MPGHB

Members Login

Topic: Server Optimized: Anti DDos cho Linux Webserver

Post Info

admin

Senior Member

Status: Offline

Posts: 181

Date: Dec 12, 2013

Server Optimized: Anti DDos cho Linux Webserver	Permalink

Talking about DDos problem , perhaps it would be difficult to make sure that how we can secure 100 % before this problem . Because there are so many modes of attack as dos , ddos , flood, Slowloris ... and it comes with different intensities . So the solution presented below TechBlog will only be able to help you in certain cases only. However, it will also help you consolidate part of security for your webserver . Optimized Server DDoS map : Anti DDos hacker virus for Linux Webserver hosting server domain security topics of interest 1 . DDos Restrictions : Dos Deflate Install Firewall Dos Deflate : 1#cd download 2#wget <a href="http://www.inetbase.com/scripts/ddos/install.sh" target="_blank">http://www.inetbase.com/scripts/ddos/install.sh</a> 3#chmod 0700 install.sh 4#./install.sh After successful installation , you can configure the firewall using the command : 1#nano /user/local/ddos/ddos.conf This is the configuration file of the firewall , basic content will be as follows : 1FREQ=1 // off/ on Firewall (0=off, 1=on) 2NO_OF_CONNECTIONS=50 // max connect from 1 IP to server 3APF_BAN=1 4KILL=1 // on/off (0=off, 1=On) 5EMAIL_TO="administrator@techblog.vn" 6BAN_PERIOD=600 // IP ban time is 600 seconds 2 . Antiddos Apache Mod : mod_dosevasive Install mod_dosevasive : #up2date -i httpd-devel #cd /usr/src #wgethttp://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz #tar xfz mod_evasive_1.10.1.tar.gz #cd mod_evasive #$APACHE_ROOT/bin/apxs -cia mod_evasive20.c Find the httpd.conf file and add the following paragraph : <IfModule mod_dosevasive20.c> DOSHashTableSize 3097 DOSPageCount 2 DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 300 </IfModule> Then save and restart apache using the command : 1#service httpd restart or #/etc/init.d/httpd restart 3 . Install and configure iptables : Referral information , installation , usage TechBlog has presented specific article iptables firewall configuration on CentOS / Redhat . In the case of anti ddos , we are only interested in some basic rules are as follows : 1#Limit the number of incoming tcp connections 2#Interface 0 incoming syn-flood protection 3#iptables -N syn_flood 4#iptables -A INPUT -p tcp --syn -j syn_flood 5#iptables -A syn_flood -m limit --limit 1/s --limit-burst 3 -j RETURN 6#iptables -A syn_flood -j DROP 4 . Mod_antiloris for Apache Installation : mod_antiloris limited effect of each IP connection request to the webserver . # wget ftp://ftp.monshouwer.eu/pub/linux/mod_antiloris/mod_antiloris-0.3.tar.bz2 # tar - jxvf mod_antiloris - 0.3.tar.bz2 # cd mod_antiloris - 0.3 # sudo / wwwroot/apache2/bin/apxs - a- i - c mod_antiloris.c # sudo / etc / inid.d / http restart So basically we 've got some equipment configuration , firewall against DDos . But try to keep track of your system regularly to be able to offer appropriate solutions from time to time . __________________

Tweet this page

Post to Digg

Post to Del.icio.us

Create your own FREE Forum
Report Abuse