Prevent and Stop DoS or DDoS Attacks on Web Server (D)DOS-Deflate預防和阻止DOS或DDoS攻擊Web服務器（四） DOS的deflate

All web servers been connected to the Internet subjected to DoS (Denial of Service) or DDoS (Distrubuted Denial of Service) attacks in some kind or another, where hackers or attackers launch large amount connections consistently and persistently to the server, and in advanced stage, distributed from multiple IP addresses or sources, in the hope to bring down the server or use up all network bandwidth and system resources to deny web pages serving or website not responding to legitimate visitors.所有Web服務器被連接到互聯網受到DOS的（拒絕服務）或分佈式拒絕服務攻擊（分佈式拒絕服務）攻擊，在一些這樣或那樣的，如果黑客或攻擊者發射了大量的聯繫，始終堅持到服務器，並在高級階段，分佈在多個IP地址或來源，在希望把服務器或使用所有的網絡帶寬和系統資源，以否認網頁服務或網站沒有回應的合法旅客。

There are plenty of ways to prevent, stop, fight and kill off DDoS attack, such as using firewall.有很多途徑來預防，制止，打擊和殺死DDoS攻擊，例如使用防火牆。 A low cost, and probably free method is by using software based firewall or filtering service.一，成本低，可能和自由的方法是使用基於軟件的防火牆或過濾服務。 (D)DoS-Deflate is a free open source Unix/Linux script by MediaLayer that automatically mitigate (D)DoS attacks. （四） DOS的deflate是一個自由開放源碼的Unix / Linux腳本medialayer自動減輕（四） DoS攻擊。 It claims to be the best, free, open source solution to protect servers against some of the most excruciating DDoS attacks.它聲稱是最好的，免費，自由，開放原始碼解決方案來保護服務器免遭一些最痛苦的DDoS攻擊。

(D)DoS-Deflate （四） DOS的deflate script basically monitors and tracks the IP addresses are sending and establishing large amount of TCP network connections such as mass emailing, DoS pings, HTTP requests) by using “netstat” command, which is the symptom of a denial of service attack.腳本基本上是監測和跟踪IP地址發送和建立大量的TCP網絡連接，如大規模電子郵件，多坪， HTTP請求）用“ netstat ”命令，這是症狀的拒絕服務攻擊。 When it detects number of connections from a single node that exceeds certain preset limit, the script will automatically uses APF or IPTABLES to ban and block the IPs.當它偵測到的連接數從一個單一的節點超過一定的預設上限，該腳本將自動使用的APF或iptables的禁止和阻撓的IPS 。 Depending on the configuration, the banned IP addresses would be unbanned using APF or IPTABLES (only works on APF v 0.96 or better).視乎有關的配置，禁止IP地址將unbanned使用的APF或iptables的（只適用於武裝警察部隊v 0.96或更高） 。

Installation and setup of (D)DOS-Deflate on the server is extremely easy.安裝和設置的（四） DOS的deflate在服務器上是非常容易的。 Simply login as root by open SSH secure shell access to the server, and run the the following commands one by one:簡單地以root登入，透過公開的SSH安全shell訪問服務器，並運行以下命令，一個又一個：

wget http://www.inetbase.com/scripts/ddos/install.sh wget http://www.inetbase.com/scripts/ddos/install.sh
chmod 0700 install.sh chmod 0700 install.sh
./install.sh 。 / install.sh

To uninstall the (D)DOS-Deflate, run the following commands one by one instead:卸載（四） DOS的deflate ，運行下面的命令了一個又一個，而是：

wget http://www.inetbase.com/scripts/ddos/uninstall.ddos wget http://www.inetbase.com/scripts/ddos/uninstall.ddos
chmod 0700 uninstall.ddos chmod 0700 uninstall.ddos
./uninstall.ddos 。 / uninstall.ddos

The configuration file for (D)DOS-Deflate is ddos.conf , and by default it will have the following values:配置文件（四） DOS的deflate是ddos.conf ，默認情況下，將會有以下值：

FREQ=1頻率= 1
NO_OF_CONNECTIONS=50 no_of_connections = 50
APF_BAN=1 apf_ban = 1
KILL=1殺人= 1
EMAIL_TO=”root” email_to = “根”
BAN_PERIOD=600 ban_period = 600

Users can change any of these settings to suit the different need or usage pattern of different servers.用戶可以更改這些設置，以適應不同的需要或使用模式不同的服務器。 It’s also possible to whitelist and permanently unblock (never ban) IP addresses by listing them in /usr/local/ddos/ignore.ip.list file.它也可能白名單和永久解除封鎖（從來沒有禁止）的IP地址列出他們在/ usr / local /的DDoS / ignore.ip.list檔案。 If you plan to execute and run the script interactively, users can set KILL=0 so that any bad IPs detected are not banned.如果您計劃執行和運行該腳本交互方式，用戶可以設置殺= 0 ，使任何壞的IPS檢測所不禁止的。

IMPORTANT : This is a machine translated page which is provided "as is" without warranty. 重要說明 ：這是一個機器翻譯網頁是“按原樣”提供的擔保。 Machine translation may be difficult to understand.機器翻譯可能很難理解。 Please refer to請參閱 original English article英文原版的文章 whenever possible.只要有可能。

Share and contribute or get technical support and help at分享和貢獻，或取得技術的支持和幫助，在 My Digital Life Forums 我的數字生活論壇 . 。

Related Articles相關文章

• Install mod_evasive for Apache to Prevent DDOS Attacks安裝mod_evasive的Apache ，以防止DDoS攻擊
• Limit Maximum TCP Connections to Web Servers限制的最大TCP連接到Web服務器
• How to Find and Check Number of Connections to a Server如何查找和支票號碼連接到服務器
• Acunetix Web Vulnerability Scanner Reviews acunetix網絡漏洞掃描器評語
• Reduce Server Load Using Akismet to Automatically Discard Spam Comments on Posts Older than A Month減少服務器負載使用akismet自動丟棄垃圾郵件的評論對職位的老年人超過1個月
• How to Check if Telnet Is Running on a Server如何檢查，如果Telnet是運行在服務器上
• Best and Worst Microsoft Products最佳和最差的Microsoft產品
• Reset the Root Password of MySQL Server重置root密碼的MySQL服務器
• TCP/IP Has Reached the Security Limit Imposed on the Number of Concurrent TCP Connect Attempts Error on Windows Vista TCP / IP協議已達到了安全限制加諸於大量並行的TCP連接嘗試錯誤的Windows Vista
• Installing Web Server in FreeBSD 6.0 with Apache 2.2, MySQL 5.0 and PHP 5 - Part 4安裝Web服務器在FreeBSD的6.0與2.2的Apache ， MySQL 5.0的和PHP 5 -第4部分

This entry was posted on Thursday, December 13th, 2007 at 5:44 pm and is filed under 此項目被張貼在週四， 2007年12月13日在下午5時44分，並提交下 Webmaster Resources 網站管理員資源 . 。 You can follow any responses to this entry through the 您可以按照任何的反應，此項目通過 RSS 2.0 2.0 feed. 餵養。 You can 您可以 leave a response 留下的回應 , or ，或 trackback Trackback跟踪 from your own site. 從你自己的網站。