The processing method of external DDoS attack Linux through Iptalbes prohibit Phpddos contract

The penalty policy for this attack is,

Further violations would proceed with these following actions:

1st violation-warning and shutdown of server. We'll allow hours for your to rectify the problem. The first time is a warning + shutdown, give 24 hours to solve the problem

2nd violation-immediate reformat of server. The second time is to format the server immediately

3rd violation-cancellation with no refund. The third time is to cancel the service without giving a refund

To address this problem, give a simple description,

Performance features: As soon as you turn on IIS, the bandwidth of the server is run out-----that is, the server continues to contract to others, this situation and by DDoS attack is different, DDoS is constantly receiving a large number of packets.

Solution:

Stop IIS for the time being, and then

prohibit the above code:

Set in C:\windows\php.ini:

Disable_functions =gzinflate,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_ Status,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_ Socket_server,fsocket,fsockopen

Set its value to off in C:\windows\php.ini

Allow_url_fopen = Off

And:

; Extension=php_sockets.dll

The front of the number must have, meaning is to limit the use of Sockets.dll

To keep in front of;

Then start IIS

In IP policy, or firewall, prevent all UDP from being sent out

Linux Solutions

I. Prohibit the sending of UDP packets outside the machine

Iptables-a output-p udp-j DROP

ii. ports that require UDP services (for example, DNS)

Iptables-i output-p UDP--dport 53-d 8.8.8.8-j ACCEPT

Green "53", for DNS required UDP port, the yellow "8.8.8.8" part of the DNS IP, according to your server settings, if you do not know your current server to use the DNS IP, you can execute the following command in SSH to obtain:

cat/etc/resolv.conf grep nameserver awk ' nr==1{print $} '

With complete iptables rules

#iptables-A input-p tcp-m TCP--sport--dport 1024:65535-m State--state established-j ACCEPT

#iptables-A input-p udp-m UDP--sport--dport 1024:65535-m State--state established-j ACCEPT

#iptables-A output-p tcp-m tcp--sport 1024:65535-d 8.8.4.4--dport 53-m State--state new,established-j ACCEPT

#iptables-A output-p udp-m UDP--sport 1024:65535-d 8.8.8.8--dport 53-m State--state new,established-j ACCEPT

#iptables-A output-p udp-j REJECT

#/etc/rc.d/init.d/iptables Save

# Service Iptables Restart

#chkconfig iptables on

Open external and internal DNS port 53

Prohibit all other outbound UDP protocols

Boot boot iptables

In addition to note that the above code is because my server is Google's DNS to resolve, my server-side external access (in the server side of the Internet, it is necessary, if only a simple server, do not carry out Yum installation can not be used), So I open the access to 8.8.4.4 and 8.8.8.8, if you are not set up for Google DNS, then here's your own to modify to your DNS. What DNS is used can be queried in the following way