Welcome! Log In Create A New Profile

Advanced

IPKILLER ddos

Posted by UnFeeLing 
IPKILLER ddos
June 10, 2012 03:11PM
http://www.youtube.com/watch?v=bBsA9tKiIrI

Имеется сервер Windows Server x64 apache2+nginx

nginx просто ложиться от этой фигни :(

Какие действия предпринять для защиты? Помогите

Конфиг nginx

worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 2048;
}
http {
#limit_conn_zone $binary_remote_addr zone=perip:10m;
#limit_conn_zone $server_name zone=perserver:10m;
#limit_conn_zone $binary_remote_addr zone=addr:10m;
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
keepalive_timeout 65;

#gzip on;
gzip on;
# Минимальная длина ответа, при которой модуль будет жать, в байтах
gzip_min_length 1000;
# Разрешить сжатие для всех проксированных запросов
gzip_proxied any;
# MIME-типы которые необходимо жать
gzip_types text/plain application/xml application/x-javascript text/javascript text/css text/json;
# Уровень gzip-компрессии
gzip_comp_level 6;

upstream backend {
# исправьте порт на тот, который будет слушать апач
server 127.0.0.1:81;
}

server {
# отключаем логи
access_log off;
# нжинкс слушает порт 80
listen 80;
# коннекты
# впишите ваши хосты
server_name localhost *.localhost;
client_max_body_size 200M;
client_body_buffer_size 16k;
proxy_set_header X-Forwarded-for $remote_addr;
# статику отдаем нжинксом напрямую
# пропишите путь к ее корневой папке
#location ~* \.(jpg|jpeg|gif|png|ico|css|bmp|swf|js)$ {
# root D:/xampp/htdocs/test.loc/www;
#}

# запрет на доступ к апачевским .ht* файлам
location ~ /\.ht {
deny all;
}
# настройки нжинкса как прокси для апача
location / {
# баним кретинов
deny 93.79.0.0/16;
deny 46.185.59.118;
deny 2.92.210.225;
# ограничиваем запросы
#limit_conn perip 10;
#limit_conn perserver 10000;
#limit_conn addr 10;
proxy_pass http://127.0.0.1:81/;
proxy_set_header Host $host;
# без mod_rpaf $remote_addr==127.0.0.1, но я это оставил
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
}

}
}

К сожалению
#limit_conn_zone $binary_remote_addr zone=perip:10m;
#limit_conn_zone $server_name zone=perserver:10m;
#limit_conn_zone $binary_remote_addr zone=addr:10m;

не работает на x64
Re: IPKILLER ddos
June 10, 2012 04:25PM
93.79.7.149 - - [10/Jun/2012:23:23:37 +0300] "GET / HTTP/1.0" 403 570 "9pv5oj.info" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; QihooBot 1.0 qihoobot@qihoo.net)"
93.79.8.221 - - [10/Jun/2012:23:23:37 +0300] "GET / HTTP/1.0" 403 168 "2o34p.ru" "Mozilla/3.01SGoldC-SGI (X11; I; IRIX 6.3 IP32)"
93.79.9.137 - - [10/Jun/2012:23:23:37 +0300] "GET / HTTP/1.0" 403 570 "5k4417b8.net" "Mozilla/4.0 (compatible; MSIE 4.01; Vonna.com b o t)"
93.79.82.143 - - [10/Jun/2012:23:23:37 +0300] "GET / HTTP/1.0" 403 168 "75x6bai41lx0l.com" "Mozilla/5.0 (compatible; Webduniabot/1.0; +http://search.76002h1l.com/bot.aspx)"
93.79.82.143 - - [10/Jun/2012:23:23:37 +0300] "GET / HTTP/1.0" 403 168 "ln5q934.info" "Mozilla/4.0 (compatible; Synapse)"
93.79.82.143 - - [10/Jun/2012:23:23:37 +0300] "GET / HTTP/1.0" 403 168 "02ad32yu.biz" "Mozilla/5.0 (compatible; egothor/8.0g; +http://ego.ms.t3tt80099x3f3.cuni.cz/)"
2.92.210.225 - - [10/Jun/2012:23:23:37 +0300] "GET / HTTP/1.0" 403 168 "4f4tp5.biz" "Mozilla/5.0 (compatible; Abonti/0.8 - http://www.2w89ff.com)"
93.79.9.137 - - [10/Jun/2012:23:23:37 +0300] "GET / HTTP/1.0" 403 168 "l57a6593o.biz" "Mozilla/3.0 (compatible; Fluffy the spider; http://www.searchhippo.com/; info@searchhippo.com)"
93.79.106.170 - - [10/Jun/2012:23:23:37 +0300] "GET / HTTP/1.0" 403 168 "ud771o1.net" "Mozilla/5.0 (compatible; heritrix/1.x.x +http://www.570l8e3er.com)"
2.92.210.225 - - [10/Jun/2012:23:23:37 +0300] "GET / HTTP/1.0" 403 168 "d6s7oai.info" "Mozilla/3.01SGoldC-SGI (X11; I; IRIX 6.3 IP32)"
93.79.106.170 - - [10/Jun/2012:23:23:37 +0300] "GET / HTTP/1.0" 403 570 "3j8afwy5h4s63b.net" "Mozilla/4.0 (compatible; MSIE 5.0; AOL 5.0; Windows 95; DigExt; Gateway2000; sureseeker.com)"
93.79.106.170 - - [10/Jun/2012:23:23:37 +0300] "GET / HTTP/1.0" 403 168 "52570.com" "mozilla/5.0 (compatible; genevabot http://www.ox861.com)"
93.79.9.137 - - [10/Jun/2012:23:23:37 +0300] "GET / HTTP/1.0" 403 168 "590696jo6.info" "Mozilla/4.05 [en] (X11; I; SunOS 4.1.4 sun4m)"
93.79.8.221 - - [10/Jun/2012:23:23:37 +0300] "GET / HTTP/1.0" 403 168 "fmo94535pzv.info" "Mozilla/5.0 (compatible; pmoz.info ODP link checker; +http://5096d0.info/doc/botinfo.htm)"
93.79.8.221 - - [10/Jun/2012:23:23:37 +0300] "GET / HTTP/1.0" 403 168 "21o97gjvxfw5.info" "Mozilla/5.0 (compatible; heritrix/1.5.0-200506231921 http://6lg71wfl82b.nla.gov.au/crawl.html)"
93.79.77.8 - - [10/Jun/2012:23:23:37 +0300] "GET / HTTP/1.0" 403 168 "e62f1o87320e9.info" "Mozilla/5.0 (compatible; zermelo +http://www.powerset.com) [email:paul@page-2684pdjhp1xv.com,crawl@powerset.com]"
93.79.77.8 - - [10/Jun/2012:23:23:37 +0300] "GET / HTTP/1.0" 403 168 "ypy972b4b.ru" "Mozilla/2.0 (compatible; Ask Jeeves/Teoma)"
93.79.77.8 - - [10/Jun/2012:23:23:37 +0300] "GET / HTTP/1.0" 403 168 "o146w82631.com" "Mozilla/5.0 (compatible; SummizeBot +http://www.2letv785hw.com)"
2.92.210.225 - - [10/Jun/2012:23:23:37 +0300] "GET / HTTP/1.0" 403 168 "d92uk79ynl3.com" "Mozilla/4.0 (compatible; Powermarks/3.5; Windows 95/98/2000/NT)"

Такая вещь в логах
Re: IPKILLER ddos
June 15, 2012 04:22PM
Поставьте для фронта, а он у вас nginx, линукс.
Затюнте воркеры/ворует коннекты,
epool для евентов,
лим реквесты+ возвращайте 444
Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 71
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready