to perform .##### how many connections define a bad ip? indicate that below.no_of_connections=150 #最大连接数设置, IP that exceeds this number will block ##### apf_ban=1 (make sure your apf version is atleast 0.96) ##### apf_ban=0 (Uses iptables for  BANNING IPS INSTEAD OF APF) apf_ban=1 #1: Using apf 0: Using Iptables, Normally you use Iptables to make a firewall, so here you need to change the value of Apf_ban to 0##### kill=0 (Bad ips are ' nt banned, Good for interactive execution of script) ##### kill=1 (Recommended setting) kill=1 #将非法的的IP加入iptables的INPUT链中, drop of .##### an email is sent to The following address when an ip is banned.##### blank would suppress sending of mailsemail_to= "root" #发送电子邮件报警的邮箱地址 ##### number of seconds the Banned ip should remain in blacklist. ban_period=600 #屏蔽IP的时间, adjust according to the situation
650) this.width=650; "title=" Image.png "src=" http://s2.51cto.com/wyfs02/M01/84/32/ Wkiom1eivukil0u1aac4lb59vp0599.png "alt=" Wkiom1eivukil0u1aac4lb59vp0599.png "/>
Modify the above file 19 lines:
650) this.width=650; "title=" Image.png "src=" http://s4.51cto.com/wyfs02/M01/84/31/ Wkiol1eiv5fcgitlaabhxu60olo232.png "alt=" Wkiol1eiv5fcgitlaabhxu60olo232.png "/>
Task Execution Plan:
650) this.width=650; "title=" Image.png "src=" http://s3.51cto.com/wyfs02/M02/84/31/ Wkiol1eiv9bddtm0aaax7t20-pk491.png "alt=" Wkiol1eiv9bddtm0aaax7t20-pk491.png "/>
This article from "ZPP" blog, declined reprint!
Defending against DDoS attacks under Linux