前言?

互聯(lián)網(wǎng)如同現(xiàn)實社會一樣充滿鉤心斗角拼苍，網(wǎng)站被DDOS也成為站長最頭疼的事独令。在沒有硬防的情況下，尋找軟件代替是最直接的方法液肌，比如用?iptables，但是iptables不能在自動屏蔽鸥滨，只能手動屏蔽嗦哆。今天要說的就是一款能夠自動屏蔽DDOS攻擊者IP的軟件：DDoS?deflate谤祖。?

DDoS?deflate介紹?

DDoS?deflate是一款免費的用來防御和減輕DDoS攻擊的腳本。它通過netstat監(jiān)測跟蹤創(chuàng)建大量網(wǎng)絡(luò)連接的IP地址老速，在檢測到某個結(jié)點超過預(yù)設(shè)的限?制時粥喜，該程序會通過APF或IPTABLES禁止或阻擋這些IP.?

DDoS?deflate官方網(wǎng)站：http://deflate.medialayer.com/?

如何確認是否受到DDOS攻擊？?

執(zhí)行：?

netstat?-ntu?　?awk?'{print?$5}'?　?cut?-d:?-f1?　?sort?　?uniq?-c?　?sort?-n?

執(zhí)行后橘券，將會顯示服務(wù)器上所有的每個IP多少個連接數(shù)额湘。?

以下是我自己用VPS測試的結(jié)果：?

li88-99:~#?netstat?-ntu?　?awk?'{print?$5}'?　?cut?-d:?-f1?　?sort?　?uniq?-c?　?sort?-n?

1?114.226.9.132?

1?174.129.237.157?

1?58.60.118.142?

1?Address?

1?servers)?

2?118.26.131.78?

3?123.125.1.202?

3?220.248.43.119?

4?117.36.231.253?

4?119.162.46.124?

6?219.140.232.128?

8?220.181.61.31?

2311?67.215.242.196?

每個IP幾個、十幾個或幾十個連接數(shù)都還算比較正常约郁，如果像上面成百上千肯定就不正常了缩挑。?

1、安裝DDoS?deflate?

wget?http://www.inetbase.com/scripts/ddos/install.sh?//下載DDoS?deflate?

chmod?0700?install.sh?//添加權(quán)限?

./install.sh?//執(zhí)行?

2鬓梅、配置DDoS?deflate?

下面是DDoS?deflate的默認配置位于/usr/local/ddos/ddos.conf?供置，內(nèi)容如下：?

#####?Paths?of?the?script?and?other?files?

PROGDIR="/usr/local/ddos"?

PROG="/usr/local/ddos/ddos.sh"?

IGNORE_IP_LIST="/usr/local/ddos/ignore.ip.list"?//IP地址白名單?

CRON="/etc/cron.d/ddos.cron"?//定時執(zhí)行程序?

APF="/etc/apf/apf"?

IPT="/sbin/iptables"?

#####?frequency?in?minutes?for?running?the?script?

#####?Caution:?Every?time?this?setting?is?changed,?run?the?script?with?--cron?

#####?option?so?that?the?new?frequency?takes?effect?

FREQ=1?//檢查時間間隔，默認1分鐘?

#####?How?many?connections?define?a?bad?IP??Indicate?that?below.?

NO_OF_CONNECTIONS=150?//最大連接數(shù)绽快，超過這個數(shù)IP就會被屏蔽芥丧，一般默認即可?

#####?APF_BAN=1?(Make?sure?your?APF?version?is?atleast?0.96)?

#####?APF_BAN=0?(Uses?iptables?for?banning?ips?instead?of?APF)?

APF_BAN=1?//使用APF還是iptables，推薦使用iptables?

#####?KILL=0?(Bad?IPs?are'nt?banned,?good?for?interactive?execution?of?script)?

#####?KILL=1?(Recommended?setting)?

KILL=1?//是否屏蔽IP坊罢，默認即可?

#####?An?email?is?sent?to?the?following?address?when?an?IP?is?banned.?

#####?Blank?would?suppress?sending?of?mails?

EMAIL_TO="root"?//當IP被屏蔽時給指定郵箱發(fā)送郵件续担，推薦使用，換成自己的郵箱即可?

#####?Number?of?seconds?the?banned?ip?should?remain?in?blacklist.?

BAN_PERIOD=600?//禁用IP時間活孩，默認600秒物遇，可根據(jù)情況調(diào)整?

用戶可根據(jù)給默認配置文件加上的注釋提示內(nèi)容，修改配置文件憾儒。?

喜歡折騰的可以用Web壓力測試軟件測試一下效果询兴，相信DDoS?deflate還是能給你的VPS或服務(wù)器抵御一部分DDOS攻擊，給你的網(wǎng)站更多的保護起趾。

轉(zhuǎn)載于:https://www.cnblogs.com/buffer/archive/2011/03/23/1993195.html

? ? 有服務(wù)器需求請加QQ1911624872咨詢