世界上還真多無聊人士,吃飽就想如何攻擊別人的網站, 一種常見的攻擊是貼廣告或是莫名其妙的留言,這些都是要廣告特定的 URL,這都是小問題,但另有一種刻意要癱瘓網站的攻擊,常見的作法就是發動很多很多的用戶端要求,持續讓網站窮於應付,用掉資源(CPU的資源, socket的資源,頻寬的資源…),而使得網站無法服務正常的使用者,這就是所謂的 DoS — Denial of Service 攻擊,稱為阻絕服務攻擊

針對 DoS 攻擊,官方的 Apache 本身並沒有提供解決之道,現在找到的是一個 3rd party 的模組,mod_evasive, 用以下原理防治: Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from any of the following:
  • Requesting the same page more than a few times per second
  • Making more than n concurrent requests on the same child per second
  • Making any requests while temporarily blacklisted (on a blocking list)

它的 README 寫對付 DDoS — Distributed DoS 也有效

以下說明一下安裝及設定過程
下載地址:http://www.zdziarski.com/projects/mod_evasive/


$ wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
$ tar zxvf mod_evasive_1.10.1.tar.gz
$ cd mod_evasive
$ /usr/sbin/apxs -cia mod_evasive20.c

編譯完成後,/usr/lib/httpd/modules/ 下會生成一個 mod_evasive20.so 模組檔
安裝時會自動在 /etc/httpd/conf/httpd.conf 內加入以下內容:
LoadModule evasive20_module   /usr/lib/httpd/modules/mod_evasive20.so


以下為設定 mod_evasive20 模組,在 /etc/httpd/conf/httpd.conf 內加入以下內容:

#記錄和存放黑名單的哈西表大小,如果服務器訪問量很大,可以加大該值
DOSHashTableSize 3097
#同一個頁面在同一時間內可以被統一個用戶訪問的次數,超過該數字就會被列為攻擊,同一時間的數值可以在DosPageInterval參數中設置。
DOSPageCount 3
#同一個用戶在同一個網站內可以同時打開的訪問數,同一個時間的數值在DOSSiteInterval中設置。
DOSSiteCount 40
#設置DOSPageCount中時間長度標準,默認值為1。
DOSPageInterval 2
#DOSSiteInterval 2 設置DOSSiteCount中時間長度標準,默認值為1。
DOSSiteInterval 2
#被封時間間隔秒,這中間會收到 403 (Forbidden) 的返回。
DOSBlockingPeriod 10
#設置受到攻擊時接收攻擊信息提示的郵箱地址。
#DOSEmailNotify you@yourdomain.com
#受到攻擊時Apache運行用戶執行的系統命令
#DOSSystemCommand 「su - someuser -c 『/sbin/… %s …』」
#攻擊日誌存放目錄,BSD上默認是 /tmp
#DOSLogDir 「/var/lock/mod_evasive」

完成之後, restart httpd 即可

$ service httpd restart


可以利用 安裝目錄內的 test.pl 測試看看結果

HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden


恩,不錯有效果!
arrow
arrow
    全站熱搜

    kevin0523 發表在 痞客邦 留言(0) 人氣()

    E-mail轉寄