防DDOS攻击解决方案
#这里我们使用qq邮箱作为收件方 vim /etc/mail.rc set bsdcompat set from=xx@qq.com #收件名字 set smtp=smtp.qq.com #smtp地址 set smtp-auth-user=xx@qq.com #收件地址 set smtp-auth-password=xxxxxxx #smtp验证码,在qq邮箱操作,通过手机发送信息获取验证码 set smtp-auth=login #测试 echo "邮件测试(测试内容)" | mail -s "测试结果(主题)" xx@qq.com
防ddos脚本:
#!/bin/bash ############################################### #脚本思路 #1.获取主机连接ip,并进行排序放入文件 #2.判断ip连接数是否超过阈值 #3.超过就在iptables添加禁止连接策略 #4.判断iptables里是否存在该策略,存在就不执行,不存在就执行策略 ############################################### ddos(){ #连接成功主机客户端数量和ip res=/server/scripts/ip_conn.txt #添加白名单 white_list=/server/scripts/white_list.txt ifconfig=`ifconfig eth0 | grep \'inet\' | awk -F "[ ]+" \'{print $3}\'` #取出ip覆盖ip_conn.txt awk -F "[ :]+" \'/^tcp/ && /ESTABLISHED/{print $6}\' /root/netstat.log | sort | uniq -c | sort -rn > $res while read cnt ip do if [ $cnt -gt 2 ] && [ `iptables -nL | grep -wc "$ip"` -eq 0 ] then if grep $ip $white_list then echo "" else iptables -D INPUT -s $ip -j DROP iptables -I INPUT -s $ip -j DROP echo "在 $ifconfig 主机中 iptables -D INPUT -s $ip -j DROP 防ddos攻击策略被创建,请检查服务器" | mail -s "ddos攻击警告" 1354586675@qq.com fi fi done<$res } while true do sleep 10 ddos done
执行脚本:
#后台运行脚本 sh /server/scripts/netstat.sh & #查看运行状态 jobs
wget http://www.inetbase.com/scripts/ddos/install.sh chmod 700 install.sh ./install.sh
Uninstallation 卸载:
wget http://www.inetbase.com/scripts/ddos/uninstall.ddos chmod 0700 uninstall.ddos ./uninstall.ddos
DDoS deflate安装路径:
ls /usr/local/ddos/ 配置文件: ls /usr/local/ddos/ddos.conf /usr/local/ddos/ddos.conf #白名单 cat /usr/local/ddos/ignore.ip.list 127.0.0.1 vim /usr/local/ddos/ddos.conf ##### Paths of the script and other files PROGDIR="/usr/local/ddos" PROG="/usr/local/ddos/ddos.sh" IGNORE_IP_LIST="/usr/local/ddos/ignore.ip.list" CRON="/etc/cron.d/ddos.cron" APF="/etc/apf/apf" IPT="/sbin/iptables" ##### frequency in minutes for running the script ##### Caution: Every time this setting is changed, run the script with --cron ##### option so that the new frequency takes effect #检查时间间隔,默认一分钟 FREQ=1 ##### How many connections define a bad IP? Indicate that below. #最大连接数,超过这个数ip就会屏蔽掉,一般默认即可 NO_OF_CONNECTIONS=150 ##### APF_BAN=1 (Make sure your APF version is atleast 0.96) ##### APF_BAN=0 (Uses iptables for banning ips instead of APF) #使用APF还是iptables。推荐使用iptables,将APF_BAN的值改为0即可。 APF_BAN=1 #APF_BAN=0 ##### KILL=0 (Bad IPs are\'nt banned, good for interactive execution of script) ##### KILL=1 (Recommended setting) #是否屏蔽ip,默认即可 KILL=1 ##### An email is sent to the following address when an IP is banned. ##### Blank would suppress sending of mails #当ip被屏蔽时给指定邮箱发送邮件报警,换成自己的邮箱 EMAIL_TO=xxxx@qq.com ##### Number of seconds the banned ip should remain in blacklist. #禁用ip时间,默认600秒,可根据情况调整 BAN_PERIOD=600
开启防火墙:
systemctl start firewalld.service #添加规则 firewall-cmd --zone=pubilc --query-prot=80/tcp #刷新策略 firewall-cmd --reload #检查是否生效 firewall-cmd --zone=public --query-port=80/tcp
测试:
#防ddos主机上安装nginx yum install nginx -y systemctl start nginx #压测主机 yum install httpd-tools -y ab -n 10000 -c 100 http://主机名/index.html
版权声明:本文为Mercury-linux原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。