Use iptables to prevent Php-ddos external contract

Recently a period of time php-ddos flooding, a period of time before the VPS was hackers hanging horse, a few months of traffic ran hundreds of G, a bit of doubt is being used to php-ddos, so today reinstall the VPS system and reconfigure the environment.
Under the use of Iptables, from the root causes of the ban on Php-ddos external contract.

disable sending UDP packets out of the machine

One, allow ports that require UDP services (such as DNS)

The code is as follows	Copy Code
Iptables-i output-p UDP--dport 53-d 8.8.8.8-j ACCEPT

Green "53", for DNS required UDP port, the yellow "8.8.8.8" part of the DNS IP, according to your server settings, if you do not know your current server to use the DNS IP, you can execute the following command in SSH to obtain:

The code is as follows	Copy Code
cat/etc/resolv.conf |grep nameserver |awk ' nr==1{print $} '

Second, prohibit the machine to send the UDP packet outside

The code is as follows	Copy Code
Iptables-a output-p udp-j DROP

The whole process

The code is as follows	Copy Code
Iptables-i output-p udp–dport 53-d 8.8.8.8-j ACCEPT Iptables-a output-p udp-j DROP Iptables-save >/etc/iptables-script Echo '/sbin/iptables-restore/etc/iptables-script ' >>/etc/rc.d/rc.local Service Iptables Save Reboot Service Iptables Status

If you are Windows system can refer to Windows prohibit the server outsourcing method: http://www.111cn.net/sys/Windows/49741.htm