Iptables rules for preventing PHPDDOS in LINUX

Iptables rules of PHPDDOS

The code is as follows:

Copy code

Iptables-I OUTPUT-p udp -- dport 53-d 202.103.44.150-j ACCEPT   Iptables-I OUTPUT-p udp -- dport 53-d 202.103.24.68-j ACCEPT   Iptables-a output-p tcp-m tcp -- sport 1024: 65535-d 202.103.44.150 -- dport 53-m state -- state NEW, ESTABLISHED-j ACCEPT   Iptables-a output-p tcp-m tcp -- sport 1024: 65535-d 202.103.24.68 -- dport 53-m state -- state NEW, ESTABLISHED-j ACCEPT   Iptables-a output-p udp-m udp -- sport 1024: 65535-d 202.103.44.150 -- dport 53-m state -- state NEW, ESTABLISHED-j ACCEPT   Iptables-a output-p udp-m udp -- sport 1024: 65535-d 202.103.24.68 -- dport 53-m state -- state NEW, ESTABLISHED-j ACCEPT   Iptables-a output-p udp-j REJECT   /Etc/rc. d/init. d/iptables save

Resolve external udp attacks

The following describes how to change the security settings of linux servers and php to prevent Trojans from becoming a ddos attack source.

1. php. ini disables parameters such as exec in the php call system.
Add the following line to php. ini:

 

The code is as follows:	Copy code
Disable_functions = symlink, shell_exec, exec, proc_close, proc_open, popen, system, dl, passthru, Escapeshellarg, escapeshellcmd

2. Disable ouput udp packets from the server (except for the domain name resolution server set on the local machine)

 

The code is as follows:	Copy code
#! /Bin/sh NSIP = 'cat/etc/resolv. conf | grep nameserver | awk 'NR = 1 {print $2 }'' /Sbin/iptables-a output-p udp-j DROP /Sbin/iptables-I OUTPUT-p udp-dport 53-d $ NSIP-j ACCEPT

For the tcp protocol, you can use the following iptables:

The code is as follows:	Copy code
Iptables-a output-p tcp -- dport 80-m state -- state NEW-j DROP