mod_dosevasive是一个Apache上的可选模块,它能应对一些基于HTTP的拒绝服务攻击,就是常说的Dos或者DDos攻击,这种攻击是让很多大小网站都头疼的攻击方式,mod_dosevasive从Apache1.3开始出现,虽然不能完全彻底的防止大规模的DDos攻击,但是对于普通的攻击来说,还是非常不错的选择。
我的服务器(http://www.toplee.com/blog/)就曾经收到过类似的测试攻击(就是估计别人是为了练手,并非真的要针对我),搞得很头疼,我一些朋友的应用也遇到过类似的烦恼,基本上都通过安装mod_dosevasive得到了较好的解决。下面我就来以我在FreeBSD上安装基于Apache2.2.2的mod_dosevasive经过给大家分享一下经验,顺便进一步讲述一下mod_dosevasive的特性。
mod_dosevasive通过对来访IP地址和访问URI建立内部动态哈希表来检测是否有攻击,如果有如下的行为将拒绝该IP的访问:
1. 每秒对同一页面的请求数超过平时(原文:Requesting the same page more than a few times per second)。
2. 每秒同一个子进程有超过50次的并发请求。
3. 临时被拒绝(在blacklist中)的时候还不断进行请求。
mod_dosevasive可以非常方便的和防火墙、路由器等进行整合,进一步提高抗拒绝服务的能力。和别的防攻击工具一样,mod_dosevasive同样收到带宽、系统处理能力等因素的影响,所以要想应对大规模的攻击,最好的方式就是把mod_dosevasive和您的防火墙和路由器进行整合,而不是简单的安装成为独立的Apache模块。
mod_dosevasive在apache2.2.2上的安装方法:
一、使用源码安装:
1、下载
#wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
2、解压缩
#cd mod_dosevasive
3、以动态模块方式编译
4. 修改/etc/httpd/conf/httpd.conf文件,加入对模块的支持:
二、使用FreeBSD的port进行安装(强烈推荐此方式)
#make install clean
至此,完成了mod_dosevasive的安装,重启apache服务后,它就开始工作了,这个时候您如果不作任何别的设置,它也可以使用默认配置为您提供良好的防攻击能力,当然,您也可以自己进行一些参数的定制配置,可选的参数如下:
在您的httpd.conf文件中,加入类似下面的部分
Apache 1.3.x
DOSHashTableSize 3097
DOSPageCount 5
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 600
</IfModule>
Apache 2.x
DOSHashTableSize 3097
DOSPageCount 5
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 600
</IfModule>
参数简单说明:
DOSHashTableSize 3097 记录和存放黑名单的哈西表大小,如果服务器访问量很大,可以加大该值
DOSPageCount 5 同一个页面在同一时间内可以被统一个用户访问的次数,超过该数字就会被列为攻击,同一时间的数值可以在DosPageInterval参数中设置。
DOSSiteCount 50 同一个用户在同一个网站内可以同时打开的访问数,同一个时间的数值在DOSSiteInterval中设置。
DOSPageInterval 2 设置DOSPageCount中时间长度标准,默认值为1。
DOSSiteInterval 2 设置DOSSiteCount中时间长度标准。
DOSBlockingPeriod 10 被封时间间隔秒,这中间会收到 403 (Forbidden) 的返回。
其他可选参数:
DOSEmailNotify lee@toplee.com 设置受到攻击时接收攻击信息提示的邮箱地址。
DOSSystemCommand “su – someuser -c ‘/sbin/… %s …'” 受到攻击时Apache运行用户执行的系统命令
DOSLogDir “/var/lock/mod_dosevasive” 攻击日志存放目录,BSD上默认是 /tmp
下面是我的服务器上看到的一些日志情况:
#ll |wc -l
2303
#ls
......
dos-218.64.69.71 dos-219.80.33.54 dos-222.214.156.211
dos-218.64.79.59 dos-219.82.143.127 dos-222.214.2.148
dos-218.64.81.162 dos-219.82.46.245 dos-222.214.206.162
dos-218.65.102.178 dos-220.113.43.61 dos-222.214.207.191
......
#more dos-218.64.69.71
30611
可以看到,这个ip地址有30611次的访问攻击被记录!!!
参考资料:
原官方主页:http://www.nuclearelephant.com/projects/dosevasive/
新主页地址:http://www.zdziarski.com/projects/mod_evasive/
本文永久链接: http://www.toplee.com/blog/?p=278
你写的技术文章很有意思,有空交流下
[Comment ID #5169 Will Be Quoted Here]
见笑了,只是一些很初级的东西,欢迎多指点和交流!
希望跟主人探讨!
在zdziarski.com上看到
mod_evasive for Apache v1.3 and 2.0,
那里可以确认支持apache2.2.X呢?
您在apache2.2.2上测试通过了是吗?对于apache1.3和2.x的区别是否只是在于配置文件中的
而且你提到的针对apache2.x包括apache2.2.x吗?
希望能尽快知道答案,谢谢啦!
我的联系方式:(qq/msn/mail)11772226 ie_eu@hotmail.com ocean.meng@gmail.com
[Comment ID #8405 Will Be Quoted Here]
您说的mod_evasive不知道是不是mod_dosevasive,对于mod_dosevasive来说,目前我测试安装的结果是支持apache2.2.2的,下面是我安装后测试打印的系统信息:
Apache Version Apache/2.2.2 (FreeBSD) mod_ssl/2.2.2 OpenSSL/0.9.8b DAV/2 PHP/5.1.4
Apache API Version 20051115
不错 强烈支持!希望帅哥多发些好文章
看到了,但我使用lighttpd作为WEBSERVER,有没有好的方法呢
[Comment ID #17672 Will Be Quoted Here]
Lighttpd 有个 evasive 模块,可以起到一定的保护作用,但是更多的防攻击能力还是需要结合别的软件,甚至是自己开发,比如我们就自己做过分析日志来实时更新ipfw防火墙策略,这个的效果还是不错的,细节就不便说了。
我也很头疼这个这个问题,连续三天都是,后台打电话到机房说是CC攻击,搞不清楚是DDos还是cc,没办法放到机房的一个抗cc攻击的硬防下面,OS是FB6.2,Apache2.2.0,有空也试一下这个模块!
freebsd很强的 一般不会挂的
是篇好文章的 学习啦
路过,学习了,收藏了,谢谢分享!
虽然不太懂,但我先收藏先,改天试试
给你顶了。。。写的挺不错的呢!以后经常来的
There’s definately a lot to know about this topic.
I love all of the points you have made.
Thank you for sharing your thoughts. I really appreciate your efforts and I will be waiting for your next write ups thank you once again.
Fantastic goods from you, man. I’ve understand your
stuff previous to and you’re just extremely wonderful.
I really like what you’ve acquired here, certainly like what you are saying and the way in which
you say it. You make it entertaining and you
still care for to keep it smart. I can not wait to read much more from you.
This is actually a great website.
Fantastic goods from you, man. I have be aware your stuff prior to and you’re just too great.
I actually like what you have obtained here, certainly like what you’re stating and the best way in which
you say it. You are making it enjoyable and you continue to care for to
stay it wise. I cant wait to learn far more from you. That
is really a terrific site.
At this time I am going away to do my breakfast, once having my breakfast coming over
again to read more news.
hello!,I like your writing so so much! percentage we communicate more approximately your article on AOL?
I need an expert in this house to resolve my problem.
May be that’s you! Having a look ahead to see you.
Very descriptive article, I enjoyed that a
lot. Will there be a part 2?
Excellent beat ! I would like to apprentice while you amend your website, how can i subscribe for a blog
website? The account helped me a acceptable deal. I had been a little bit acquainted
of this your broadcast offered bright clear idea
Hi! Someone in my Facebook group shared this website with us so I came to check it out.
I’m definitely loving the information. I’m bookmarking and will
be tweeting this to my followers! Exceptional blog
and great style and design.
I every time emailed this blog post page to all my contacts,
because if like to read it next my contacts will too.
Very descriptive article, I loved that a lot. Will
there be a part 2?
I’m not that much of a online reader to be honest but your blogs really nice, keep it up!
I’ll go ahead and bookmark your website to come back down the road.
Many thanks
Hello terrific blog! Does running a blog like this require
a large amount of work? I have no expertise in computer programming
however I had been hoping to start my own blog in the near future.
Anyways, if you have any recommendations or techniques
for new blog owners please share. I know this is off subject but I just had to ask.
Kudos!
If some one desires to be updated with most up-to-date technologies afterward he must be visit this website and be up to date every day.
Terrific work! That is the kind of information that are supposed
to be shared across the internet. Shame on the search engines for not positioning this post upper!
Come on over and consult with my website . Thank you =)
Hello every one, here every person is sharing these
kinds of knowledge, thus it’s fastidious to read this weblog, and I used to pay a visit this web site
daily.
Hey I am so delighted I found your blog, I really found you by
accident, while I was searching on Aol for something else,
Anyways I am here now and would just like to say thank you
for a fantastic post and a all round enjoyable blog (I also love the theme/design), I don’t have time to browse it all
at the minute but I have bookmarked it and also added in your RSS feeds, so when I
have time I will be back to read more, Please do keep up the great work.
This paragraph will assist the internet viewers for creating new blog or even a blog from start to end.
It’s a shame you don’t have a donate button! I’d without a doubt donate to this superb blog!
I suppose for now i’ll settle for book-marking and adding your RSS feed to my Google account.
I look forward to new updates and will talk about this site with my Facebook group.
Talk soon!
Write more, thats all I have to say. Literally, it seems as though you relied on the video to
make your point. You obviously know what youre talking about, why throw away your intelligence on just posting
videos to your site when you could be giving us something informative to read?
What’s up Dear, are you really visiting this web site on a regular basis, if so afterward you will absolutely get fastidious knowledge.
Hello there! I know this is kinda off topic but I was
wondering if you knew where I could find a captcha plugin for my comment form?
I’m using the same blog platform as yours and I’m having difficulty finding
one? Thanks a lot!
Since the admin of this web site is working, no uncertainty very soon it will be well-known, due to its quality contents.
I blog often and I seriously thank you for your content.
Your article has really peaked my interest. I am going
to bookmark your blog and keep checking for new information about once a
week. I opted in for your RSS feed too.
I’m not that much of a online reader to be honest but your blogs really nice, keep it up!
I’ll go ahead and bookmark your site to come back in the future.
Many thanks
Hello to every body, it’s my first go to see of this weblog; this weblog carries remarkable and actually fine
material in favor of readers.
It is appropriate time to make a few plans for the
longer term and it is time to be happy. I’ve learn this submit and if I could I wish to suggest you few interesting issues or advice.
Perhaps you can write subsequent articles relating to this article.
I want to read more things approximately it!
Do you have a spam issue on this site; I also am a blogger,
and I was wanting to know your situation; we have developed some nice
practices and we are looking to trade solutions with others, why
not shoot me an e-mail if interested.
Its such as you learn my mind! You seem to know so much about this, like you wrote the e-book in it or something.
I believe that you just can do with some percent to drive
the message house a little bit, however instead of that, that is fantastic blog.
A fantastic read. I’ll certainly be back.
You’ve made some really good points there. I looked on the web for additional information about the issue and found most people will go along with your views
on this site.
This is a topic that is near to my heart… Take care!
Exactly where are your contact details though?
Good post. I learn something new and challenging on websites I stumbleupon every day.
It will always be useful to read through content from other writers and use something from other websites.
Greate post. Keep posting such kind of information on your site.
Im really impressed by your blog.
Hey there, You have performed an excellent job.
I’ll definitely digg it and for my part recommend to my
friends. I am sure they will be benefited from this website.
Excellent blog here! Also your web site loads
up very fast! What web host are you using? Can I get your affiliate link to your host?
I wish my web site loaded up as quickly as yours lol
Great post. I used to be checking constantly this
weblog and I am impressed! Extremely helpful info specially the remaining part 🙂 I take care of such info a lot.
I was seeking this particular information for a very lengthy time.
Thanks and good luck.
I am extremely impressed with your writing skills as
well as with the layout on your weblog. Is this a
paid theme or did you modify it yourself? Anyway keep up the excellent quality writing,
it’s rare to see a great blog like this one these
days.
Woah! I’m really digging the template/theme of
this site. It’s simple, yet effective. A lot of times it’s challenging to get that “perfect balance” between superb
usability and visual appeal. I must say you have done a superb job with this.
In addition, the blog loads extremely fast for me on Safari.
Exceptional Blog!
This is really fascinating, You’re an overly professional blogger.
I have joined your feed and look forward to
in search of more of your excellent post. Additionally,
I have shared your website in my social networks
I am sure this paragraph has touched all the internet visitors, its really really fastidious article on building up new blog.
Excellent beat ! I wish to apprentice while you amend your website, how
could i subscribe for a blog site? The account aided me a acceptable deal.
I had been tiny bit acquainted of this your broadcast provided bright clear idea
My family members all the time say that I am wasting my time here at web, however I know I am getting know-how daily by reading such pleasant articles
or reviews.
Spot on with this write-up, I absolutely believe this website
needs a great deal more attention. I’ll probably be
back again to see more, thanks for the information!
Hey! Quick question that’s entirely off topic. Do you know how to make
your site mobile friendly? My weblog looks weird when viewing from my iphone.
I’m trying to find a template or plugin that might be able to correct this problem.
If you have any recommendations, please share.
Thank you!
Please let me know if you’re looking for a author for your blog.
You have some really great articles and I think I
would be a good asset. If you ever want to take some of the load
off, I’d really like to write some content for your blog in exchange for a
link back to mine. Please shoot me an email if interested.
Thanks!
Hello to all, how is everything, I think every one is
getting more from this website, and your views are fastidious for new people.
Hi there, all the time i used to check weblog posts here early in the break of day, because i
like to find out more and more.
Hi there! I could have sworn I’ve been to this website before but after browsing
through some of the post I realized it’s new to me.
Anyhow, I’m definitely delighted I found it and I’ll be book-marking and checking back
frequently!
These are in fact great ideas in regarding blogging.
You have touched some nice things here. Any way keep up
wrinting.
Very great post. I simply stumbled upon your weblog and wanted to mention that I have really enjoyed surfing
around your weblog posts. After all I will be subscribing to your
rss feed and I am hoping you write once more soon!
I am eҳtremelʏ іmpressed ᴡith your writing skilⅼs
and also witһ the layout οn your weblog. Is
this a paid thheme or diⅾ yyoս modify it yourself? Either ᴡay keеp up the nice qualiuty writing, it’s rare to see a grеɑt
blog like this one nowadays.
I ɑm extremely impressed with your writing skilⅼs and also with tһe layout on your weblog.
Is this a paid theme or dіd yoou modify it yourself?
Either way keep uρ the nice quality writing, it’s гare to seе a
ցreat blog likкe this one nowadays.
Hello there, I found your site by way of Google at the same time
as looking for a similar topic, your site got here up, it seems great.
I have bookmarked it in my google bookmarks.
Hello there, simply turned into alert to your blog via Google, and located that it is truly informative.
I am going to be careful for brussels. I will be grateful in the event
you proceed this in future. A lot of other
people can be benefited from your writing. Cheers!
Hi there! This blog post couldn’t be written any better!
Going through this post reminds me of my previous roommate!
He continually kept talking about this. I most certainly will forward
this post to him. Pretty sure he will have a great read.
I appreciate you for sharing!
If you desire to take a good deal from this post then you have to
apply these methods to your won webpage.
Pretty nice post. I just stumbled upon your weblog and wished to say that I’ve truly enjoyed surfing around
your blog posts. After all I will be subscribing to your
feed and I hope you write again soon!
I must thank you for the efforts you’ve put in penning this website.
I am hoping to see the same high-grade blog posts from you in the future as well.
In truth, your creative writing abilities has inspired
me to get my very own blog now 😉
Thankfulness to my father who informed me
regarding this webpage, this webpage is actually amazing.
Quest bars cheap fitnesstipsnew1 quest bars cheap 516999410492780544 quest bars cheap
For most recent news you have to pay a quick visit world-wide-web and
on web I found this site as a most excellent web page for most up-to-date updates.
Quest bars cheap fitnesstipsnew1 quest bars cheap 516999410492780544 quest bars cheap
Descargar facebook http://twitter.com/descargar_hq descargar facebook
You have made some really good points there. I checked on the net to learn more about the issue and found most people will go along with your views on this web site.
Descargar facebook http://twitter.com/descargar_hq descargar facebook
In fact when someone doesn’t understand then its up to
other users that they will assist, so here it occurs.
I absolutely love your blog and find nearly all of your
post’s to be precisely what I’m looking for.
Do you offer guest writers to write content for you?
I wouldn’t mind publishing a post or elaborating on a lot of the subjects you write regarding
here. Again, awesome weblog!
Do you have any video of that? I’d love to find out some additional information.
Excellent goods from you, man. I have understand your
stuff previous to and you are just too magnificent.
I actually like what you’ve acquired here, really like what you
are stating and the way in which you say it. You make it entertaining
and you still care for to keep it sensible. I can not wait to read much more from you.
This is actually a terrific web site.
Sling tv coupons and promo codes for november 2018
I’m really impressed together with your writing skills and
also with the format in your blog. Is that this a
paid theme or did you modify it your self?
Anyway keep up the nice quality writing, it is rare to
peer a great blog like this one these days.. Sling
tv coupons and promo codes for november 2018
Cool blog! Is your theme custom made or did you download it from somewhere?
A design like yours with a few simple tweeks would really make my blog jump
out. Please let me know where you got your theme. Cheers
Fantastic items from you, man. I have take into account your stuff
prior to and you are simply too wonderful. I actually like what you’ve obtained here, certainly like what
you are saying and the best way through which you assert it.
You’re making it enjoyable and you still take care of to stay it wise.
I cant wait to read far more from you. That is really
a wonderful site.
It’s impressive that you are getting thoughts from this article as well as from
our dialogue made at this time.
helloGood website. Keep posting more informative articles like these one. These are very good articles to visit thank you
Lsm99
Gclub
ทางเข้า Gclub
ทางเข้า Lsm99
Here is where I put all of my expired web 2.0 accounts.
I scrape massive lists and then check to see
if they’re expired. I think you’ll be surprised by the number of
accounts that I come across. Hopefully, you’ll be able to put these expired accounts to good use.
Askinng questions are really nice thikng if you are not understanding
anything fully, but this post provides nicee understanding even.
Hello wouldd you mind letting mme know which web host
you’re using? I’ve loaded youjr blog in 3 completely differen browsers and I must ssay this blog loads a lot faster
then most. Can you suggest a good web hhosting provider
at a reasonable price? Kudos, I appreciate it!
For the reason that the admin of this web site is working,
no doubt very quickly it will be well-known, due to its feature contents.
Having read this I believed it was very enlightening.
I alpreciate you taking the time and effort to put this information together.
I once again find myself spending a significan amount of
time both reading and posting comments. But sso what, it was still worth it!
Hi, i think that i saw you visited my website thus i came to “return the favor”.I’m trying to
find things to enhance my web site!I suppose its ok to use
a few of your ideas!!
I am actuallly thankful to the owner of this site
who has shard this impressive piece of writing at here.
Hey there! I just wanted to ask if you ever have any issues with hackers?
My last blog (wordpress) was hacked and I ended up
losing a few months of hard work due to no data backup.
Do you have any solutions to prevent hackers?
Magnificent beat ! I wish to apprentice whilst you amend your website, how can i subscribe for a blog website?
The account helped me a acceptable deal. I have been tiny bit familiar of this your broadcast provided bright
clear idea
Thanks for every other informative website. Wheee else could I get that type of info written in such a
perdfect method? I have a project that I’m just now working on, andd I have been at the look
out for such information.
You really make it seem so easy with your presentation but I find this topic to
be really something that I think I would never understand.
It seems too complicated and very broad for me. I’m looking forward for
your next post, I’ll try to get the hang of it!
A bushcгaft knife is designed tto handle tough use.
A bᥙshcraft knmife is designed to handle tough use.
Hi, every time i used to check weeb site posts here early in the break oof day, for thhe reason that i love to
learn more and more.
Howdy I am so delighted I found your blog, I really found you by error, while I was bowsing on Askjeeve for something else, Regardless I am here now and would just like to say thank you for a fantastic post and a all round exciting
blog (I also love the theme/design), I don’t have
tije to read it alll at the moment but I have book-marked it andd also added your
RSS feeds, so when I have time I willl be back to read
a great deal more, Please doo keep up the superb work.
Remarkable things here. I am very satisfied to peer your article.
Thanks a lot and I am looking ahead to contact you.
Will yyou please drolp me a e-mail?
It’s enormous that you are getting ideas
from this paragraph as well as from our argument made here.
always i used to read smaller posts whgich as well clear their motive, and that is also happening with this post wbich I
am reading here.
If you aree going for moat excellent contents like
me, simply visit this web site daily since itt provies quality contents, thanks
First of alll I would like to say superb blog! I had a quick question that I’d llike to ask if you
do not mind. I was interested to know how you center yourself
and clear your head prior to writing. Ihave had difficulty
clearing my thoughts in geyting my thoughts out. I do take pleasure in writing however it
just seems like tthe first 10 to 15 minutes are generally lost just trying to figure
out how to begin. Any suggestions or hints? Kudos!
Nice post. I learn something totally new and challenging on sites I stumjbleupon every day.
It will always be interesting to read content from other writers and uuse something
from other websites.
Asking questions are really good thing if you are not understanding anything fully, except this piece of writing offers pleasant understanding yet.
When some one searches for his required thing, so he/she wants to
be available that in detail, therefore that thing is maintained over
here.
Hey I know this is off topic but I was wondering if you knew
of any widgets I coud add to my blog that automatically tweet my newest twitter updates.
I’ve besen looking for a plug-in like thos for
quite some time and was hoping maybe you would have some experience with something
like this. Please let me know if you run into anything.
I truly enjoy reading your blo and I look forward to your
new updates.
Hi there to every one, since I am really keen of
reading thi webpage’s post to be updated regularly.
It carries pleasant stuff.
Hey! I just wanted to ask if you ever have any trouble with hackers?
My last blog (wordpress) was hacked and I ended up losing
many months of hard work due to no back up.
Do you have any solutions to protect against hackers?
Hey! Would you mind if I share your blog with my facebook group?
There’s a lot of folks that I think would really appreciate your content.
Please let me know. Thank you
Why people still use to read news papers when in this technological globe everything is available on net?
Usually I don’t read article on blogs, however I would like to say that this write-up very pressured
me to try and do so! Your writing style has been surprised me.
Thanks, very nice article.
Fantastic blog! Do you have any suggestions for aspiring
writers? I’m planning to start my own site soon but
I’m a little lost on everything. Would you propose starting with a
free platform like WordPress or go for a paid option? There are
so many options out there that I’m totally overwhelmed ..
Any tips? Many thanks!
I am regular reader, how aare you everybody? This piece of
wroting postged at this website is actually fastidious.
Hi there, I enjoy reading alll off youyr article post.
I like to write a little comment to support you.
I am in fact grateful to the holder oof this web
page who has shhared this enormous piedce of writing at here.
I think this is one of the most vital information for me.
And i am glad reading your article. But wanna remark on few geneeral things, The website style
is ideal, the articles is really great : D. Good job, cheers