script##### Caution: Every time this setting is changed, run the script with -- Cron##### Option so that the new frequency takes effectFreq = 1 // check interval. The default value is 1 minute.
##### How many connections define a bad Ip? Indicate that below.No_of_connections = 150 // The maximum number of connections. IP addresses exceeding this value will be blocked. Generally, the default value is enoug
The internet is rich and colorful, basically able to find the resources we need, but also because so many friends are joined to the ranks of the webmaster. Among the many stationmaster also can exist infighting thing. In particular, our personal webmaster, due to limited technical and financial resources, very easy to use on the host, VPS after the attack did not have the ability to defend, leading to our host or VPS to our account suspension,
Ddos-deflate is a very small tool for defense and mitigation of DDoS attacks, which can be tracked by monitoring netstat to create IP address information for a large number of Internet connections, by blocking or blocking these very IP addresses via APF or iptables.We can use
running the script##### caution:every time this setting was changed, run the script with--c ron##### option so the the new frequency takes effectfreq=1//check interval, default 1 minutes ##### How many connections define a Bad IP? Indicate that below.no_of_connections=150//maximum number of connections, more than this number of IP will be blocked, the general default can be ##### apf_ban=1 (make sure your
below.no_of_connections=150//Maximum number of connections, more than this number of IP will be blocked, the general default can be ##### apf_ban=1 (Make sure your APF version is atleast 0.96)##### apf_ban=0 (Uses iptables for banning IPs instead of APF)Apf_ban=1//using APF or iptables. It is recommended to use Iptables to change the value of Apf_ban to 0. ##### kill=0 (Bad IPs are ' NT banned, good for in
The internet is rich and colorful, basically able to find the resources we need, but also because so many friends are joined to the ranks of the webmaster. Among the many stationmaster also can exist infighting thing. In particular, our personal webmaster, due to limited technical and financial resources, very easy to use on the host, VPS after the attack did not have the ability to defend, leading to our host or VPS to our account suspension,
1. Limit the number of IP connections to 80 ports to a maximum of 10, which can be customized.
The code is as follows
Copy Code
Iptables-i input-p TCP--dport 80-m connlimit--connlimit-above 10-j DROP
2. Use the recent module to limit the number of new requests in the same IP time, recent more features please refer to
Comments: Distributed Denial of Service (DDoS) attacks are common and difficult to prevent by hackers. Distributed Denial of Service (DDoS) attacks are all called Distributed Denial of Service) it is an attack that hackers often use and cannot prevent. Its English name is Distributed Denial of Service 。DDoS is a networ
This function is used to count how many times each visitor has visited in a short period of time, and returns true if the number of times limit is exceeded, after which you can use PHP to call Linux iptables for blocking operations.I've used several DDoS-like tools to actually test it, and it works really well.By the way, I use files in the code to record the vis
suddenly rise, looked at the ranking, "Wu Move the Universe" This word incredibly to the Baidu home page, so in the article inserted links, many sites to collect, get a lot of outside the chain.
By March, the site incredibly to the second home page Baidu, although only persisted for three days, immediately fell to the fifth, but those days every day has 100,000 IP, at that time cut a map (with the plug-in of shielding ads, so no promotional links).
This article introduces how Iptables limits the number of connections of the same IP address in linux to prevent CC/DDOS attacks. This is only the most basic method. If the attack is real, we still need hardware compaction to prevent it.
1. Set the maximum number of connections to port 80 to 10, which can be customized.
The Code is as follows:
Copy code
Iptables-I INPUT-p tcp -- dpor
1. Limit the maximum number of IP connections to a 80-port connection to 10, which can be customized to modify.
The code is as follows
Copy Code
Iptables-i input-p TCP--dport 80-m connlimit--connlimit-above DROP
2. Use the recent module to limit the number of new requests connected to the same IP time, recent more features p
Use Nginx and Nginx Plus to prevent DDoS attacks
Distributed Denial of Service (DDoS) attacks) it refers to an attack that uses multiple machines to send a large number of seemingly legitimate data packets to a service or website, blocking the network, exhausting resources, and thus failing to provide normal services to normal users. With the increase of Internet
-INPUT-m state? StateNEW-m tcp-p tcp? Dport 22-j ACCEPT
II. anti-DDOS script
# Lightweight prevention against SYN attacks
Iptables-N syn-flood (if your firewall is configured with ": syn-flood? [0: 0] "This item is not allowed because it is repeated)
Iptables-a input-p tcp? Syn-j syn-flood
Iptables-I syn-flood-p tcp-m limit
? Limit 3/s? Limit-burst 6
-J RETURN
Iptables-A syn-flood-j REJECT
# Prevent too many DOS connections. you can allow up to 15 in
the Guard module is not subject to DDOS attacks, the Guard module is in sleep or Offline state. When the Detector receives a message sent to a protected terminal, it determines the attack through algorithm analysis and policy matching. In this case, the Detector will establish a connection with Guard using SSH, and activate Guard to protect the terminal. Guard will also analyze policies and algorithms, give appropriate solutions to discard illegal da
apache program. Temporary directory of Lock Mechanism# WhitelistDOSWhiteList 127.0.0.1DOSWhiteList 192.168.12 .*If you do not know where to insert these data, you can use the following method;Create a file in the/etc directory, such as mod_evasive.conf;# Touch/etc/mod_evasive.confAdd the corresponding content according to your Apache version;Next, modify httpd. conf and add it to the last line.Include/etc/mod_evasive.confAfter modification, restart t
think the outbound traffic can easily reach the Gpbs level, and the inbound traffic can also reach 50-Mbps. It can be imagined that if multiple attackers use this method to attack a website at the same time, how much traffic will be there. At the same time, because Google uses multiple IP addresses for crawling, it is difficult to prevent this type of GET flood attacks, and it is easy to sustained attacks
-nList the number of tcp and udp connections to the serverNetstat-ntu | grep ESTAB | awk '{print $5}' | cut-d:-f1 | sort | uniq-c | sort-nrCheck the ESTABLISHED connection instead of all connections, which can be the number of connections per ip address.Netstat-plan | grep: 80 | awk {'print $ 5'} | cut-d:-f 1 | sort | uniq-c | sort-nk 1Displays and lists the IP addresses and connections to port 80. 80 is us
IP addresses and connections to port 80. 80 is used as HTTP
How to mitigate DDoS attacks
When you find that the IP address of your server is attacked, you can use the following command to close their connection:
Iptables-a input 1-s $ IPADRESS-j DROP/REJECT
Please note that you must replace $ IPADRESS with the number
The installation, configuration, and usage of the Apache anti-DDOS module mod_evasive were slow when a friend's website was accessed the previous day. The number of connections to the server was not large, and the resource usage was also small. if you suspect that there is an attack, install mod_evasive and try again. After the test, everything works properly. The installation configuration is as follows: wgethttp: www. zdziarski. comblogwp-contentupl
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.