Pada saat server terasa berat ada kemungkinan anda terkena serangan DDOS. klo masih sempet kebuka sih masih bisa banned ip yang melakukan bad request ke server kita .. kita bisa cek dengan perintah :
netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n
Nah klo gk sempet ?itulah maksud ane kita mesti melakukan apa yang di namakan dengan pencegahan ..
ingat brother mencegah itu lebih baik dari pada mengobati .. hehehe
lets learn ..
ok sekarang login ke terminal pada server anda. Lewat SSH ato koneksi apa saja yang penting pada terminal ato console.
Untuk sesi kali ini ane pengen berbagi tentang pemakaian DDOS-Deflate di mana tools ini akan membantu anda dalam pengamanan dari serangan DDOS.
first .. ( download toolsnya )
wget http://www.inetbase.com/scripts/ddos/install.sh
–2011-06-17 22:19:13– http://www.inetbase.com/scripts/ddos/install.sh
Resolving http://www.inetbase.com… 205.234.99.83
Connecting to http://www.inetbase.com|205.234.99.83|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 1067 (1.0K) [application/x-sh]
Saving to: `install.sh’
–2011-06-17 22:19:13– http://www.inetbase.com/scripts/ddos/install.sh
Resolving http://www.inetbase.com… 205.234.99.83
Connecting to http://www.inetbase.com|205.234.99.83|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 1067 (1.0K) [application/x-sh]
Saving to: `install.sh’
100%[======================================>] 1,067 –.-K/s in 0s
2011-06-17 22:19:15 (27.5 MB/s) – `install.sh’ saved [1067/1067]
root@id-backtrack:~# ls
install.sh
nah setelah di download kita ubah chmod nya dulu agar dapat di esekusi ,,install.sh
chmod 0700 install.sh
./install.sh
nah klo sudah terinstall teman-teman dapat mengedit file-file configurasi sesuai kehendak..
Untuk whitelist IP
vim /usr/local/ddos/ignore.ip.list
Untuk konfigurasi utamanya ada di
vim /usr/local/ddos/ddos.conf
kira – kira seperti ini defaultnya .. kalo ane edit2 dikit sih
##### Paths of the script and other files
PROGDIR=”/usr/local/ddos”
PROG=”/usr/local/ddos/ddos.sh”
IGNORE_IP_LIST=”/usr/local/ddos/ignore.ip.list”
CRON=”/etc/cron.d/ddos.cron”
APF=”/etc/apf/apf”
IPT=”/sbin/iptables”
PROGDIR=”/usr/local/ddos”
PROG=”/usr/local/ddos/ddos.sh”
IGNORE_IP_LIST=”/usr/local/ddos/ignore.ip.list”
CRON=”/etc/cron.d/ddos.cron”
APF=”/etc/apf/apf”
IPT=”/sbin/iptables”
##### frequency in minutes for running the script
##### Caution: Every time this setting is changed, run the script with –cron
##### option so that the new frequency takes effect
FREQ=1
##### Caution: Every time this setting is changed, run the script with –cron
##### option so that the new frequency takes effect
FREQ=1
##### How many connections define a bad IP? Indicate that below.
NO_OF_CONNECTIONS=150
NO_OF_CONNECTIONS=150
##### APF_BAN=1 (Make sure your APF version is atleast 0.96)
##### APF_BAN=0 (Uses iptables for banning ips instead of APF)
APF_BAN=1
##### APF_BAN=0 (Uses iptables for banning ips instead of APF)
APF_BAN=1
##### KILL=0 (Bad IPs are’nt banned, good for interactive execution of script)
##### KILL=1 (Recommended setting)
KILL=1
##### KILL=1 (Recommended setting)
KILL=1
##### An email is sent to the following address when an IP is banned.
##### Blank would suppress sending of mails
EMAIL_TO=”root”
##### Blank would suppress sending of mails
EMAIL_TO=”root”
##### Number of seconds the banned ip should remain in blacklist.
BAN_PERIOD=600
BAN_PERIOD=600
Tidak ada komentar:
Posting Komentar