对外DDoS攻击的处理方法 Linux 通过Iptalbes禁止PHPDDOS发包-php手册-php.cn

Home

php教程

php手册

对外DDoS攻击的处理方法 Linux 通过Iptalbes禁止PHPDDOS发包

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 21, 2016 am 08:52 AM

dns iptables state udp

　　对这种攻击的处罚政策是，

　　Further violations will proceed with these following actions:

　　1st violation - Warning and shutdown of server. We will allow 24 hours for you to rectify the problem. 第一次是警告+关机，给24小时的时间来解决问题

　　2nd violation - Immediate reformat of server. 第二次是立即格式化服务器

　　3rd violation - Cancellation with no refund. 第三次是取消服务并不给退款

　　针对这个问题，给一个简单的描述，

　　表现特征:一打开IIS,服务器的流出带宽就用光-----就是说服务器不断向别人发包,这个情况和受到ddos攻击是不同的,Ddos是不断收到大量数据包.

　　解决办法:

　　先停止IIS，这样就暂时没法对外攻击了，然后

　　禁止上述的代码:

　　在c:\windows\php.ini里设置:

　　disable_functions =gzinflate,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,fsocket,fsockopen

　　在c:\windows\php.ini里设其值为Off

　　allow_url_fopen = Off

　　并且:

　　;extension=php_sockets.dll

　　前面的;号一定要有,意思就是限制用sockets.dll

　　前面的;号要保留

　　然后启动IIS

　　在IP策略,或防火墙中,禁止所有udp向外发送

　　linux下解决办法

　　一、禁止本机对外发送UDP包

　　iptables -A OUTPUT -p udp -j DROP

　　二、允许需要UDP服务的端口(如DNS)

　　iptables -I OUTPUT -p udp --dport 53 -d 8.8.8.8 -j ACCEPT

　　绿色“53”，为DNS所需要的UDP端口，黄色“8.8.8.8”部分为DNS IP，根据您服务器的设定来定，若您不知您当前服务器使用的DNS IP，可在SSH中执行以下命令获取：

　　cat /etc/resolv.conf grep nameserver awk 'NR==1{print $2 }'

　　附完整iptables规则

　　#iptables -A INPUT -p tcp -m tcp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

　　#iptables -A INPUT -p udp -m udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

　　#iptables -A OUTPUT -p tcp -m tcp --sport 1024:65535 -d 8.8.4.4 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT

　　#iptables -A OUTPUT -p udp -m udp --sport 1024:65535 -d 8.8.8.8 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT

　　#iptables -A OUTPUT -p udp -j REJECT

　　#/etc/rc.d/init.d/iptables save

　　# service iptables restart

　　#chkconfig iptables on

　　开放对外以及对内的 DNS端口 53

　　禁止其他全部出站的UDP 协议

　　开机启动iptables

　　另外要说明的是，上面的代码是因为我服务器使用的是谷歌的DNS来解析，我服务器端对外的访问(在服务器端上网，就需要，如果只是单纯的服务器，不进行 yum安装也可以不用)，因此我开放对8.8.4.4和8.8.8.8的访问，如果你不是设置为谷歌的DNS，那么这里要自行修改成你的DNS。使用的 DNS是什么可以用下面方法查询

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

What's New in Windows 11 KB5054979 & How to Fix Update Issues

3 weeks ago By DDD

How to fix KB5055523 fails to install in Windows 11?

2 weeks ago By DDD

InZoi: How To Apply To School And University

4 weeks ago By DDD

How to fix KB5055518 fails to install in Windows 10?

2 weeks ago By DDD

Roblox: Dead Rails – How To Summon And Defeat Nikola Tesla

1 months ago By 尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7862

Java Tutorial

1649

CakePHP Tutorial

1404

Laravel Tutorial

1300

PHP Tutorial

1242

Related knowledge

How to solve win11 DNS server error Jan 10, 2024 pm 09:02 PM

We need to use the correct DNS when connecting to the Internet to access the Internet. In the same way, if we use the wrong dns settings, it will prompt a dns server error. At this time, we can try to solve the problem by selecting to automatically obtain dns in the network settings. Let’s take a look at the specific solutions. How to solve win11 network dns server error. Method 1: Reset DNS 1. First, click Start in the taskbar to enter, find and click the "Settings" icon button. 2. Then click the "Network & Internet" option command in the left column. 3. Then find the "Ethernet" option on the right and click to enter. 4. After that, click "Edit" in the DNS server assignment, and finally set DNS to "Automatic (D

Fix: Windows 11 update error 0x80072ee7 Apr 14, 2023 pm 01:31 PM

Certain Windows 11 updates may cause issues and larger builds that cause performance errors. For example, if you don’t fix update error 0x80072ee7, it might make your machine behave erratically. It triggers in different situations and fixing it depends on the reason behind the glitch. Sometimes, users report that this issue occurs when installing certain Windows updates. Browse without random security notifications and system errors. If this happens, your computer may have unwanted programs or malware. The reasons behind the errors vary, ranging from antivirus issues to other software interfering with Windows updates. How do Windows update errors occur? If 0x appears while browsing

How to fix Xbox Series S/X download speeds, reduced ping and lag Apr 16, 2023 pm 04:49 PM

Xbox consoles have improved dramatically over the years. Over the years, games have evolved with life-like features that gamers can't seem to get enough of. Playing your favorite games on Xbox can be a completely engrossing experience. However, sometimes using these advanced features, we end up with lag or ping issues if the internet speed is not that good. Sometimes we want games to download faster. Today, games like Forza Horizon 5 and Mortal Kombat require over 100GB of RAM. Downloading such games can take a long time if we don't have the right internet settings to help us. Method 1: Pass

How to solve Steam error code 105 Unable to connect to server? Apr 22, 2023 pm 10:16 PM

Steam is a popular game library. It allows its users to play games and download games to their Steam accounts. Since it is a cloud-based library, it allows users to use any computer and allows them to store many games within the limited computer memory. These features make it very popular among the gamer community. However, many gamers have reported seeing the following error code in their systems. Error code 105 - Unable to connect to server. Server may be offline error This error mainly occurs due to some issues in the connection. When you see this issue in your system, try the following general fixes and check if the issue is resolved. Restart your router. Restart your system. Still see a problem? Don't worry

How to assign multiple IP addresses in one LAN card on Windows 10/11 May 30, 2023 am 11:25 AM

Sometimes it is necessary to assign multiple addresses to a single LAN card. For example, if you need to run multiple websites with unique IP addresses or bind applications to different IP addresses, etc. If you are thinking about how to assign multiple addresses to a single network interface card or LAN card, this article will help you achieve it. Follow the steps below till the end and it will be done. So let’s get started! Assign multiple IP addresses to one LAN card Step 1: Use the Windows+R keys together to open the run prompt and type ncpa.cpl, then press the Enter key to open the Network Connection window. Step 2: Right click on your network adapter Ethernet or WiFi option and click Properties. Step 3: From the Properties Window

How to change DNS settings on Windows 11 May 01, 2023 pm 06:58 PM

Your ISP is configured to provide a default Domain Name System (DNS) when setting up your Internet connection. This poses various security threats and slows down the internet, so DNS servers must be assigned manually. Browse this detailed guide to learn how to change DNS settings on your Windows 11 computer and protect your online presence. How to change DNS settings on Windows 11? 1. Using the Settings app Use the + shortcut to go to the Settings app. WindowsI select Network & Internet from the left sidebar, then Wi-Fi or Ethernet from the right, depending on your internet connection. Scroll down and select Hardware Properties. Find the DNS server assignment setting and click on it

Fix: DNS server not responding issue in Windows 11 Jun 01, 2023 pm 04:52 PM

When Windows users are unable to browse or load web pages on the browser on their system, they happen to think of all the factors that can cause this issue. Although many Windows users resolve this issue on their systems, it throws an error message stating “DNS server is not responding” and users don’t know how to resolve this issue to use a stable internet connection. We have come up with a solution in this article that will surely solve this problem. However, try these solutions beforehand – try restarting your router and check if this is causing the problem. Change browser applications. That said, if you're using the Microsoft Edge browser, close it and open Google

Why NameResolutionError(self.host, self, e) from e and how to solve it Mar 01, 2024 pm 01:20 PM

The reason for the error is NameResolutionError(self.host,self,e)frome, which is an exception type in the urllib3 library. The reason for this error is that DNS resolution failed, that is, the host name or IP address attempted to be resolved cannot be found. This may be caused by the entered URL address being incorrect or the DNS server being temporarily unavailable. How to solve this error There may be several ways to solve this error: Check whether the entered URL address is correct and make sure it is accessible Make sure the DNS server is available, you can try using the "ping" command on the command line to test whether the DNS server is available Try accessing the website using the IP address instead of the hostname if behind a proxy

See all articles