How to deal with denial of service attacks on Linux servers
A denial of service attack (Denial of Service, DoS) is a type of attack that involves sending a large number of requests to the target server or exploiting vulnerabilities, etc. An attack method that prevents the server from providing normal services. As one of the most commonly used server systems in the network environment, Linux servers are also one of the frequent targets of hackers. This article will explain how to deal with denial of service attacks on Linux servers and provide some code examples.
1. Configure the network firewall
The first line of defense of the Linux server is the network firewall, which can be configured using tools such as iptables. By configuring a network firewall, you can restrict access to certain IP addresses or IP address segments, or restrict access to certain specific network protocols. The following sample code shows how to configure iptables to restrict access to a certain IP address segment:
# 允许所有流量通过 iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT # 清空规则链 iptables -F iptables -X # 允许本地回环 iptables -A INPUT -i lo -j ACCEPT # 允许已建立的连接通过 iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # 允许某个IP地址段的访问 iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT # 拒绝所有其他的流量 iptables -P INPUT DROP
When configuring the network firewall, you need to consider the normal traffic required by the server and configure it accordingly based on the actual situation.
2. Configure software firewall
In addition to network firewalls, software firewalls can also be used to increase server security. Common software firewalls include Fail2Ban and ModSecurity. Fail2Ban can temporarily prohibit access from a certain IP address within a certain period of time based on configured rules to prevent brute force cracking or malicious attacks. ModSecurity is a web application firewall that can block potential attacks by defining rules. The following is a sample configuration for Fail2Ban:
[DEFAULT] bantime = 3600 findtime = 600 maxretry = 5 [sshd] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log
In the above sample configuration, Fail2Ban will monitor the log file of the sshd service and temporarily ban the IP address from the IP address after more than 5 failed logins within 10 minutes. Access.
3. Configure DoS protection system
In order to deal with denial of service attacks, you can configure a special DoS protection system to monitor server traffic and filter out abnormal or malicious requests. Common DoS protection systems include ModEvasive and DOSarrest. The following is a sample configuration of ModEvasive:
<IfModule mod_evasive24.c> DOSHashTableSize 3097 DOSPageCount 5 DOSSiteCount 100 DOSPageInterval 2 DOSSiteInterval 1 DOSBlockingPeriod 10 DOSLogDir "/var/log/httpd/modevasive" <IfModule mod_ssl.c> DOSBlockingList "/var/log/httpd/mod_evasive/blocked_ips_ssl.db" </IfModule> <IfModule !mod_ssl.c> DOSBlockingList "/var/log/httpd/mod_evasive/blocked_ips_nonssl.db" </IfModule> </IfModule>
In the above sample configuration, ModEvasive will have more than 5 access requests within 2 seconds or more than 100 access requests from the same IP address within 1 second. Next, access to the IP address will be automatically blocked for 10 seconds.
Summary
To protect Linux servers from denial-of-service attacks, it is necessary to comprehensively use multiple means such as network firewalls, software firewalls, and DoS protection systems. Proper configuration and use of these protection mechanisms can effectively protect servers from denial of service attacks.
The above is an introduction to how to deal with denial of service attacks on Linux servers, and provides some configuration examples. Hope this helps with your server security.
The above is the detailed content of How to deal with denial of service attacks on Linux servers. For more information, please follow other related articles on the PHP Chinese website!