Test system: CENTOS7
Modify the connection port to modify the configuration file
vi /etc/ssh/sshd_config
Remove the comment from Port 22 to add a new port configurationport your_port_num
Custom port selection recommended on the million-bit ports (e.g., 10000-65535)
Do not delete port 22 directly, so as not to forget the new SSH port or the port is not accessible, we can continue to access SSH, save and exit
To restart the SSH configuration
service sshd restart
Reconnect VPS and remove default 22 port
Use the new port to log in, after successful login, modify the configuration file Delete port 22
row, save and exit, restart the SSH configuration
Disable IP
iptables -I INPUT -s 0.0.0.0 -j DROP
Known to have several brute-force IP addresses
iptables -I INPUT -s 61.177.172.10 -j DROPiptables -I INPUT -s 58.218.198.167 -j DROPiptables -I INPUT -s 122.172.137.116 -j DROP
Other methods refer to disable access to IP settings
Introduction to installing DDoS Deflateddos deflate
DDoS deflate is a free script to defend against and mitigate DDoS attacks. It uses netstat monitoring to track the creation of IP addresses for a large number of network connections, which are banned or blocked by APF or iptables when a node is detected that exceeds a preset limit.
Determine if a DDoS attack is a risk
netstat -ntu | awk ‘{print $5}‘ | cut -d: -f1 | sort | uniq -c | sort -n
After the execution will show the current host number of connections and IP address, generally 10-20 is normal, if hundreds of or more, there must be a problem.
Installing DDoS deflate
wget http://www.inetbase.com/scripts/ddos/install.sh //下载DDoS deflatechmod 0700 install.sh //添加权限./install.sh //执行
Configuring DDoS Deflate
The default configuration for DDoS deflate is in/usr/local/ddos/ddos.conf, which reads as follows:
##### Paths of the script and other filesprogdir= "/usr/local/ddos" prog= "/usr/local/ddos/ddos.sh" ignore_ip_list= "/usr/ Local/ddos/ignore.ip.list "//IP address white list cron="/etc/cron.d/ddos.cron "//Timed Execution Program apf="/ETC/APF/APF "ipt="/sbin/iptables "# # # # Frequency in minutes for running the script##### caution:every time this setting was changed, run the script with--c ron##### option so the the new frequency takes effectfreq=1//check interval, default 1 minutes ##### How many connections define a Bad IP? Indicate that below.no_of_connections=150//maximum number of connections, more than this number of IP will be blocked, the general default can be ##### apf_ban=1 (make sure your APF version are at least 0.96) ##### apf_ban=0 (Uses iptables for banning IPs instead of APF) Apf_ban=1//using APF or iptables. It is recommended to use Iptables to change the value of Apf_ban to 0. ##### kill=0 (Bad IPs is ' NT banned, good for interactive execution of script) ##### kill=1 (Recommended setting) kill=1/ /whether to block IP, default can ##### an e-mail is sent to the following address when a IP is banned.##### Blank would suppress sending of Mai Lsemail_to= "Root "//when IP is blocked to send mail to a designated mailbox, it is recommended to use it for your own mailbox to ##### number of seconds the banned IP should remain in blacklist. ban_period=600//Disable IP time, default 600 seconds, can be adjusted according to the situation
Save after modification, enter reboot
restart host
Reference articles
Linux CentOS Setup firewall iptables How to disable an IP access login
Linux settings iptables disable an IP access
DDoS deflate– Simple solution VPS is ddos/cc attack
DDoS protection/mitigation DDoS attacks Deflate-linux
Modify the Linux SSH connection port and disable IP, install the DDoS deflate