• 防DDOS攻击解决方案


    脚本方式

    配置邮件:

    #这里我们使用qq邮箱作为收件方
    vim /etc/mail.rc
    set bsdcompat
    set from=xx@qq.com #收件名字
    set smtp=smtp.qq.com  #smtp地址
    set smtp-auth-user=xx@qq.com  #收件地址  
    set smtp-auth-password=xxxxxxx  #smtp验证码,在qq邮箱操作,通过手机发送信息获取验证码
    set smtp-auth=login
    
    
    #测试
    echo "邮件测试(测试内容)" | mail -s "测试结果(主题)" xx@qq.com

    防ddos脚本:

    #!/bin/bash
    ###############################################
    #脚本思路
    #1.获取主机连接ip,并进行排序放入文件
    #2.判断ip连接数是否超过阈值
    #3.超过就在iptables添加禁止连接策略
    #4.判断iptables里是否存在该策略,存在就不执行,不存在就执行策略
    ###############################################
    ddos(){
    #连接成功主机客户端数量和ip
    res=/server/scripts/ip_conn.txt
    #添加白名单
    white_list=/server/scripts/white_list.txt  
    ifconfig=`ifconfig  eth0 | grep 'inet' | awk -F "[ ]+" '{print $3}'`
    #取出ip覆盖ip_conn.txt 
    awk -F "[ :]+" '/^tcp/ && /ESTABLISHED/{print $6}' /root/netstat.log  | sort | uniq -c | sort -rn > $res
    while read cnt ip
    do
        if [ $cnt -gt 2 ] && [ `iptables -nL | grep -wc "$ip"` -eq 0 ]
        then
            if grep $ip $white_list
            then
                echo ""
            else 
                iptables -D  INPUT -s $ip -j DROP
                iptables -I  INPUT -s $ip -j DROP
                echo "在 $ifconfig 主机中 iptables -D INPUT -s  $ip -j DROP 防ddos攻击策略被创建,请检查服务器" | mail -s "ddos攻击警告" 1354586675@qq.com
            fi
        fi
    done<$res
    }
    while true
    do
        sleep 10
        ddos
    done

    执行脚本:

    #后台运行脚本
    sh /server/scripts/netstat.sh &
    
    #查看运行状态
    jobs

    DDOS dedlate

    Installation 安装:

    wget http://www.inetbase.com/scripts/ddos/install.sh
    chmod 700 install.sh
    ./install.sh

    Uninstallation 卸载:

    wget http://www.inetbase.com/scripts/ddos/uninstall.ddos 
    chmod 0700 uninstall.ddos 
    ./uninstall.ddos

    DDoS deflate安装路径:

    ls /usr/local/ddos/
    配置文件:
    ls /usr/local/ddos/ddos.conf
    /usr/local/ddos/ddos.conf
    
    #白名单
    cat /usr/local/ddos/ignore.ip.list
    127.0.0.1
    
    vim /usr/local/ddos/ddos.conf
    ##### Paths of the script and other files
    PROGDIR="/usr/local/ddos"
    PROG="/usr/local/ddos/ddos.sh"
    IGNORE_IP_LIST="/usr/local/ddos/ignore.ip.list"
    CRON="/etc/cron.d/ddos.cron"
    APF="/etc/apf/apf"
    IPT="/sbin/iptables"
    
    ##### frequency in minutes for running the script
    ##### Caution: Every time this setting is changed, run the script with --cron
    #####          option so that the new frequency takes effect
    #检查时间间隔,默认一分钟
    FREQ=1
    
    ##### How many connections define a bad IP? Indicate that below.
    #最大连接数,超过这个数ip就会屏蔽掉,一般默认即可
    NO_OF_CONNECTIONS=150
    
    ##### APF_BAN=1 (Make sure your APF version is atleast 0.96)
    ##### APF_BAN=0 (Uses iptables for banning ips instead of APF)
    #使用APF还是iptables。推荐使用iptables,将APF_BAN的值改为0即可。
    APF_BAN=1
    #APF_BAN=0
    ##### KILL=0 (Bad IPs are'nt banned, good for interactive execution of script)
    ##### KILL=1 (Recommended setting)
    #是否屏蔽ip,默认即可
    KILL=1
    
    ##### An email is sent to the following address when an IP is banned.
    ##### Blank would suppress sending of mails
    #当ip被屏蔽时给指定邮箱发送邮件报警,换成自己的邮箱
    EMAIL_TO=xxxx@qq.com
    
    ##### Number of seconds the banned ip should remain in blacklist.
    #禁用ip时间,默认600秒,可根据情况调整
    BAN_PERIOD=600

    开启防火墙:

    systemctl start firewalld.service
    #添加规则
    firewall-cmd --zone=pubilc --query-prot=80/tcp
    #刷新策略
    firewall-cmd --reload
    #检查是否生效
    firewall-cmd --zone=public --query-port=80/tcp

    测试:

    #防ddos主机上安装nginx
    yum install nginx -y
    systemctl start nginx
    
    #压测主机
    yum install httpd-tools -y
    ab -n 10000 -c 100 http://主机名/index.html
  • 相关阅读:
    一些数学证明
    重头再来
    二次函数传参
    神经网络
    准备写点随笔了
    如何做出响应式的页面 (转)
    自适应,响应式,viewport总结
    edm邮件制作规范
    博客园blog模板整理
    git 常用的命令
  • 原文地址:https://www.cnblogs.com/Mercury-linux/p/12704628.html
Copyright © 2020-2023  润新知