Powerful anti-ddos shell script

Author: Gao Jinbo

The server has been under DDOS attacks for the past few days. Currently, only IP address sources can be blocked for the time being. It is a nightmare to manually add IP addresses without changing the source. I thought of a way to use SHELL.

Relatively simple, but very practical :) the following content should be modified according to the author's original article :)

1. write scripts
 

Mkdir/root/bin vi/root/bin/dropip. sh #! /Bin/bash/bin/netstat-nagrep ESTABLISHEDawk '{print $5}' awk-F: '{print $1}' sortuniq-csort-rnhead-10 grep-v-E '192. 168127.0 'awk' {if ($2! = Null & $1> 4) {print $2} '>/tmp/dropip for I in $ (cat/tmp/dropip) do/sbin/iptables-a input-s $ I-j DROP echo "$ I kill at 'date'">/var/log/ddos done 2. add execution permission
Chmod + x/root/bin/dropip. sh

3. Added to the scheduled task and executed every minute
Crontab-e
*/1 */root/bin/dropip. sh

Note:
The above script is relatively simple, but very practical. The most important thing is that in the second line, get the first 10 ip addresses with the maximum number of ESTABLISHED connections and write them to the temporary file/tmp/dropip, the internal ip segment starting with 192.168127.0 is excluded. use the for loop to drop all the ip addresses in the dropip through iptables, and then write them to the log file/var/log/ddos.