安裝ConfigServer Security & Firewall安全防護軟體,它可以在極大程度上保護伺服器安全。這是很重要的一步,請不要忽略。不同的母機配置不同,可能封了部分埠,安裝這個可以保證開啟必要埠,關閉不必要的埠。
cd /tmp wget http://www.configserver.com/free/csf.tgz tar zxvf csf.tgz cd csf ./install.generic.sh
現在我們裝好了CSF,然後就要修正配置檔開啟/關閉一些埠。
cd /etc/csf sed -i 's/^TESTING =.*/TESTING = "0"/' csf.conf sed -i 's/^TCP_IN =.*/TCP_IN = "21,22,9091,51413,30000:35000"/' csf.conf sed -i 's/^TCP_OUT =.*/TCP_OUT = "1:65535"/' csf.conf sed -i 's/^UDP_IN =.*/UDP_IN = "20,21,51413"/' csf.conf service csf restart
####### 遭遇CC攻擊解決方法 #######
安裝 CSF,然後用這個腳本(前提你是LNMP)
#!/bin/bash #Collecting list of ip addresses connected to port 80 netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1 > /root/iplist #Limit the no of connections LIMIT=15; for ip in `cat /root/iplist |awk '{print $2}'`;do if [ `grep $ip /root/iplist | awk '{print $1}'` -gt $LIMIT ] then echo "15 connection from $ip... `grep $ip /root/iplist | awk '{print $1}'` number of connections... Blocking $ip"; #Blocking the ip ... CHECK_IF_LOCALIP=0; /sbin/ifconfig | grep $ip > /dev/null; if [ $? -ne $CHECK_IF_LOCALIP ] then { FLAG=0; grep $ip /etc/csf/csf.deny > /dev/null; if [ $? -ne $FLAG ] then iptables -I INPUT -s $ip -j DROP; echo "deny $ip;" >> /usr/local/nginx/conf/vhost/block.conf; /usr/sbin/csf -d $ip; ~/lnmp reload; else echo " Ipaddress $ip is already blocked "; fi } else echo " Sorry, the ip $ip cannot be blocked since this is a local ip of the server "; fi fi done