Iptables rules of PHPDDOS
The code is as follows: |
Copy code |
Iptables-I OUTPUT-p udp -- dport 53-d 202.103.44.150-j ACCEPT Iptables-I OUTPUT-p udp -- dport 53-d 202.103.24.68-j ACCEPT Iptables-a output-p tcp-m tcp -- sport 1024: 65535-d 202.103.44.150 -- dport 53-m state -- state NEW, ESTABLISHED-j ACCEPT Iptables-a output-p tcp-m tcp -- sport 1024: 65535-d 202.103.24.68 -- dport 53-m state -- state NEW, ESTABLISHED-j ACCEPT Iptables-a output-p udp-m udp -- sport 1024: 65535-d 202.103.44.150 -- dport 53-m state -- state NEW, ESTABLISHED-j ACCEPT Iptables-a output-p udp-m udp -- sport 1024: 65535-d 202.103.24.68 -- dport 53-m state -- state NEW, ESTABLISHED-j ACCEPT Iptables-a output-p udp-j REJECT /Etc/rc. d/init. d/iptables save |
Resolve external udp attacks
The following describes how to change the security settings of linux servers and php to prevent Trojans from becoming a ddos attack source.
1. php. ini disables parameters such as exec in the php call system.
Add the following line to php. ini:
The code is as follows: |
Copy code |
Disable_functions = symlink, shell_exec, exec, proc_close, proc_open, popen, system, dl, passthru, Escapeshellarg, escapeshellcmd |
2. Disable ouput udp packets from the server (except for the domain name resolution server set on the local machine)
The code is as follows: |
Copy code |
#! /Bin/sh NSIP = 'cat/etc/resolv. conf | grep nameserver | awk 'NR = 1 {print $2 }'' /Sbin/iptables-a output-p udp-j DROP /Sbin/iptables-I OUTPUT-p udp-dport 53-d $ NSIP-j ACCEPT
|
For the tcp protocol, you can use the following iptables:
The code is as follows: |
Copy code |
Iptables-a output-p tcp -- dport 80-m state -- state NEW-j DROP |