Read about how to prevent ddos attack for morons, The latest news, videos, and discussion topics about how to prevent ddos attack for morons from alibabacloud.com
Introduction: On the network, the Linux server is a great way, but also the attack. This article will describe the NTP attack problem encountered in practice and the corresponding solution.
1. Scene description
Aliyun on the ECS, over a period of time, frequent alarm, said the traffic is too large, the DDoS attack, the
block it.Isomorphism the following command to block IP or any other specific IP:Route add IPAddress RejectOnce you have organized a specific IP access on the server, you can check it to prevent tofu from being effective.By using the following command:Route-n |grep IPaddressYou can also block the specified IP with iptables by using the following command.Iptables-a INPUT 1-s ipadress-j drop/rejectService Iptables RestartService Iptables SaveAfter the a
anomalous incursion based on illegal data.
The barrier anomaly is based on anomalies that are not normally disposed of by warehouses (even if they are completely legal from a normative point of view). The famous "Ping of Death" is about the massive (but still legitimate) ICMP Echo solicitation packet. If the packet has the same source address, policy address and port, it is still legal, but it is harmful to the IP protocol stack. Stale land incursions have revitalized become imland and are dam
1, ensure the security of the server systemThe first step is to ensure that the server software does not have any vulnerabilities to prevent attackers from invading. Make sure the server is up to date with the latest system and security patches. Remove unused services on the server and close unused ports. For Web sites running on the server, make sure that they have the latest patches and no security holes.2. Hide the server real IPServer front-end pl
Ten security policies to prevent DDoS attacks
This article is provided by the famous German hacker Mixter (only 20 years old) who compiled Distributed Denial-of-Service attack tools TFN and TFN2k (these tools were used to attack large websites such as Yahoo.To put it simply, it is very complicated to master all the ca
Reference for methods to prevent malicious ddos attacks in php
This article introduces a simple method to prevent ddos attacks in php programming. For more information, see.We know that a denial-of-service attack means that a
Anti-DDoS: CC attack defense system deployment1. System effect this DDOS Application Layer defense system has been deployed on the http://www.yfdc.org site (if access fails, please directly access the server in China http: // 121.42.45.55 for online testing ). The defense system is at the application layer, which effectively prevents the abuse of server resources
, portals, large e-commerce and securities companies, IRC servers, and news and magazines. If the website does not belong to this type of website, you do not have to worry too much about becoming a direct target for DoS attacks.
2. Ask for assistance and cooperation with ISP
It is important to obtain assistance and cooperation from your major Internet Service Provider (ISP. Distributed Denial-of-Service (DDoS) attacks consume bandwidth, and you cannot
Use PHP code to call sockets and directly use the server's network to attack other IP addresses. Previously I encountered this problem in apache, today we will talk about how to prevent php ddos attacks from occupying the network bandwidth and server resources in iis.
Common php ddos code is as follows:
The C
An example of iptables anti-DDoS method
Mitigating DDoS attacks#防止SYN攻击, lightweight prevention
Iptables-n Syn-floodIptables-a input-p tcp–syn-j Syn-floodIptables-i syn-flood-p tcp-m limit–limit 3/s–limit-burst 6-j returnIptables-a syn-flood-j REJECT
#防止DOS太多连接进来, you can allow the external network card to each IP up to 15 initial connections, over the discarded
Iptables-a input-i eth0-p tcp–syn-m connl
your site has been exploited by attackers. in the input box, enter your domain name, the scan tool will find in their log files whether your website is in the log file of this attack. if your domain name does not appear, congratulations, your website has not attacked others.
How to prevent exploitation by attackers
At present, the WordPress official team is wondering whether the Akismet plug-in can be used
basic:
* Close Unnecessary services
* Limit the number of concurrently open SYN semi-connections
* Shorten time out of SYN semi-connection
* Update system patches in time------------* Closure of unnecessary services;* Modify the number of connections from the default value of 128 or 512 to 2048 or greater to increase the length of each processing packet queue to mitigate and digest more packet connections;* Set the connection timeout to a shorter time to ensure the normal packet connection, shi
AdjustTCP ParametersPrevent DDoS attacks
VM service providers may be attacked by hackers during operation. Common attacks include SYN and DDoS attacks. By changing the IP address, it is possible to find the attacked site to avoid the attack, but the service interruption takes a long time. A thorough solution is to add a hardware firewall. However, hardware fire
This article introduces how Iptables limits the number of connections of the same IP address in linux to prevent CC/DDOS attacks. This is only the most basic method. If the attack is real, we still need hardware compaction to prevent it.
1. Set the maximum number of connections to port 80 to 10, which can be customized
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.