This article introduces how Iptables limits the number of connections of the same IP address in linux to prevent CC/DDOS attacks. This is only the most basic method. If the attack is real, we still need hardware compaction to prevent it.
1. Set the maximum number of connections to port 80 to 10, which can be customized.
The Code is as follows:
Copy c
Preface
As in the real world, the Internet is full of intrigue. Website DDoS attacks have become the biggest headache for webmasters. In the absence of hardware protection, finding a software alternative is the most direct method. For example, iptables is used, but iptables cannot be automatically blocked and can only be manually shielded. Today we are talking about a software that can automatically block the
/*Create table 'db _ online '('IP' char (20) default NULL,'Time' char (20) not null default '','Name' char (200) not null default 'tourists') TYPE = MyISAM*/// Roughly calculate the online time. If the ip address is the same (Lan> external network), only one person is record
IP Address | web | show | online | number
Features: Displays the current number of online Web pages and IP addresses.
Methods: The current Web page online IP
Find the IP address of the online host so that the other host has nowhere to hide!GuideYou can find many network monitoring tools in the Linux ecosystem. They can generate summaries of all devices in the network, including their IP addresses. However, in fact, sometimes you only need a simple command line tool to run a
/*
Create Table 'db _ online '('IP' char (20) default null,'Time' char (20) not null default '','Name' char (200) not null default 'tourists') Type = MyISAM
*/
// Roughly calculate the online time. If the IP address is the same (Lan> external network), only one person i
Provides various official and user-released code examples. For code reference, you are welcome to learn about the weather, online computing, Domain Name Information Query, ip address attribution, and mobile phone number attribution.
At this point, the interfaces provided on the http://api.ajaxsns.com/have basically been completed by me. Record the remaining inte
, point add, a filter name, description, etc. (Here I fill in the Cutip) and click Add ... Next, there will be the IP filter description and Mirroring Properties dialog box, described at random, but the important thing is to put the mirror. Match the source address and the destination address exactly the opposite of the packet. (For safety, we want to check both
against and mitigate DDoS attacks. It uses netstat monitoring to track the creation of IP addresses for a large number of network connections, which are banned or blocked by APF or iptables when a node is detected that exceeds a preset limit.Determine if a DDoS attack is a risk
netstat -ntu | awk ‘{print $5}‘ | cut -d: -f1 | sort | uniq -c | sort -n
Introduction to DDoS Deflate
DDoS deflate is a free script for defending and mitigating DDoS attacks. It creates an IP address for a large number of network connections through Netstat monitoring trails that prohibit or block these IPs through APF or iptables when a node is
suddenly rise, looked at the ranking, "Wu Move the Universe" This word incredibly to the Baidu home page, so in the article inserted links, many sites to collect, get a lot of outside the chain.
By March, the site incredibly to the second home page Baidu, although only persisted for three days, immediately fell to the fifth, but those days every day has 100,000 IP, at that time cut a map (with the plug-in of shielding ads, so no promotional links).
Comments: Distributed Denial of Service (DDoS) attacks are common and difficult to prevent by hackers. Distributed Denial of Service (DDoS) attacks are all called Distributed Denial of Service) it is an attack that hackers often use and cannot prevent. Its English name is Distributed Denial of Service 。DDoS is a network attack that uses reasonable service request
[email protected] ~]# cat fw.sh#!/bin/bashCat/var/log/nginx/access.log|awk-f ":" ' {print $} ' |sort|uniq-c|sort-rn|head-10|grep-v "127.0" |awk ' {if ($2!=null A mp; $1>4) {print $}} ' >/tmp/dropipFor I in $ (CAT/TMP/DROPIP)Do/sbin/iptables-a input-p TCP--dport 80-s $i-j DROPecho "$i kill at Date" >>/var/log/ddosDoneScript Annotations:First look at the log file, awk filter out the first column of IP, and sort, go to heavy, then reverse sort, filter ou
TCP connection:
1 Webuià high-grade equipment à group, set up a team "all" (can be customized title), including the entire network segment of all IP address (192.168.0.1--192.168.0.254).
Attention: Here the user LAN segment is 192.168.0.0/24, the user should be based on the actual use of IP address segment for group
This vulnerability is not considered a vulnerability. However, the impact scope is extremely great. Currently, CDN, such as jiasule, website guard, Baidu cloud acceleration, and quickshield, are playing a great role ~, Various anti-DDOS and CC defenses ~, However, this cave can ignore the CDN defense and implement intrusion and traffic attacks. After thinking for a long time, I have not found a solution ~ You can only submit the CDN vendor.
1. First,
Why do you want to bind IP? Can you specify the IP can not be on the network? The reason to bind IP is because he will change the IP. For example, I am the IP on this computer is 192.168.1.11 this IP has been done in the firewall
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.