Preface
As in the real world, the Internet is full of intrigue. Website DDoS attacks have become the biggest headache for webmasters. In the absence of hardware protection, finding a software alternative is the most direct method. For example, iptables is used, but iptables cannot be automatically blocked and can only be manually shielded. Today we are talking about a software that can automatically block the
, point add, a filter name, description, etc. (Here I fill in the Cutip) and click Add ... Next, there will be the IP filter description and Mirroring Properties dialog box, described at random, but the important thing is to put the mirror. Match the source address and the destination address exactly the opposite of the packet. (For safety, we want to check both forward and reverse packages simultaneously).
The most important place to come, in the pr
Test system: CENTOS7
Modify the connection port to modify the configuration file
vi /etc/ssh/sshd_config
Remove the comment from Port 22 to add a new port configurationport your_port_num
Custom port selection recommended on the million-bit ports (e.g., 10000-65535)
Do not delete port 22 directly, so as not to forget the new SSH port or the port is not accessible, we can continue to access SSH, save and exitTo restart the SSH configuration
service sshd re
Introduction to DDoS Deflate
DDoS deflate is a free script for defending and mitigating DDoS attacks. It creates an IP address for a large number of network connections through Netstat monitoring trails that prohibit or block these IPs through APF or iptables when a node is detected that exceeds the preset limit.
1. Limit the number of IP connections to 80 ports to a maximum of 10, which can be customized.
The code is as follows
Copy Code
Iptables-i input-p TCP--dport 80-m connlimit--connlimit-above 10-j DROP
2. Use the recent module to limit the number of new requests in the same IP time, recent more features please refer to: Iptables Module recent application.
This function is used to count how many times each visitor has visited in a short period of time, and returns true if the number of times limit is exceeded, after which you can use PHP to call Linux iptables for blocking operations.I've used several DDoS-like tools to actually test it, and it works really well.By the way, I use files in the code to record the visitor's IP and time, it is best not using the
suddenly rise, looked at the ranking, "Wu Move the Universe" This word incredibly to the Baidu home page, so in the article inserted links, many sites to collect, get a lot of outside the chain.
By March, the site incredibly to the second home page Baidu, although only persisted for three days, immediately fell to the fifth, but those days every day has 100,000 IP, at that time cut a map (with the plug-in of shielding ads, so no promotional links).
Comments: Distributed Denial of Service (DDoS) attacks are common and difficult to prevent by hackers. Distributed Denial of Service (DDoS) attacks are all called Distributed Denial of Service) it is an attack that hackers often use and cannot prevent. Its English name is Distributed Denial of Service 。DDoS is a network attack that uses reasonable service request
[email protected] ~]# cat fw.sh#!/bin/bashCat/var/log/nginx/access.log|awk-f ":" ' {print $} ' |sort|uniq-c|sort-rn|head-10|grep-v "127.0" |awk ' {if ($2!=null A mp; $1>4) {print $}} ' >/tmp/dropipFor I in $ (CAT/TMP/DROPIP)Do/sbin/iptables-a input-p TCP--dport 80-s $i-j DROPecho "$i kill at Date" >>/var/log/ddosDoneScript Annotations:First look at the log file, awk filter out the first column of IP, and sort, go to heavy, then reverse sort, filter ou
This vulnerability is not considered a vulnerability. However, the impact scope is extremely great. Currently, CDN, such as jiasule, website guard, Baidu cloud acceleration, and quickshield, are playing a great role ~, Various anti-DDOS and CC defenses ~, However, this cave can ignore the CDN defense and implement intrusion and traffic attacks. After thinking for a long time, I have not found a solution ~ You can only submit the CDN vendor.
1. First,
This article introduces how Iptables limits the number of connections of the same IP address in linux to prevent CC/DDOS attacks. This is only the most basic method. If the attack is real, we still need hardware compaction to prevent it.
1. Set the maximum number of connections to port 80 to 10, which can be customized.
The Code is as follows:
Copy code
Iptables-I INPUT-p tcp -- dpor
1. Limit the maximum number of IP connections to a 80-port connection to 10, which can be customized to modify.
The code is as follows
Copy Code
Iptables-i input-p TCP--dport 80-m connlimit--connlimit-above DROP
2. Use the recent module to limit the number of new requests connected to the same IP time, recent more features please refer to: Iptables Module recent applic
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.