Detailed steps are as follows:
1. Open Management Tools ... Local Security Policy ... Right-click IP Security Policy, on the local computer ... Create IP Security Policy ... Right-click to manage IP filter tables and filter actions ... Select the Admin filter Action Bar, click Add, filter action name, (here we fill in the name of the rejection) next, will appear in a set filter action General option block, click Next to finish, and then close.
2. Ri
Analysis of PHP programs to prevent ddos, dns, and cluster server attacks. To put it bluntly, copy the code as follows :? Php query prohibited IP $ ip $ _ SERVER [REMOTE_ADDR]; $ fileht. htaccess2; if (! File_exists ($ fileht) file_put_contents ($ fileht, not much nonsense, on the code
The code is as follows:
// Query the forbidden IP address$ Ip = $ _ SERVER ['remote _ ADDR '];$ Fileht = ". htaccess2 "
First, we use the most famous RedHat Linux for testing the configuration method of the client and server we use to attack. In this attack test, I use fedora core3, the software uses the most famous DDoS attack tool TFN2k Linux. The attacked Windows server system uses the apache2 ftp vnc enabled by windows2000server service, which is not closely related to Apache attacks.
Start to set up the server.
0. D
current number of TCP connectionsNetstat-n | awk '/^tcp/{++s[$NF]} END {for (a in S) print A, s[a]} 'Time_wait 51Fin_wait1 5Established 155SYN_RECV 12Although this will allow Nginx to process only one request a second, but there will still be a lot of waiting in the queue to handle, which will also occupy a lot of TCP connections, from the results of the above command can be seen.What if it does?Limit_req Zone=req_one burst=120 Nodelay;A request that exceeds burst size after Nodelay will return
causes a large number of TCP connection requests to wait .http{. #定义一个名为allips的limit_req_zone used to store session, size is 10M memory, #以 $binary _remote_addr to key, limit the average request per second to 20 , #1M能存储16000个状态, the value of Rete must be an integer, #如果限制两秒钟一个请求, can be set to 30r/m limit_req_zone $binary _remote_addr zone=allips:10m rate=000/ s; server{... location {... #限制每ip每秒不超过20个请求, the number of leaky barrels burst is 5 #brust的意思就是, as Fruit 1 seconds,2,3, the 4-second
This article provides a detailed analysis of PHP programs to prevent ddos, dns, and cluster server attacks.
The code is as follows:
// Query the forbidden IP address$ Ip = $ _ SERVER ['remote _ ADDR '];$ Fileht = ". htaccess2 ";If (! File_exists ($ fileht ))File_put_contents ($ fileht ,"");$ Filehtarr = @ file ($ fileht );If (in_array ($ ip. "\ r \ n", $ filehtarr ))Die ("Warning :".""." Your IP address
1, a traffic attack , mainly for the network bandwidth attack, that is, a large number of attack packets causing network bandwidth is blocked, legitimate network packets are buried by a false attack packet can not reach the host;2, another resource exhaustion attack , mainly for the server host attack, that is, through a large number of attack packets caused the host's memory is exhausted or CPU by the kernel and the application to complete the network service is not available.Reference: http://
Connect VPS Enter First command
Netstat-anp |awk ' {print $} ' |sort|uniq-c |sort-rn
Here we look at Syn_recv these, see his connection number is not high, good hundreds of, it is possible to be DDoS
The next trace is from which IP emits syn
directive: Netstat-an | grep SYN | awk ' {print $} ' | Awk-f: ' {print $} ' | Sort | uniq-c | Sort-nr | More
Next, keep looking, input instructions.
Netstat-ntu | grep SYN | awk ' {print $} ' | Cut-d:-f1 | S
[email protected] ~]# cat fw.sh#!/bin/bashCat/var/log/nginx/access.log|awk-f ":" ' {print $} ' |sort|uniq-c|sort-rn|head-10|grep-v "127.0" |awk ' {if ($2!=null A mp; $1>4) {print $}} ' >/tmp/dropipFor I in $ (CAT/TMP/DROPIP)Do/sbin/iptables-a input-p TCP--dport 80-s $i-j DROPecho "$i kill at Date" >>/var/log/ddosDoneScript Annotations:First look at the log file, awk filter out the first column of IP, and sort, go to heavy, then reverse sort, filter out the top 10 IP, exclude 127.0 IP, and then f
Attack in this series, we will explore comprehensively how to block SQL injection attacks in the PHP development environment and give a specific development example.
first, the introduction
PHP is a powerful but fairly easy to learn server-side scripting language that even inexperienced programmers can use to create complex, dynamic Web sites. However, it often has many difficulties in achieving the
Layer-3 switches are quite common, So I studied how layer-3 switches fully Block DoS attacks. Here I will share with you, hoping to help you. Although global network security experts are developing methods to defend against DoS attacks, DoS attacks are ineffective because they exploit the weakness of TCP protocol. Conf
. Taking the shock wave virus as an example, as long as the infected host detects that the Network is available, it will start an attack propagation thread and generate attack addresses randomly to launch attacks. In the phase of severe shock wave attacks, the network speed slows down significantly. Some access layer switches and some small routers even crash, and the CPU usage of the core layer-3 switch re
In this series of articles, we will explore comprehensively how to block SQL injection attacks in the PHP development environment and give a specific development example.
First, the introduction
PHP is a powerful but fairly easy to learn server-side scripting language that even inexperienced programmers can use to create complex, dynamic Web sites. However, it often has many difficulties in achieving the se
The access layer switch has the traffic control function, but it can only limit the speed of all types of traffic passing through the port. The function is not completely functional. Using packet capture tools, I often capture large-volume abnormal packets. On the one hand, they consume network bandwidth, on the other hand, they consume resources of network devices, affecting the normal operation of the network.
Unicast abnormal packets: Most unicast traffic is sent to the Gateway. The gateway d
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.