防cc攻击怎么设置(如何防cc攻击)

防cc攻击怎么设置(如何防cc攻击)

扫码添加渲大师小管家,免费领取渲染插件、素材、模型、教程合集大礼包!

预防CC攻击有两种方法

第一种就是利用本机的防火墙来解决可以安装CSF之内的防火墙,这种的弊端是只能防止小规模的CC攻击和DDOS(我的站在阿里云,所以不用太担心DDOS)CC攻击比较猛的话机器也直接CUP跑满了。

防cc攻击怎么设置(如何防cc攻击)

第二种方式是添加CDN,这种防止CC攻击的方法是最好的,不过CDN一般都要钱。

现在就来谈谈具体换防护,

首先安装CSF防火墙,这个比较简单而且不用改域名什么的,小规模的就直接解决了。

一、安装依赖包:

yum install perl-libwww-perl perl iptables

二、下载并安装 CSF:

wget http://www.configserver.com/free/csf.tgz

tar -xzf csf.tgz

cd csf

sh install.sh

三、测试 CSF 是否能正常工作:

[root@localhost csf]# perl /etc/csf/csftest.pl

Testing ip_tables/iptable_filter.。.OK

Testing ipt_LOG.。.OK

Testing

ipt_multiport/xt_multiport.。.OK

Testing ipt_REJECT.。.OK

Testing ipt_state/xt_state.。.OK

Testing ipt_limit/xt_limit.。.OK

Testing ipt_recent.。.OK

Testing xt_connlimit.。.OK

Testing ipt_owner/xt_owner.。.OK

Testing iptable_nat/ipt_REDIRECT.。.OK

Testing iptable_nat/ipt_DNAT.。.OK

RESULT: csf should function on this server

四、csf的配置:

CSF的配置文件是

vim /etc/csf/csf.conf

# Allow incoming TCP ports

# 推荐您更改 SSH 的默认端口(22)为其他端口,但请注意一定要把新的端口加到下一行中

TCP_IN = “20,21,47,81,1723,25,53,80,110,143,443,465,587,993,995〃

# Allow outgoing TCP ports同上,把 SSH 的登录端口加到下一行。

# 在某些程序要求打开一定范围的端口的情况下,例如Pureftpd的passive mode,可使用类似 30000:35000 的方式打开30000-35000范围的端口。

TCP_OUT = “20,21,47,81,1723,25,53,80,110,113,443〃

# Allow incoming UDP ports

UDP_IN = “20,21,53〃

# Allow outgoing UDP ports

# To allow outgoing traceroute add 33434:33523 to this list

UDP_OUT = “20,21,53,113,123〃

# Allow incoming PING 是否允许别人ping你的服务器,默认为1,允许。0为不允许。

ICMP_IN = “1〃

以上这些配置大家一看就懂了,下面再介绍几个比较常用的:

免疫某些类型的小规模 DDos 攻击:

# Connection Tracking. This option enables tracking of all connections from IP

# addresses to the server. If the total number of connections is greater than

# this value then the offending IP address is blocked. This can be used to help

# prevent some types of DOS attack.

# Care should be taken with this option. It’s entirely possible that you will

# see false-positives. Some protocols can be connection hungry, e.g. FTP, IMAPD

# and HTTP so it could be quite easy to trigger, especially with a lot of

# closed connections in TIME_WAIT. However, for a server that is prone to DOS

# attacks this may be very useful. A reasonable setting for this option might

# be arround 200.

# To disable this feature, set this to 0

CT_LIMIT = “200”##固定时间内同一个IP请求的此数

# Connection Tracking interval. Set this to the the number of seconds between

# connection tracking scans

CT_INTERVAL = “30” ##指上面的固定时间,单位为秒

# Send an email alert if an IP address is blocked due to connection tracking

CT_EMAIL_ALERT = “1” ##是否发送邮件

# If you want to make IP blocks permanent then set this to 1, otherwise blocks

# will be temporary and will be cleared after CT_BLOCK_TIME seconds

# 是否对可疑IP采取永久屏蔽,默认为0,即临时性屏蔽。

CT_PERMANENT = “0”

# If you opt for temporary IP blocks for CT, then the following is the interval

# in seconds that the IP will remained blocked for (e.g. 1800 = 30 mins)

# 临时性屏蔽时间

CT_BLOCK_TIME = “1800”

# If you don’t want to count the TIME_WAIT state against the connection count

# then set the following to “1〃

CT_SKIP_TIME_WAIT = “0” ##是否统计TIME_WAIT链接状态

# If you only want to count specific states (e.g. SYN_RECV) then add the states

# to the following as a comma separated list. E.g. “SYN_RECV,TIME_WAIT”

# Leave this option empty to count all states against CT_LIMIT

CT_STATES = “” ##是否分国家来统计,填写的是国家名

# If you only want to count specific ports (e.g. 80,443) then add the ports

# to the following as a comma separated list. E.g. “80,443〃

# Leave this option empty to count all ports against CT_LIMIT

# 对什么端口进行检测,为空则检测所有,防止ssh的话可以为空,统计所有的。

CT_PORTS = “”

做了以上设置之后,可以先测试一下。如果没有问题的话,就更改为正式模式,刚才只是测试模式。

# 把默认的1修改为0。

TESTING = “0”

在/etc/csf/下有csf.allow和csf.deny两个文件,

allow是信任的IP,可以把自己的IP写到这里面防止误封。

deny就是被封的IP。

如果有调整需要重启一下cfs服务

上面就是Linux防止CC攻击的方法介绍了,很多时候用户网站被CC攻击了自己都不知道,所以定期的检测是很有必要的。

分享到 :
相关推荐

免费海外虚拟主机和云服务器有什么区别(免费海外虚拟主机和云服务器有什么区别吗)

免费海外虚拟主机和云服务器的区别有:1。资源利用率不同。云服务器可以自由定制需要的C...

海外服务器租用和托管的相同点是什么

海外服务器租用和托管相同点:1.海外服务器租用和托管都是不用备案。节省时间成本。快[...

香港高防bgp云服务器租用价格是多少(香港高防服务器推荐)

香港高防BGP云服务器租用价格因不同的配置和服务提供商而异。一般来说。价格在每月几百...

免费虚拟主机vps有哪些类型(免费虚拟主机vps有哪些类型的)

免费虚拟主机vps的类型有:1。按照操作系统分类。分为Linux虚拟主机和Windo...

发表评论

您的电子邮箱地址不会被公开。 必填项已用*标注