Linux system is relatively unfamiliar to Microsoft system, we rarely touch this system, but if you use it, it will also encounter attacks. It may be CC attack and the like, but if it is encountered, how to solve it, what to do.
First, prepare for work
1. Log in to the VPS control panel and be ready to restart the VPS at any time.
2, close the Web Server first, too high load will make the subsequent operations difficult, or even directly unable to log in to SSH.
3, just in case, set the Web Server system to start automatically after the startup.
(If you can't log in to the system, and the load is too high after rebooting, you can't log in just after booting. You can contact the administrator to block the VPS IP or port 80 on the parent machine and use virtual control on the parent machine. Log in to the system, then perform 2 & 3 operations, then unblock)
Second, find the attacker IP
1, create a file ip.php in the root directory of the website, write following content.
$real_ip = getenv(‘HTTP_X_FORWARDED_FOR’);
if(isset($real_ip)){
shell_exec("echo $real_ip > real_ip.txt" ;);
shell_exec("echo $_SERVER['REMOTE_ADDR']> proxy.txt”);
}else{
shell_exec("echo $ _SERVER['REMOTE_ADDR'] > ips.txt”)"
}
The echo' server is under attack and collecting attack vectors. Please visit this site after 5 minutes, 5 minutes. Multiple visits to this site may be used as an attack source to block IP. Thank you for your cooperation!';
?>
2, set pseudo-static, rewrite all access under the website to ip.php.
Nginx Rules:
rewrite (.*) /ip.php;
Lighttpd Rules:
url.rewrite = (
“^/(.+)/?$" => "/ip.php”
)
3, start Web Server to start collecting IP
After setting 1 and 2, start Web Server and start recording IP information.
The collection time is recommended to be 3 to 5 minutes, then close the Web Server again.
real_ip.txt, more than 80% of the IPs stored in this file are the same. This IP is the IP of the platform on which the attacker is attacking.
proxy.txt, this file saves the IP of the proxy server called by the attacker and needs to be blocked.
ips.txt, which records the IP that does not show the characteristics of the proxy server, and judges whether it is the attack source according to the number of accesses.
Sometimes we need the computer to automatically shut down, in case you watch a movie or TV and fall
u disk is a commonly used tool in our daily office. We use it to store data, but in the process of u
The u disk has been used for a long time, and it will inevitably encounter some problems. Recently,
Nowadays, no matter whether it is work or life, it is inseparable from the Internet. Many people cla
You ask me to answer: Deep analysis of Windows security mode
Which system files can be deleted
Ways to protect FTP security: use SSL encryption
The problem often encountered in reinstalling systems is centralized
Several great tricks to maintain the computer are open
Clear windows access LAN cache username and password
How do I delete a computer running window record?
How xcopy copies local files to remote servers
How to prevent computer crashes
How to solve the problem of inserting u disk into computer blue screen?
Every time you turn on the phone, you must press F1 to enter the system.
How to set the automatic login function of Windows7?
How to manually modify the XP splash screen and start music
How to make Win10 boot into tablet mode?
Method to open dark theme skin in Win10 system
The difference between Vista system and XP system
ChemDraw Std 14 activation, method of obtaining registration code
How to set up Win7 system to let Bluetooth listen to songs