×ðÁú¿­Ê±¹ÙÍøµÇ¼

ÔõÑùʹÓÃIPºÚÃûµ¥À´×èÖ¹¶ñÒâIPµØµã»á¼ûCentOSЧÀÍÆ÷

ÔõÑùʹÓÃipºÚÃûµ¥À´×èÖ¹¶ñÒâipµØµã»á¼ûcentosЧÀÍÆ÷

ÔÚ»¥ÁªÍøÉÏÔËÓªµÄЧÀÍÆ÷¾­³£ÃæÁÙÀ´×Ô¶ñÒâIPµØµãµÄ¹¥»÷£¬ÕâЩ¹¥»÷¿ÉÄܵ¼ÖÂЧÀÍÆ÷µÄÐÔÄÜϽµÉõÖÁϵͳÍ߽⡣ΪÁ˱£»¤Ð§ÀÍÆ÷µÄÇå¾²ÐÔºÍÎȹÌÐÔ£¬CentOSЧÀÍÆ÷ÌṩÁËÒ»ÖÖ¼òÆÓ¶øÓÐÓõķ½·¨À´×èÖ¹¶ñÒâIPµØµãµÄ»á¼û£¬×ÝÈ»ÓÃIPºÚÃûµ¥¡£

IPºÚÃûµ¥ÊÇÒ»ÖÖÃûµ¥£¬ÁгöÁ˱»ÒÔΪÊÇÍþв»ò¶ñÒâµÄIPµØµã¡£µ±Ð§ÀÍÆ÷ÊÕµ½À´×ÔÕâЩIPµØµãµÄÇëÇóʱ£¬Ð§ÀÍÆ÷»á¾Ü¾øÏìÓ¦²¢Ö±½Ó¹Ø±ÕÅþÁ¬¡£ÏÂÃ潫ÏÈÈÝÔõÑùÔÚCentOSЧÀÍÆ÷ÉÏÉèÖúÍʹÓÃIPºÚÃûµ¥¡£

Éó²éÄ¿½ñIPÅþÁ¬ÇéÐÎ

ÔÚ×îÏÈÉèÖÃIPºÚÃûµ¥Ö®Ç°£¬ÎÒÃÇÐèÒªÏÈÉó²éÄ¿½ñЧÀÍÆ÷ÉÏÔ˶¯ÅþÁ¬µÄIPµØµã¡£·­¿ªÖնˣ¬ÔËÐÐÒÔÏÂÏÂÁ

netstat -an | grep :80 | awk '{ print $5 }' | cut -d: -f1 | sort | uniq -c | sort -n

µÇ¼ºó¸´ÖÆ

ÕâÌõÏÂÁî»áÁгöЧÀÍÆ÷ÉÏÓë¶Ë¿Ú80½¨ÉèÅþÁ¬µÄIPµØµã¼°ÅþÁ¬ÊýÄ¿¡£Çë×¢ÖØ£¬ÕâÀï¼ÙÉèЧÀÍÆ÷µÄЧÀͶ˿ÚÊÇ80£¬ÈôÊÇÄãµÄЧÀÍÆ÷ʹÓõÄÊÇÆäËû¶Ë¿Ú£¬ÐèÒªÏìÓ¦ÐÞ¸ÄÏÂÁî¡£

×°ÖÃIPºÚÃûµ¥¹¤¾ß

CentOSЧÀÍÆ÷ĬÈÏûÓÐ×°ÖÃIPºÚÃûµ¥¹¤¾ß£¬ÎÒÃÇÐèÒªÏÈ×°ÖÃÒ»¸ö³ÆΪ”fail2ban”µÄ¹¤¾ßÀ´ÊµÏÖIPºÚÃûµ¥µÄ¹¦Ð§¡£Ö´ÐÐÒÔÏÂÏÂÁî¾ÙÐÐ×°Öãº

sudo yum install epel-release
sudo yum install fail2ban

µÇ¼ºó¸´ÖÆ

ÉèÖÃfail2ban

×°ÖÃÍê³Éºó£¬ÎÒÃÇÐèÒªÉèÖÃfail2banÒÔʹÓÃIPºÚÃûµ¥¡£·­¿ªÖնˣ¬ÔËÐÐÒÔÏÂÏÂÁ

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo nano /etc/fail2ban/jail.local

µÇ¼ºó¸´ÖÆ

ÔÚ·­¿ªµÄÎļþÖУ¬ÕÒµ½²¢ÐÞ¸ÄÒÔÏÂÐУº

[DEFAULT]
bantime = 3600
findtime = 600
maxretry = 3

µÇ¼ºó¸´ÖÆ

ÕâÀïµÄÒâ˼ÊÇ£¬ÈôÊÇÒ»¸öIPµØµãÔÚ600ÃëÄÚʵÑéÅþÁ¬3´Îʧ°Ü£¬Ôò»á±»ÁÐÈëIPºÚÃûµ¥£¬²¢ÔÚÖ®ºóµÄ3600ÃëÄÚեȡ¸ÃIPµØµã»á¼ûЧÀÍÆ÷¡£

½¨ÉèIPºÚÃûµ¥

½ÓÏÂÀ´£¬ÎÒÃÇÐèÒª½¨ÉèÒ»¸öÎļþÀ´´æ´¢IPºÚÃûµ¥Áбí¡£ÔËÐÐÒÔÏÂÏÂÁ

sudo touch /etc/fail2ban/ip_blacklist.conf

µÇ¼ºó¸´ÖÆ

È»ºó£¬·­¿ªÖնˣ¬ÔËÐÐÒÔÏÂÏÂÁî±à¼­½¨ÉèµÄÎļþ£º

sudo nano /etc/fail2ban/ip_blacklist.conf

µÇ¼ºó¸´ÖÆ

ÔÚÎļþÖУ¬Ã¿ÐÐÌí¼ÓÒ»¸öÐèÒª±»ÁÐÈëIPºÚÃûµ¥µÄIPµØµã£¬ÀýÈ磺

192.168.0.100
123.456.789.0

µÇ¼ºó¸´ÖÆ

ÉúÑIJ¢¹Ø±ÕÎļþ¡£

ÉèÖÃfail2banÒÔʹÓÃIPºÚÃûµ¥

±à¼­fail2banµÄÖ÷ÉèÖÃÎļþ£¬ÔËÐÐÒÔÏÂÏÂÁ

sudo nano /etc/fail2ban/jail.local

µÇ¼ºó¸´ÖÆ

ÔÚÎļþÖУ¬ÕÒµ½ÒÔÏÂÐв¢¾ÙÐÐÐ޸ģº

[DEFAULT]
# Ê¡ÂÔÆäËûÉèÖÃ

# ½«ÕâÒ»ÐÐÐÞ¸ÄΪÏÂÃæÕâÐÐ
bantime = 3600

µÇ¼ºó¸´ÖÆ

È»ºó£¬ÔÚͳһÎļþÖÐÌí¼ÓÒÔÏÂÄÚÈÝ£º

[ip-blacklist]
enabled  = true
filter   = apache-noscript
logpath  = /var/log/httpd/access.log
banaction = iptables-multiport
bantime  = 3600
maxretry = 1
findtime = 600
action   = iptables[name=IPBlacklist, port=80, protocol=tcp]

µÇ¼ºó¸´ÖÆ

ÕâÀïÊǽ«IPºÚÃûµ¥Óëfail2banµÄÆäËû¹¦Ð§£¨Èç×èÖ¹Öظ´µÇ¼µÈ£©Ò»²¢ÉèÖÃÁË¡£ÈôÊÇÄãÖ»ÏëʹÓÃIPºÚÃûµ¥¹¦Ð§£¬¿ÉÒÔÊʵ±É¾³ýһЩÉèÖÃÏî¡£

ÖØÆôfail2ban

Íê³ÉËùÓÐÉèÖúó£¬×îºóÒ»²½ÊÇÖØÆôfail2banʹÉèÖÃÉúЧ¡£ÔËÐÐÒÔÏÂÏÂÁ

sudo service fail2ban restart

µÇ¼ºó¸´ÖÆ

ÑéÖ¤IPºÚÃûµ¥ÊÇ·ñÉúЧ

ͨ¹ýÒÔÏÂÏÂÁî¿ÉÒÔÑéÖ¤IPºÚÃûµ¥ÊÇ·ñÒѾ­ÉúЧ£º

sudo iptables -L -n

µÇ¼ºó¸´ÖÆ

ÈôÊÇÄãÄÜ¿´µ½Êä³öÖÐÁгöÁË֮ǰÌí¼ÓµÄIPµØµã£¬ËµÃ÷IPºÚÃûµ¥ÒѾ­ÉúЧ¡£

×ܽá

ͨ¹ýʹÓÃIPºÚÃûµ¥£¬ÎÒÃÇ¿ÉÒÔÓÐÓõØ×èÖ¹¶ñÒâIPµØµã¶ÔCentOSЧÀÍÆ÷¾ÙÐлá¼ûºÍ¹¥»÷¡£Ê¹ÓÃfail2ban¹¤¾ß£¬ÎÒÃÇ¿ÉÒÔÉèÖÃIPºÚÃûµ¥²¢×Ô¶¯¶Ô¶ñÒâIPµØµã¾ÙÐзâ½û¡£ÎÒͨ¹ý±¾ÎļòÒªÏÈÈÝÁËÔõÑùÔÚCentOSЧÀÍÆ÷ÉÏÉèÖúÍʹÓÃIPºÚÃûµ¥£¬Ï£ÍûÄܶÔÄãµÄЧÀÍÆ÷Çå¾²Ìṩ×ÊÖú¡£

ÒÔÉϾÍÊÇÔõÑùʹÓÃIPºÚÃûµ¥À´×èÖ¹¶ñÒâIPµØµã»á¼ûCentOSЧÀÍÆ÷µÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡

ÃâÔð˵Ã÷£ºÒÔÉÏչʾÄÚÈÝȪԴÓÚÏàÖúýÌå¡¢ÆóÒµ»ú¹¹¡¢ÍøÓÑÌṩ»òÍøÂçÍøÂçÕûÀí£¬°æȨÕùÒéÓë±¾Õ¾Î޹أ¬ÎÄÕÂÉæ¼°¿´·¨Óë¿´·¨²»´ú±í×ðÁú¿­Ê±¹ÙÍøµÇ¼ÂËÓÍ»úÍø¹Ù·½Ì¬¶È£¬Çë¶ÁÕß½ö×ö²Î¿¼¡£±¾ÎĽӴýתÔØ£¬×ªÔØÇë˵Ã÷À´ÓÉ¡£ÈôÄúÒÔΪ±¾ÎÄÇÖÕ¼ÁËÄúµÄ°æȨÐÅÏ¢£¬»òÄú·¢Ã÷¸ÃÄÚÈÝÓÐÈκÎÉæ¼°ÓÐÎ¥¹«µÂ¡¢Ã°·¸Ö´·¨µÈÎ¥·¨ÐÅÏ¢£¬ÇëÄúÁ¬Ã¦ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼ʵʱÐÞÕý»òɾ³ý¡£

Ïà¹ØÐÂÎÅ

ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼

18523999891

¿É΢ÐÅÔÚÏß×Éѯ

ÊÂÇéʱ¼ä£ºÖÜÒ»ÖÁÖÜÎ壬9:30-18:30£¬½ÚãåÈÕÐÝÏ¢

QR code
ÍøÕ¾µØͼ