mod_dosevasive是一个Apache上的可选模块,它能应对一些基于HTTP的拒绝服务攻击,就是常说的Dos或者DDos攻击,这种攻击是让很多大小网站都头疼的攻击方式,mod_dosevasive从Apache1.3开始出现,虽然不能完全彻底的防止大规模的DDos攻击,但是对于普通的攻击来说,还是非常不错的选择。
我的服务器(http://www.toplee.com/blog/)就曾经收到过类似的测试攻击(就是估计别人是为了练手,并非真的要针对我),搞得很头疼,我一些朋友的应用也遇到过类似的烦恼,基本上都通过安装mod_dosevasive得到了较好的解决。下面我就来以我在FreeBSD上安装基于Apache2.2.2的mod_dosevasive经过给大家分享一下经验,顺便进一步讲述一下mod_dosevasive的特性。
mod_dosevasive通过对来访IP地址和访问URI建立内部动态哈希表来检测是否有攻击,如果有如下的行为将拒绝该IP的访问:
1. 每秒对同一页面的请求数超过平时(原文:Requesting the same page more than a few times per second)。
2. 每秒同一个子进程有超过50次的并发请求。
3. 临时被拒绝(在blacklist中)的时候还不断进行请求。
mod_dosevasive可以非常方便的和防火墙、路由器等进行整合,进一步提高抗拒绝服务的能力。和别的防攻击工具一样,mod_dosevasive同样收到带宽、系统处理能力等因素的影响,所以要想应对大规模的攻击,最好的方式就是把mod_dosevasive和您的防火墙和路由器进行整合,而不是简单的安装成为独立的Apache模块。
mod_dosevasive在apache2.2.2上的安装方法:
一、使用源码安装:
1、下载
#wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
2、解压缩
#cd mod_dosevasive
3、以动态模块方式编译
4. 修改/etc/httpd/conf/httpd.conf文件,加入对模块的支持:
二、使用FreeBSD的port进行安装(强烈推荐此方式)
#make install clean
至此,完成了mod_dosevasive的安装,重启apache服务后,它就开始工作了,这个时候您如果不作任何别的设置,它也可以使用默认配置为您提供良好的防攻击能力,当然,您也可以自己进行一些参数的定制配置,可选的参数如下:
在您的httpd.conf文件中,加入类似下面的部分
Apache 1.3.x
DOSHashTableSize 3097
DOSPageCount 5
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 600
</IfModule>
Apache 2.x
DOSHashTableSize 3097
DOSPageCount 5
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 600
</IfModule>
参数简单说明:
DOSHashTableSize 3097 记录和存放黑名单的哈西表大小,如果服务器访问量很大,可以加大该值
DOSPageCount 5 同一个页面在同一时间内可以被统一个用户访问的次数,超过该数字就会被列为攻击,同一时间的数值可以在DosPageInterval参数中设置。
DOSSiteCount 50 同一个用户在同一个网站内可以同时打开的访问数,同一个时间的数值在DOSSiteInterval中设置。
DOSPageInterval 2 设置DOSPageCount中时间长度标准,默认值为1。
DOSSiteInterval 2 设置DOSSiteCount中时间长度标准。
DOSBlockingPeriod 10 被封时间间隔秒,这中间会收到 403 (Forbidden) 的返回。
其他可选参数:
DOSEmailNotify lee@toplee.com 设置受到攻击时接收攻击信息提示的邮箱地址。
DOSSystemCommand “su – someuser -c ‘/sbin/… %s …'” 受到攻击时Apache运行用户执行的系统命令
DOSLogDir “/var/lock/mod_dosevasive” 攻击日志存放目录,BSD上默认是 /tmp
下面是我的服务器上看到的一些日志情况:
#ll |wc -l
2303
#ls
......
dos-218.64.69.71 dos-219.80.33.54 dos-222.214.156.211
dos-218.64.79.59 dos-219.82.143.127 dos-222.214.2.148
dos-218.64.81.162 dos-219.82.46.245 dos-222.214.206.162
dos-218.65.102.178 dos-220.113.43.61 dos-222.214.207.191
......
#more dos-218.64.69.71
30611
可以看到,这个ip地址有30611次的访问攻击被记录!!!
参考资料:
原官方主页:http://www.nuclearelephant.com/projects/dosevasive/
新主页地址:http://www.zdziarski.com/projects/mod_evasive/
本文永久链接: http://www.toplee.com/blog/?p=278
你写的技术文章很有意思,有空交流下
[Comment ID #5169 Will Be Quoted Here]
见笑了,只是一些很初级的东西,欢迎多指点和交流!
希望跟主人探讨!
在zdziarski.com上看到
mod_evasive for Apache v1.3 and 2.0,
那里可以确认支持apache2.2.X呢?
您在apache2.2.2上测试通过了是吗?对于apache1.3和2.x的区别是否只是在于配置文件中的
而且你提到的针对apache2.x包括apache2.2.x吗?
希望能尽快知道答案,谢谢啦!
我的联系方式:(qq/msn/mail)11772226 ie_eu@hotmail.com ocean.meng@gmail.com
[Comment ID #8405 Will Be Quoted Here]
您说的mod_evasive不知道是不是mod_dosevasive,对于mod_dosevasive来说,目前我测试安装的结果是支持apache2.2.2的,下面是我安装后测试打印的系统信息:
Apache Version Apache/2.2.2 (FreeBSD) mod_ssl/2.2.2 OpenSSL/0.9.8b DAV/2 PHP/5.1.4
Apache API Version 20051115
不错 强烈支持!希望帅哥多发些好文章
看到了,但我使用lighttpd作为WEBSERVER,有没有好的方法呢
[Comment ID #17672 Will Be Quoted Here]
Lighttpd 有个 evasive 模块,可以起到一定的保护作用,但是更多的防攻击能力还是需要结合别的软件,甚至是自己开发,比如我们就自己做过分析日志来实时更新ipfw防火墙策略,这个的效果还是不错的,细节就不便说了。
我也很头疼这个这个问题,连续三天都是,后台打电话到机房说是CC攻击,搞不清楚是DDos还是cc,没办法放到机房的一个抗cc攻击的硬防下面,OS是FB6.2,Apache2.2.0,有空也试一下这个模块!
freebsd很强的 一般不会挂的
是篇好文章的 学习啦
路过,学习了,收藏了,谢谢分享!
虽然不太懂,但我先收藏先,改天试试
给你顶了。。。写的挺不错的呢!以后经常来的
There’s definately a lot to know about this topic.
I love all of the points you have made.
Thank you for sharing your thoughts. I really appreciate your efforts and I will be waiting for your next write ups thank you once again.
Fantastic goods from you, man. I’ve understand your
stuff previous to and you’re just extremely wonderful.
I really like what you’ve acquired here, certainly like what you are saying and the way in which
you say it. You make it entertaining and you
still care for to keep it smart. I can not wait to read much more from you.
This is actually a great website.
Fantastic goods from you, man. I have be aware your stuff prior to and you’re just too great.
I actually like what you have obtained here, certainly like what you’re stating and the best way in which
you say it. You are making it enjoyable and you continue to care for to
stay it wise. I cant wait to learn far more from you. That
is really a terrific site.
At this time I am going away to do my breakfast, once having my breakfast coming over
again to read more news.
hello!,I like your writing so so much! percentage we communicate more approximately your article on AOL?
I need an expert in this house to resolve my problem.
May be that’s you! Having a look ahead to see you.
Very descriptive article, I enjoyed that a
lot. Will there be a part 2?
Excellent beat ! I would like to apprentice while you amend your website, how can i subscribe for a blog
website? The account helped me a acceptable deal. I had been a little bit acquainted
of this your broadcast offered bright clear idea
Hi! Someone in my Facebook group shared this website with us so I came to check it out.
I’m definitely loving the information. I’m bookmarking and will
be tweeting this to my followers! Exceptional blog
and great style and design.
I every time emailed this blog post page to all my contacts,
because if like to read it next my contacts will too.
Very descriptive article, I loved that a lot. Will
there be a part 2?
I’m not that much of a online reader to be honest but your blogs really nice, keep it up!
I’ll go ahead and bookmark your website to come back down the road.
Many thanks
Hello terrific blog! Does running a blog like this require
a large amount of work? I have no expertise in computer programming
however I had been hoping to start my own blog in the near future.
Anyways, if you have any recommendations or techniques
for new blog owners please share. I know this is off subject but I just had to ask.
Kudos!
If some one desires to be updated with most up-to-date technologies afterward he must be visit this website and be up to date every day.
Terrific work! That is the kind of information that are supposed
to be shared across the internet. Shame on the search engines for not positioning this post upper!
Come on over and consult with my website . Thank you =)
Hello every one, here every person is sharing these
kinds of knowledge, thus it’s fastidious to read this weblog, and I used to pay a visit this web site
daily.
Hey I am so delighted I found your blog, I really found you by
accident, while I was searching on Aol for something else,
Anyways I am here now and would just like to say thank you
for a fantastic post and a all round enjoyable blog (I also love the theme/design), I don’t have time to browse it all
at the minute but I have bookmarked it and also added in your RSS feeds, so when I
have time I will be back to read more, Please do keep up the great work.
This paragraph will assist the internet viewers for creating new blog or even a blog from start to end.
It’s a shame you don’t have a donate button! I’d without a doubt donate to this superb blog!
I suppose for now i’ll settle for book-marking and adding your RSS feed to my Google account.
I look forward to new updates and will talk about this site with my Facebook group.
Talk soon!
Write more, thats all I have to say. Literally, it seems as though you relied on the video to
make your point. You obviously know what youre talking about, why throw away your intelligence on just posting
videos to your site when you could be giving us something informative to read?
What’s up Dear, are you really visiting this web site on a regular basis, if so afterward you will absolutely get fastidious knowledge.
Hello there! I know this is kinda off topic but I was
wondering if you knew where I could find a captcha plugin for my comment form?
I’m using the same blog platform as yours and I’m having difficulty finding
one? Thanks a lot!
Since the admin of this web site is working, no uncertainty very soon it will be well-known, due to its quality contents.
I blog often and I seriously thank you for your content.
Your article has really peaked my interest. I am going
to bookmark your blog and keep checking for new information about once a
week. I opted in for your RSS feed too.
I’m not that much of a online reader to be honest but your blogs really nice, keep it up!
I’ll go ahead and bookmark your site to come back in the future.
Many thanks
Hello to every body, it’s my first go to see of this weblog; this weblog carries remarkable and actually fine
material in favor of readers.
It is appropriate time to make a few plans for the
longer term and it is time to be happy. I’ve learn this submit and if I could I wish to suggest you few interesting issues or advice.
Perhaps you can write subsequent articles relating to this article.
I want to read more things approximately it!
Do you have a spam issue on this site; I also am a blogger,
and I was wanting to know your situation; we have developed some nice
practices and we are looking to trade solutions with others, why
not shoot me an e-mail if interested.
Its such as you learn my mind! You seem to know so much about this, like you wrote the e-book in it or something.
I believe that you just can do with some percent to drive
the message house a little bit, however instead of that, that is fantastic blog.
A fantastic read. I’ll certainly be back.
You’ve made some really good points there. I looked on the web for additional information about the issue and found most people will go along with your views
on this site.
This is a topic that is near to my heart… Take care!
Exactly where are your contact details though?
Good post. I learn something new and challenging on websites I stumbleupon every day.
It will always be useful to read through content from other writers and use something from other websites.
Greate post. Keep posting such kind of information on your site.
Im really impressed by your blog.
Hey there, You have performed an excellent job.
I’ll definitely digg it and for my part recommend to my
friends. I am sure they will be benefited from this website.
Excellent blog here! Also your web site loads
up very fast! What web host are you using? Can I get your affiliate link to your host?
I wish my web site loaded up as quickly as yours lol
Great post. I used to be checking constantly this
weblog and I am impressed! Extremely helpful info specially the remaining part 🙂 I take care of such info a lot.
I was seeking this particular information for a very lengthy time.
Thanks and good luck.
I am extremely impressed with your writing skills as
well as with the layout on your weblog. Is this a
paid theme or did you modify it yourself? Anyway keep up the excellent quality writing,
it’s rare to see a great blog like this one these
days.
Woah! I’m really digging the template/theme of
this site. It’s simple, yet effective. A lot of times it’s challenging to get that “perfect balance” between superb
usability and visual appeal. I must say you have done a superb job with this.
In addition, the blog loads extremely fast for me on Safari.
Exceptional Blog!
This is really fascinating, You’re an overly professional blogger.
I have joined your feed and look forward to
in search of more of your excellent post. Additionally,
I have shared your website in my social networks
I am sure this paragraph has touched all the internet visitors, its really really fastidious article on building up new blog.
Excellent beat ! I wish to apprentice while you amend your website, how
could i subscribe for a blog site? The account aided me a acceptable deal.
I had been tiny bit acquainted of this your broadcast provided bright clear idea
My family members all the time say that I am wasting my time here at web, however I know I am getting know-how daily by reading such pleasant articles
or reviews.
Spot on with this write-up, I absolutely believe this website
needs a great deal more attention. I’ll probably be
back again to see more, thanks for the information!
Hey! Quick question that’s entirely off topic. Do you know how to make
your site mobile friendly? My weblog looks weird when viewing from my iphone.
I’m trying to find a template or plugin that might be able to correct this problem.
If you have any recommendations, please share.
Thank you!
Please let me know if you’re looking for a author for your blog.
You have some really great articles and I think I
would be a good asset. If you ever want to take some of the load
off, I’d really like to write some content for your blog in exchange for a
link back to mine. Please shoot me an email if interested.
Thanks!
Hello to all, how is everything, I think every one is
getting more from this website, and your views are fastidious for new people.
Hi there, all the time i used to check weblog posts here early in the break of day, because i
like to find out more and more.
Hi there! I could have sworn I’ve been to this website before but after browsing
through some of the post I realized it’s new to me.
Anyhow, I’m definitely delighted I found it and I’ll be book-marking and checking back
frequently!
These are in fact great ideas in regarding blogging.
You have touched some nice things here. Any way keep up
wrinting.
Very great post. I simply stumbled upon your weblog and wanted to mention that I have really enjoyed surfing
around your weblog posts. After all I will be subscribing to your
rss feed and I am hoping you write once more soon!
I am eҳtremelʏ іmpressed ᴡith your writing skilⅼs
and also witһ the layout οn your weblog. Is
this a paid thheme or diⅾ yyoս modify it yourself? Either ᴡay keеp up the nice qualiuty writing, it’s rare to see a grеɑt
blog like this one nowadays.
I ɑm extremely impressed with your writing skilⅼs and also with tһe layout on your weblog.
Is this a paid theme or dіd yoou modify it yourself?
Either way keep uρ the nice quality writing, it’s гare to seе a
ցreat blog likкe this one nowadays.
Hello there, I found your site by way of Google at the same time
as looking for a similar topic, your site got here up, it seems great.
I have bookmarked it in my google bookmarks.
Hello there, simply turned into alert to your blog via Google, and located that it is truly informative.
I am going to be careful for brussels. I will be grateful in the event
you proceed this in future. A lot of other
people can be benefited from your writing. Cheers!
Hi there! This blog post couldn’t be written any better!
Going through this post reminds me of my previous roommate!
He continually kept talking about this. I most certainly will forward
this post to him. Pretty sure he will have a great read.
I appreciate you for sharing!
If you desire to take a good deal from this post then you have to
apply these methods to your won webpage.
Pretty nice post. I just stumbled upon your weblog and wished to say that I’ve truly enjoyed surfing around
your blog posts. After all I will be subscribing to your
feed and I hope you write again soon!
I must thank you for the efforts you’ve put in penning this website.
I am hoping to see the same high-grade blog posts from you in the future as well.
In truth, your creative writing abilities has inspired
me to get my very own blog now 😉
Thankfulness to my father who informed me
regarding this webpage, this webpage is actually amazing.
Quest bars cheap fitnesstipsnew1 quest bars cheap 516999410492780544 quest bars cheap
For most recent news you have to pay a quick visit world-wide-web and
on web I found this site as a most excellent web page for most up-to-date updates.
Quest bars cheap fitnesstipsnew1 quest bars cheap 516999410492780544 quest bars cheap
Descargar facebook http://twitter.com/descargar_hq descargar facebook
You have made some really good points there. I checked on the net to learn more about the issue and found most people will go along with your views on this web site.
Descargar facebook http://twitter.com/descargar_hq descargar facebook
In fact when someone doesn’t understand then its up to
other users that they will assist, so here it occurs.
I absolutely love your blog and find nearly all of your
post’s to be precisely what I’m looking for.
Do you offer guest writers to write content for you?
I wouldn’t mind publishing a post or elaborating on a lot of the subjects you write regarding
here. Again, awesome weblog!
Do you have any video of that? I’d love to find out some additional information.
Excellent goods from you, man. I have understand your
stuff previous to and you are just too magnificent.
I actually like what you’ve acquired here, really like what you
are stating and the way in which you say it. You make it entertaining
and you still care for to keep it sensible. I can not wait to read much more from you.
This is actually a terrific web site.
Sling tv coupons and promo codes for november 2018
I’m really impressed together with your writing skills and
also with the format in your blog. Is that this a
paid theme or did you modify it your self?
Anyway keep up the nice quality writing, it is rare to
peer a great blog like this one these days.. Sling
tv coupons and promo codes for november 2018
Cool blog! Is your theme custom made or did you download it from somewhere?
A design like yours with a few simple tweeks would really make my blog jump
out. Please let me know where you got your theme. Cheers
Fantastic items from you, man. I have take into account your stuff
prior to and you are simply too wonderful. I actually like what you’ve obtained here, certainly like what
you are saying and the best way through which you assert it.
You’re making it enjoyable and you still take care of to stay it wise.
I cant wait to read far more from you. That is really
a wonderful site.