防DDOS脚本
原理:
用Cron计划任务定时执行脚本统计单个IP的最大连接数,如果超过阈值则用APF或者iptables来阻止,并在预设的阻止时间后释放。
安装:
wget http://www.inetbase.com/scripts/ddos/install.sh chmod +x install.sh ./install.sh 卸载:
wget http://www.inetbase.com/scripts/ddos/uninstall.sh chmod +x uninstall.sh ./uninstall.sh 配置:
/usr/local/ddos/ddos.conf ##### Paths of the script and other files PROGDIR="/usr/local/ddos" PROG="/usr/local/ddos/ddos.sh" IGNORE_IP_LIST="/usr/local/ddos/ignore.ip.list" CRON="/etc/cron.d/ddos.cron" APF="/etc/apf/apf" IPT="/sbin/iptables" ##### frequency in minutes for running the script ##### Caution: Every time this setting is changed, run the script with --cron 多少分钟执行一次统计 ##### option so that the new frequency takes effect FREQ=1 ##### How many connections define a bad IP? Indicate that below. 当一个IP的最大连接是多少的时候阻止它 NO_OF_CONNECTIONS=150 ##### APF_BAN=1 (Make sure your APF version is atleast 0.96,确定安装APF并且版本大雨0.96) ##### APF_BAN=0 (Uses iptables for banning ips instead of APF,用iptables代理APF) APF_BAN=1 ##### KILL=0 (Bad IPs arent banned, good for interactive execution of script) ##### KILL=1 (Recommended setting,推荐设置) KILL=1 ##### An email is sent to the following address when an IP is banned.阻止一个IP后通知谁 ##### Blank would suppress sending of mails EMAIL_TO="root" ##### Number of seconds the banned