Modify the Linux SSH connection port and disable IP, install the DDoS deflate

Test system: CENTOS7

Modify the connection port to modify the configuration file

vi /etc/ssh/sshd_config

Remove the comment from Port 22 to add a new port configurationport your_port_num

Custom port selection recommended on the million-bit ports (e.g., 10000-65535)

Do not delete port 22 directly, so as not to forget the new SSH port or the port is not accessible, we can continue to access SSH, save and exit

To restart the SSH configuration

service sshd restart

Reconnect VPS and remove default 22 port

Use the new port to log in, after successful login, modify the configuration file Delete port 22 row, save and exit, restart the SSH configuration

Disable IP

iptables -I INPUT -s 0.0.0.0 -j DROP

Known to have several brute-force IP addresses

iptables -I INPUT -s 61.177.172.10 -j DROPiptables -I INPUT -s 58.218.198.167 -j DROPiptables -I INPUT -s 122.172.137.116 -j DROP

Other methods refer to disable access to IP settings

Introduction to installing DDoS Deflateddos deflate

DDoS deflate is a free script to defend against and mitigate DDoS attacks. It uses netstat monitoring to track the creation of IP addresses for a large number of network connections, which are banned or blocked by APF or iptables when a node is detected that exceeds a preset limit.

Determine if a DDoS attack is a risk

netstat -ntu | awk ‘{print $5}‘ | cut -d: -f1 | sort | uniq -c | sort -n

After the execution will show the current host number of connections and IP address, generally 10-20 is normal, if hundreds of or more, there must be a problem.

Installing DDoS deflate

wget http://www.inetbase.com/scripts/ddos/install.sh   //下载DDoS  deflatechmod 0700 install.sh    //添加权限./install.sh             //执行

Configuring DDoS Deflate

The default configuration for DDoS deflate is in/usr/local/ddos/ddos.conf, which reads as follows:

##### Paths of the script and other filesprogdir= "/usr/local/ddos" prog= "/usr/local/ddos/ddos.sh" ignore_ip_list= "/usr/ Local/ddos/ignore.ip.list "//IP address white list cron="/etc/cron.d/ddos.cron "//Timed Execution Program apf="/ETC/APF/APF "ipt="/sbin/iptables "# # # # Frequency in minutes for running the script##### caution:every time this setting was changed, run the script with--c ron##### option so the the new frequency takes effectfreq=1//check interval, default 1 minutes ##### How many connections define a Bad IP? Indicate that below.no_of_connections=150//maximum number of connections, more than this number of IP will be blocked, the general default can be ##### apf_ban=1 (make sure your APF version are at least 0.96) ##### apf_ban=0 (Uses iptables for banning IPs instead of APF) Apf_ban=1//using APF or iptables. It is recommended to use Iptables to change the value of Apf_ban to 0. ##### kill=0 (Bad IPs is ' NT banned, good for interactive execution of script) ##### kill=1 (Recommended setting) kill=1/ /whether to block IP, default can ##### an e-mail is sent to the following address when a IP is banned.##### Blank would suppress sending of Mai Lsemail_to= "Root "//when IP is blocked to send mail to a designated mailbox, it is recommended to use it for your own mailbox to ##### number of seconds the banned IP should remain in blacklist. ban_period=600//Disable IP time, default 600 seconds, can be adjusted according to the situation

Save after modification, enter reboot restart host

Reference articles

Linux CentOS Setup firewall iptables How to disable an IP access login

Linux settings iptables disable an IP access

DDoS deflate– Simple solution VPS is ddos/cc attack

DDoS protection/mitigation DDoS attacks Deflate-linux

Modify the Linux SSH connection port and disable IP, install the DDoS deflate