Merhaba Arkadaşlar, Serverlara olan saldırılar arttı.. Bunu Önlemek İçinde Böyle Bir Konu Açtım.
cd /root
ee ddos.sh
!/bin/sh
FR_MIN_CONN=200
TMP_PREFIX='/tmp/frrr'
TMP_FILE=`mktemp $TMP_PREFIX.XXXXXXXX`
/usr/bin/netstat -ntu -f inet| awk '{if(NR>2 && NF=6) print $5}' | cut -d. -f1-4 | grep '^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}$' | sort | uniq -c | sort -nr > $TMP_FILE
while read line; do
CURR_LINE_CONN=$(echo $line | cut -d" " -f1)
CURR_LINE_IP=$(echo $line | cut -d" " -f2)
if [ $CURR_LINE_CONN -lt $FR_MIN_CONN ]; then
break
fi
/sbin/route -q add $CURR_LINE_IP 127.0.0.1
/bin/echo $CURR_LINE_IP >> /root/banlist.txt
/bin/echo "Subject: $CURR_LINE_IP ipden $CURR_LINE_CONN Connect Refused." | /usr/sbin/sendmail -F DDOS@YOURHOST.com -t YourMail@root-tr.com
done < $TMP_FILE
/bin/rm -f $TMP_PREFIX.*
FR_MIN_CONN=200
TMP_PREFIX='/tmp/frrr'
TMP_FILE=`mktemp $TMP_PREFIX.XXXXXXXX`
/usr/bin/netstat -ntu -f inet| awk '{if(NR>2 && NF=6) print $5}' | cut -d. -f1-4 | grep '^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}$' | sort | uniq -c | sort -nr > $TMP_FILE
while read line; do
CURR_LINE_CONN=$(echo $line | cut -d" " -f1)
CURR_LINE_IP=$(echo $line | cut -d" " -f2)
if [ $CURR_LINE_CONN -lt $FR_MIN_CONN ]; then
break
fi
/sbin/route -q add $CURR_LINE_IP 127.0.0.1
/bin/echo $CURR_LINE_IP >> /root/banlist.txt
/bin/echo "Subject: $CURR_LINE_IP ipden $CURR_LINE_CONN Connect Refused." | /usr/sbin/sendmail -F DDOS@YOURHOST.com -t YourMail@root-tr.com
done < $TMP_FILE
/bin/rm -f $TMP_PREFIX.*
chmod 777 ddos.sh
ee banlist.txt
######BANLIST#######
0 yorum:
Yorum Gönder