安裝csf防火牆、CC攻擊解決方法

安裝ConfigServer Security & Firewall安全防護軟體，它可以在極大程度上保護伺服器安全。這是很重要的一步，請不要忽略。不同的母機配置不同，可能封了部分埠，安裝這個可以保證開啟必要埠，關閉不必要的埠。

cd /tmp
wget http://www.configserver.com/free/csf.tgz
tar zxvf csf.tgz
cd csf
./install.generic.sh

現在我們裝好了CSF，然後就要修正配置檔開啟/關閉一些埠。

cd /etc/csf
sed -i 's/^TESTING =.*/TESTING = "0"/' csf.conf
sed -i 's/^TCP_IN =.*/TCP_IN = "21,22,9091,51413,30000:35000"/' csf.conf
sed -i 's/^TCP_OUT =.*/TCP_OUT = "1:65535"/' csf.conf
sed -i 's/^UDP_IN =.*/UDP_IN = "20,21,51413"/' csf.conf
service csf restart

####### 遭遇CC攻擊解決方法 #######

安裝 CSF，然後用這個腳本（前提你是LNMP）

#!/bin/bash
 
#Collecting list of ip addresses connected to port 80
 
netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1 > /root/iplist
 
#Limit the no of connections
LIMIT=15;
 
for ip in `cat /root/iplist |awk '{print $2}'`;do
 
        if [ `grep $ip /root/iplist | awk '{print $1}'` -gt $LIMIT ]
        then
                echo "15 connection from $ip... `grep $ip /root/iplist | awk '{print $1}'` number of connections... Blocking $ip";
 
                #Blocking the ip ...
 
                CHECK_IF_LOCALIP=0;
                /sbin/ifconfig | grep $ip > /dev/null;
                if [ $? -ne $CHECK_IF_LOCALIP ]
                then {
                        FLAG=0;
                        grep $ip /etc/csf/csf.deny > /dev/null;
                        if [ $? -ne $FLAG ]
                        then
                                iptables -I INPUT -s $ip -j DROP;
                                echo "deny $ip;" >> /usr/local/nginx/conf/vhost/block.conf;
                                /usr/sbin/csf -d $ip;
                                ~/lnmp reload;
                        else
                                echo " Ipaddress $ip is already blocked ";
                        fi
                }
                else
                        echo " Sorry, the ip $ip cannot be blocked since this is a local ip of the server ";
                fi
        fi
done