Operation and MaintenanceLinux Operation and MaintenanceHow to deal with denial of service attacks on Linux servers
How to deal with denial of service attacks on Linux servers
A denial of service attack (Denial of Service, DoS) is a type of attack that involves sending a large number of requests to the target server or exploiting vulnerabilities, etc. An attack method that prevents the server from providing normal services. As one of the most commonly used server systems in the network environment, Linux servers are also one of the frequent targets of hackers. This article will explain how to deal with denial of service attacks on Linux servers and provide some code examples.
1. Configure the network firewall
The first line of defense of the Linux server is the network firewall, which can be configured using tools such as iptables. By configuring a network firewall, you can restrict access to certain IP addresses or IP address segments, or restrict access to certain specific network protocols. The following sample code shows how to configure iptables to restrict access to a certain IP address segment:
# 允许所有流量通过 iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT # 清空规则链 iptables -F iptables -X # 允许本地回环 iptables -A INPUT -i lo -j ACCEPT # 允许已建立的连接通过 iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # 允许某个IP地址段的访问 iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT # 拒绝所有其他的流量 iptables -P INPUT DROP
When configuring the network firewall, you need to consider the normal traffic required by the server and configure it accordingly based on the actual situation.
2. Configure software firewall
In addition to network firewalls, software firewalls can also be used to increase server security. Common software firewalls include Fail2Ban and ModSecurity. Fail2Ban can temporarily prohibit access from a certain IP address within a certain period of time based on configured rules to prevent brute force cracking or malicious attacks. ModSecurity is a web application firewall that can block potential attacks by defining rules. The following is a sample configuration for Fail2Ban:
[DEFAULT] bantime = 3600 findtime = 600 maxretry = 5 [sshd] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log
In the above sample configuration, Fail2Ban will monitor the log file of the sshd service and temporarily ban the IP address from the IP address after more than 5 failed logins within 10 minutes. Access.
3. Configure DoS protection system
In order to deal with denial of service attacks, you can configure a special DoS protection system to monitor server traffic and filter out abnormal or malicious requests. Common DoS protection systems include ModEvasive and DOSarrest. The following is a sample configuration of ModEvasive:
<IfModule mod_evasive24.c>
DOSHashTableSize 3097
DOSPageCount 5
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 1
DOSBlockingPeriod 10
DOSLogDir "/var/log/httpd/modevasive"
<IfModule mod_ssl.c>
DOSBlockingList "/var/log/httpd/mod_evasive/blocked_ips_ssl.db"
</IfModule>
<IfModule !mod_ssl.c>
DOSBlockingList "/var/log/httpd/mod_evasive/blocked_ips_nonssl.db"
</IfModule>
</IfModule>In the above sample configuration, ModEvasive will have more than 5 access requests within 2 seconds or more than 100 access requests from the same IP address within 1 second. Next, access to the IP address will be automatically blocked for 10 seconds.
Summary
To protect Linux servers from denial-of-service attacks, it is necessary to comprehensively use multiple means such as network firewalls, software firewalls, and DoS protection systems. Proper configuration and use of these protection mechanisms can effectively protect servers from denial of service attacks.
The above is an introduction to how to deal with denial of service attacks on Linux servers, and provides some configuration examples. Hope this helps with your server security.
The above is the detailed content of How to deal with denial of service attacks on Linux servers. For more information, please follow other related articles on the PHP Chinese website!
Tutorial on finding keywords for common Linux commandsMar 05, 2025 am 11:45 AMThis tutorial demonstrates efficient keyword searching in Linux using the grep command family and related tools. It covers basic and advanced techniques, including regular expressions, recursive searches, and combining commands like awk, sed, and xa
Work content of Linux operation and maintenance engineers What does Linux operation and maintenance engineers do?Mar 05, 2025 am 11:37 AMThis article details the multifaceted role of a Linux system administrator, encompassing system maintenance, troubleshooting, security, and collaboration. It highlights essential technical and soft skills, salary expectations, and diverse career pr
How do I use regular expressions (regex) in Linux for pattern matching?Mar 17, 2025 pm 05:25 PMThe article explains how to use regular expressions (regex) in Linux for pattern matching, file searching, and text manipulation, detailing syntax, commands, and tools like grep, sed, and awk.
How do I implement two-factor authentication (2FA) for SSH in Linux?Mar 17, 2025 pm 05:31 PMThe article provides a guide on setting up two-factor authentication (2FA) for SSH on Linux using Google Authenticator, detailing installation, configuration, and troubleshooting steps. It highlights the security benefits of 2FA, such as enhanced sec
How do I configure SELinux or AppArmor to enhance security in Linux?Mar 12, 2025 pm 06:59 PMThis article compares SELinux and AppArmor, Linux kernel security modules providing mandatory access control. It details their configuration, highlighting the differences in approach (policy-based vs. profile-based) and potential performance impacts
How do I monitor system performance in Linux using tools like top, htop, and vmstat?Mar 17, 2025 pm 05:28 PMThe article discusses using top, htop, and vmstat for monitoring Linux system performance, detailing their unique features and customization options for effective system management.
How do I back up and restore a Linux system?Mar 12, 2025 pm 07:01 PMThis article details Linux system backup and restoration methods. It compares full system image backups with incremental backups, discusses optimal backup strategies (regularity, multiple locations, versioning, testing, security, rotation), and da
Methods for uploading files for common Linux commandsMar 05, 2025 am 11:42 AMThis article compares Linux commands (scp, sftp, rsync, ftp) for uploading files. It emphasizes security (favoring SSH-based methods) and efficiency, highlighting rsync's delta transfer capabilities for large files. The choice depends on file size,
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
Atom editor mac version download
The most popular open source editor
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
