Linux/centos减轻/防止DDoS攻击的轻量级小程序,DDoS deflate软件防火墙[转]
DDoS deflate是一款Linux/centos减轻/防止ddos攻击的一个小程序,相当于软件防火墙。注意,此程序仅仅能抵御较低流量的攻击,大流量攻击连用了上百台高档服务器做了负载均衡的新浪都扛不住,何况一个小小的普通服务器或vps。对此程序不要期望过高。这里仅仅介绍一下,对于一些简单的软件攻击可能还有点作用。
CTOHOM制作的DDoS deflate一键安装脚本:
wget http://www.ctohome.com/linux-vps-pack/soft/ddos/ddos.sh;sh ddos.sh;
脚本做了什么?
- 默认将iptables防火墙作为拦截工具,并将并发数改成了60/秒就触发屏蔽IP
- 将本机IP都加入了IP白名单,然后强行不允许自动更新白名单列表。如果你需要修改IP白名单列表,请先执行 chattr -i /usr/local/ddos/ignore.ip.list 然后再vi进行修改
- 卸载:wget http://www.ctohome.com/linux-vps-pack/soft/ddos/uninstall.ddos;sh uninstall.ddos;
安装后,可以手工运行脚本
/usr/local/ddos/ddos.sh -k 30 强行屏蔽连接数大于30的IP 更多使用说明,请直接 more /usr/local/ddos/ddos.sh 查看
DDoS deflate介绍
DDoS deflate是一款免费的用来防御和减轻DDoS攻击的脚本。它通过netstat监测跟踪创建大量网络连接的IP地址,在检测到某个结点超过预设的限 制时,该程序会通过APF或IPTABLES禁止或阻挡这些IP.
DDoS deflate官方网站:http://deflate.medialayer.com/
如何确认是否受到DDOS攻击?
执行:
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
执行后,将会显示服务器上所有的每个IP多少个连接数。
以下是我自己用VPS测试的结果:
li88-99:~# netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
1 114.226.9.132
1 174.129.237.157
1 58.60.118.142
1 Address
1 servers)
2 118.26.131.78
3 123.125.1.202
3 220.248.43.119
4 117.36.231.253
4 119.162.46.124
6 219.140.232.128
8 220.181.61.31 VPS侦探 http://www.vpser.net/
2311 67.215.242.196 (这个看起来像攻击)
每个IP几个、十几个或几十个连接数都还算比较正常,如果像上面成百上千肯定就不正常了。
1、安装DDoS deflate
wget http://www.inetbase.com/scripts/ddos/install.sh //下载DDoS deflate chmod 0700 install.sh //添加权限 ./install.sh //执行
2、配置DDoS deflate
下面是DDoS deflate的默认配置位于/usr/local/ddos/ddos.conf ,内容如下:
##### Paths of the script and other files PROGDIR="/usr/local/ddos" PROG="/usr/local/ddos/ddos.sh" IGNORE_IP_LIST="/usr/local/ddos/ignore.ip.list" //IP地址白名单 CRON="/etc/cron.d/ddos.cron" //定时执行程序 APF="/etc/apf/apf" IPT="/sbin/iptables" ##### frequency in minutes for running the script ##### Caution: Every time this setting is changed, run the script with --cron ##### option so that the new frequency takes effect FREQ=1 //检查时间间隔,默认1分钟 ##### How many connections define a bad IP? Indicate that below. NO_OF_CONNECTIONS=150 //最大连接数,超过这个数IP就会被屏蔽,一般默认即可 ##### APF_BAN=1 (Make sure your APF version is atleast 0.96) ##### APF_BAN=0 (Uses iptables for banning ips instead of APF) APF_BAN=1 //使用APF还是iptables。推荐使用iptables,将APF_BAN的值改为0即可。 ##### KILL=0 (Bad IPs are'nt banned, good for interactive execution of script) ##### KILL=1 (Recommended setting) KILL=1 //是否屏蔽IP,默认即可 ##### An email is sent to the following address when an IP is banned. ##### Blank would suppress sending of mails EMAIL_TO="root" //当IP被屏蔽时给指定邮箱发送邮件,推荐使用,换成自己的邮箱即可 ##### Number of seconds the banned ip should remain in blacklist. BAN_PERIOD=600 //禁用IP时间,默认600秒,可根据情况调整
用户可根据给默认配置文件加上的注释提示内容,修改配置文件。
卸载
wget http://www.inetbase.com/scripts/ddos/uninstall.ddos chmod 0700 uninstall.ddos ./uninstall.ddos
白名单设置:
有时候默认的白名单经常有失误,为了避免这个情况,我们可以手工设置白名单的ip,然后强制不允许修改
vi /usr/local/ddos/ignore.ip.list
手工设置白名单IP
chattr +i /usr/local/ddos/ignore.ip.list
强制不允许修改
chattr -i /usr/local/ddos/ignore.ip.list
解除不允许修改
手工用iptables屏蔽IP:
单个IP的命令是
iptables -I INPUT -s 124.115.0.199 -j DROP
恢复单个IP:
iptables -D INPUT -s 124.115.0.199 -j DROP
封IP段的命令是
iptables -I INPUT -s 124.115.0.0/16 -j DROP
iptables -I INPUT -s 124.115.3.0/16 -j DROP
iptables -I INPUT -s 124.115.4.0/16 -j DROP
封整个段的命令是
iptables -I INPUT -s 124.115.0.0/8 -j DROP
封几个段的命令是
iptables -I INPUT -s 61.37.80.0/24 -j DROP
iptables -I INPUT -s 61.37.81.0/24 -j DROP
very nice post, i certainly love this web site, carry on it
If you’re still on the fence: grab your favorite earphones, head down to a Best Buy and ask to plug them into a Zune then an iPod and see which one sounds better to you, and which interface makes you smile more. Then you’ll know which is right for you.
[url=http://www.articles.biggooroo.com/forum.php?mod=viewthread&tid=96140&extra= ] topik [/url] rabeprazole clopidogrel
[url=http://www.shoppingsecure.com.au/forum/viewtopic.php?pid=255683#p255683 ] topik [/url] fda plavix ppi [url=http://myfreelancewritingexperiment.com/yabb/YaBB.pl?num=1333134428/0#0 ] topik [/url] clopidogrel brand name [url=http://www.rtguitars.co.uk/forum/viewtopic.php?f=2&t=504427 ] topik [/url] plavix trial [url=http://www.cnpetshop.com/bbs//viewthread.php?tid=1165228&extra= ] topik [/url] plavix drug interactions [url=http://chenjung.esportproject.de/1/showthread.php?358-%EF%F0%EE%F8%EB%EE%E5-%E2-%EF%FC%E5-amp&p=7924&posted=1#post7924 ] topik [/url] plavix and statins [url=http://forum.dyk.pl/viewtopic.php?f=31&t=217536 ] topik [/url] plavix bruising pictures [url=http://www.micromaths.ma/phpBB3/viewtopic.php?f=2&t=19896 ] topik [/url] clopidogrel nejm [url=http://www.oahutomaui.com/hawaiisuperferry/viewtopic.php?f=3&t=45004 ] topik [/url] plavix with prilosec [url=http://istinatazaalexei.com/forum/viewtopic.php?f=3&t=68773 ] topik [/url] plavix side effects bruising [url=http://dixonjason.com/forum/viewtopic.php?f=3&t=174519 ] topik [/url] plavix and aspirin [url=http://antholozik.hostonet.org/smf/index.php?topic=302554.new#new ] topik [/url] plavix [url=http://dglihe.l247.bizcn.com/bbs//viewthread.php?tid=63633&extra=page%3D1 ] topik [/url] how to get free plavix [url=http://www.ihdepatient.by/bb/viewtopic.php?f=7&t=72073 ] topik [/url] plavix discounts [url=http://www.sapciyiz.com/php/viewtopic.php?f=8&t=59697 ] topik [/url] side effects plavix [url=http://i.alittlevoice.org/bbs//viewthread.php?tid=61839&extra= ] topik [/url] plavix reversal for surgery [url=http://www.primeproduce.org/projectaisles/viewtopic.php?f=11&t=204767 ] topik [/url] clopidogrel drug classification [url=http://forum.paelzer-opels.de/viewtopic.php?f=50&t=13074 ] topik [/url] plavix side effects bleeding [url=http://newmodcity.com/forum/showthread.php?10966-plavix-and-aggrenox-together-NerCeaxbrooge&p=40410#post40410 ] topik [/url] plavix and tylenol
[url=http://www.oakleyoutlet-2012.com/]replica oakley sunglasses[/url] Oakley Ducati Scalpel Sunglasses Black Red Frame Grey Lens
[url=http://www.oakleyoutlet-2012.com/]fake oakley sunglasses[/url] Oakley Sideways Sunglasses Black Frame Blue Lenes
[url=http://www.oakleyoutlet-2012.com/]fake oakley[/url] Oakley Women TACA NECESSITY Sunglasses Purple
A common what exactly you need towards met the criteria can be an chronilogical age of 18 quite a few years or simply some older, British isles citizenship plus a employment of some kind. It is possible to access under L80 as well as around L1000 as long as you desire. Apply for a payday advance, and in most cases, you possess the cash lodged in your own balance in an lesson. Apply it for emergency situation auto and also residence car repairs, a cost you needed forgotten about, financing or even a night out or simply a weekend break holiday getaway. A number of people prevent the cash in reserve, according theirselves in which ‘just throughout case’ relief.http://financeblog4all.co.uk/
The Zune concentrates on being a Portable Media Player. Not a web browser. Not a game machine. Maybe in the future it’ll do even better in those areas, but for now it’s a fantastic way to organize and listen to your music and videos, and is without peer in that regard. The iPod’s strengths are its web browsing and apps. If those sound more compelling, perhaps it is your best choice.
This is getting a bit more subjective, but I much prefer the Zune Marketplace. The interface is colorful, has more flair, and some cool features like ‘Mixview’ that let you quickly see related albums, songs, or other users related to what you’re listening to. Clicking on one of those will center on that item, and another set of “neighbors” will come into view, allowing you to navigate around exploring by similar artists, songs, or users. Speaking of users, the Zune “Social” is also great fun, letting you find others with shared tastes and becoming friends with them. You then can listen to a playlist created based on an amalgamation of what all your friends are listening to, which is also enjoyable. Those concerned with privacy will be relieved to know you can prevent the public from seeing your personal listening habits if you so choose.
Hi there, I found your site via Google while looking for a related topic, your website came up, it looks great. I’ve bookmarked it in my google bookmarks.
I’m really impressed with your writing skills as well as with the layout on your blog. Is this a paid theme or did you modify it yourself? Anyway keep up the excellent quality writing, it’s rare to see a nice blog like this one today
yet another solid entry here. is it possible to cite some of your sources please? would definitely love to know exactly where you get your facts. anyway, good stuff.
The Zune concentrates on being a Portable Media Player. Not a web browser. Not a game machine. Maybe in the future it’ll do even better in those areas, but for now it’s a fantastic way to organize and listen to your music and videos, and is without peer in that regard. The iPod’s strengths are its web browsing and apps. If those sound more compelling, perhaps it is your best choice.
Hey there this is kind of of off topic but I was wondering if blogs use WYSIWYG editors or if you have to manually code with HTML. I’m starting a blog soon but have no coding skills so I wanted to get guidance from someone with experience. Any help would be greatly appreciated!
You should be a part of a contest for one of the most effective personal blogs on the web. I will recommend it all site!
Oh my goodness! a tremendous article dude. Thanks Nevertheless I am experiencing subject with ur rss . Don’t know why Unable to subscribe to it. Is there anyone getting similar rss problem? Anyone who knows kindly respond. Thnkx
good!OK!I like it!Nice!Thank you!
Hello there, You’ve done a great job. I’ll certainly digg it and personally recommend to my friends. I am confident they will be benefited from this website.
In no way believed that it absolutely was this simple in the end.
The next time I learn a blogs, I really hope that it doesnt disappoint me as much as this one. I mean, I know it’s my choice to read, but I really reckoned you may have some thing interesting to say. Most I learn is really a bunch of whining about something you might resolve if you werent as well busy looking for attention.
Keep running a blog. Anyway, many thanks and I look forward to posting once more sometime!
Excellent read, I just passed this onto a colleague who was doing some research on that. And he just bought me lunch since I found it for him smile Therefore let me rephrase that: Thank you for lunch!
a solid blog here. is it possible to cite more sources please? would like to know where you got your information. anyway[url=http://www.equote.com],[/url] good stuff.
You have made some good points there. I checked on the web for more info about the issue and found most individuals will go along with your views on this site.
It’s best to participate in a contest for one of the best blogs on the web. I’ll advocate this website!
I really love your site.. Excellent colors & theme. Did you create this amazing site yourself? Please reply back as I’m attempting to create my very own blog and want to find out where you got this from or what the theme is called. Appreciate it!
I would name your blog the dreamland! While Santa knocks at our door just once per year, you blog is open the whole year – wow!
[img]http://www.digiseller.ru/preview/58711/p1_90702103315740.jpg[/img]
Для желающих заработать на рынке Форекс не потребуется больших затрат времени и стартового капитала.
Многие брокеры проводят всевозможные бонусные акции и конкурсы на демо-счетах, в которых может принять участие любой желающий.
Так брокеры стимулируют появление на рынке новых талантливых трейдеров для взаимовыгодных отношений.
[url=http://www.brokersearch.ru/]самый крупный форекс брокер[/url]
[url=http://www.brokersearch.ru/en/companynews|brokersearch/fbsmakedepositwithpaymentcard.html]fbs deposit card[/url]
[url=http://www.brokersearch.ru/aktsiiibonusyi|poiskbrokera/bezdepozitnyiebonusyi.html]бездепозитный бонус форекс 100 долларов[/url]
[url=http://www.brokersearch.ru/novosti|poiskbrokera/statusgolddlyavip-klientovroboforex.html]торговая система голд[/url]
prix cialis
If you believed New Orleans Saints linebacker Jonathan Vilma would definitely take his year-long suspension for his alleged part with the Saints’ bounty scandal relaxing ..!well, re-examine.Just one day after the Saints got a full day in front of an arbitrator to appeal their penalties, Vilma filed a case in the United States District Court! Eastern District of Louisiana against NFL Commissioner Roger Goodell (bad the NFL as an entity).The suit claims that “Goodell! speaking publicly about certain Saints executives! coaches and players! when considering purported efforts intended to injure opposing players! publisised statements concerning Vilma that have been false. defamatory and injurious to Vilma’s personal and professional reputation.”The suit blogs about the public statements Goodell has produced about Vilma coupled with Saints players.
coaches and executives. but it gets specific about statements made about Vilma.Incase that is true, this is where things may sticky just for the NFL! especially since Goodell reports that he can make some of the evidence public record at some point in time.Players and NFLPA are clearly aggravated from what they perceive to become or stay Goodell’s continuing efforts to try this case problem of public opinion! while denying those accused and penalized the precise and ability to review the evidence and statements against them.