Defense under Linux: How to mitigate DDOS attacks

Defense under Linux authentication system: How to mitigate DDOS attacks, the Internet is as full of hooks as the real society, and the website is also the most troublesome thing for webmasters. In the absence of hard defense, looking for software replacement is the most direct method, such as using iptables, but iptables can not be automatically shielded, only manual shielding. Today is a software that automatically shields DDOS attacker IP: DDoS deflate. Foreword The Internet is as full of hooks as the real world. The website is also the most troublesome thing for webmasters. In the absence of hard defense, looking for software replacement is the most direct method, such as using iptables, but iptables can not be automatically shielded, only manual shielding. Today is a software that automatically shields DDOS attacker IP: DDoS deflate. Introduction to DDoS deflate DDoS deflate is a free script to defend against and mitigate DDoS attacks. It uses the netstat monitoring to track the IP addresses that create a large number of network connections. When it detects that a node exceeds the preset limit, the program will block or block these DDoS deflate official websites through APF or IPTABLES: How to confirm whether it is attacked by DDOS? Execute: netstat -ntu awk '{print \\$5}' cut -d: -f1 sort uniq -c sort -n After execution, it will display the number of connections for each IP on the server. The following are the results of my own VPS test: 1 servers) 8 220.181.61.31 VPS Detective 2311 67.215.242.196 Several IP, a dozen or dozens of connections per IP are fairly normal, if hundreds of above A thousand is definitely not normal. Install wget http://www.inetbase.com/scripts/ddos/install.sh //Download chmod 0700 install.sh //Add permissions ./install.sh //Execute 2, configure The following is the default configuration of DDoS deflate /usr/local/ddos/ddos.conf with the following contents: IGNORE_IP_LIST="/usr/local/ddos/ignore.ip.list" //IP address whitelist CRON="/etc/cron.d/ddos. Cron" //Timed execution program FREQ=1 //Check interval, default 1 minute NO_OF_CONNECTIONS=150 //Maximum number of connections, IP will be blocked if it exceeds this number, generally default ##### APF_BAN=1 ( Make sure your APF version is atleast 0.96) ##### APF_BAN=0 (Uses iptables for banning ips instead of APF) APF_BAN=1 //Use APF or iptables. It is recommended to use iptables and change the value of APF_BAN to 0. ##### KILL=0 (Bad IPs are'nt banned, good for interactive execution of script) ##### KILL=1 (Recommended setting) KILL=1 //Whether to block IP, the default is EMAIL_TO=" ;root" //When the IP is blocked, send the email to the specified mailbox. It is recommended to use it and replace it with your own mailbox. BAN_PERIOD=600 //Disable IP time, default 600 seconds, you can adjust the default configuration file according to the situation. Add the comment prompt content and modify the configuration file. If you like tossing, you can use Web stress test software to test the effect. I believe DDoS deflate can still give your VPS or server a part of DDOS attacks and give your website more protection.