Anti flood VPS

Discutii despre tot ce nu se incadreaza in celelalte categorii.

Moderators: Moderatori ajutatori, Moderatori

User avatar
IsTI37
Fost administrator
Fost administrator
Posts: 10996
Joined: 10 Apr 2007, 14:02
Detinator Steam: Da
Reputatie: Fost administrator
Fost SysAdmin
Fost Fondator GTA5 (CVL)
Location: Cluj-Napoca
Has thanked: 28 times
Been thanked: 776 times

30 Jul 2012, 19:04

tictac wrote:am editat /etc/apf conf.apf, dupa cum ai zis dar degeaba webmin nu merge.

Acuma sa dus si server-ul, merge doar ftp-ul.
Se misca ca dracu, acuma :))
Acuma sa dus si ftp-ul.
Nu ma mai pot conecta la nimic.
1. Ce ai instalat/facut prima data de ai zis ca nu merge nimic ?
2. In APF ce porturi ai la setarile date de mine ? Le ai adaugat pe cele care iti trebuiau ?
3. Este posibil sa fi luat ban din cauza lui FTP daca ai rulat scriptul meu, FTP necesita minim 200 de conexiuni/s.
Asteapta o jumatate de ora si ti se va scoate banul.
User avatar
tictac
Membru eXtream
Membru eXtream
Posts: 4018
Joined: 24 Feb 2012, 18:27
Detinator Steam: Da
Reputatie: 1 warn scos (-2 luni club)
Membru Club eXtreamCS (3 luni)
Ban 3 luni (achitat)
Location: Bihor, Oradea
Has thanked: 73 times
Been thanked: 569 times
Contact:

30 Jul 2012, 19:07

Deci prima oara am executat

Code: Select all

#! /bin/bash
nrconn='50'; # blocheaza toate ip-urile cu mai mult de N conexiuni
repetare='20'; # repeta verificare conexiunilor la fiecare N secunde

while [ 1 ] ;
do 
/usr/local/ddos/ddos.sh -k $nrconn;
sleep $repetare
done
- doar webmin a fost jos.

Apoi am instalat apf am editat si conf.apf din etc/apf cu porturile 27015 si cel al webminului si degeaba.
Acuma nu mai merge nimic.
Inafara de faptul ca pot sa-i dau ping din cmd.
User avatar
tictac
Membru eXtream
Membru eXtream
Posts: 4018
Joined: 24 Feb 2012, 18:27
Detinator Steam: Da
Reputatie: 1 warn scos (-2 luni club)
Membru Club eXtreamCS (3 luni)
Ban 3 luni (achitat)
Location: Bihor, Oradea
Has thanked: 73 times
Been thanked: 569 times
Contact:

30 Jul 2012, 19:26

Am schimbat ip-ul si tot asa.
Am dat ping si e unu foarte bun, atata tot ca nu merge nimic.
Ce pot face ?
ping ip-ul semnatura


EDIT: si-a dat drumul serverul dar webmin tot nu merge.
Mai trebuie exectuat odata scriptul ? sau e deajuns, doar ca am editata ai ?

Ce setari trebuie sa fac pentru un server de cs ?


apf -f

Code: Select all

 apf -r
eth0: error fetching interface information: Device not found
eth0: error fetching interface information: Device not found
apf(10646): {glob} flushing & zeroing chain policies
apf(10646): {glob} firewall offline
eth0: error fetching interface information: Device not found
apf(10681): {glob} activating firewall
eth0: error fetching interface information: Device not found
eth0: error fetching interface information: Device not found
apf(10721): {glob} unable to load iptables module (ip_tables), aborting.
apf(10681): {glob} firewall initalized
apf(10681): {glob} !!DEVELOPMENT MODE ENABLED!! - firewall will flush every 5 minutes.

am activar devel mode = 0

Code: Select all

eth0: error fetching interface information: Device not found
eth0: error fetching interface information: Device not found
apf(10980): {glob} flushing & zeroing chain policies
apf(10980): {glob} firewall offline
eth0: error fetching interface information: Device not found
apf(11015): {glob} activating firewall
eth0: error fetching interface information: Device not found
eth0: error fetching interface information: Device not found
apf(11060): {glob}[b] unable to load iptables module (ip_tables), abort[/b]ing.
apf(11015): {glob} firewall initalized
 
WTF ?


EDIT am modificat si SET_MONOKERN="0" -> "1"
si acuma imi da.

Code: Select all

apf -r
eth0: error fetching interface information: Device not found
eth0: error fetching interface information: Device not found
apf(11392): {glob} flushing & zeroing chain policies
apf(11392): {glob} firewall offline
eth0: error fetching interface information: Device not found
apf(11427): {glob} activating firewall
eth0: error fetching interface information: Device not found
eth0: error fetching interface information: Device not found
apf(11467): {glob} could not verify that interface eth0 is routed to a network, aborting.
apf(11427): {glob} firewall initalized
EDIT:


Am facut setarile si acuma

| Afiseaza codul
xxx:~# apf -r
apf(14008): {glob} flushing & zeroing chain policies
apf(14008): {glob} firewall offline
apf(14043): {glob} activating firewall
apf(14083): {glob} determined (IFACE_IN) venet0 has address 127.0.0.2
apf(14083): {glob} determined (IFACE_OUT) venet0 has address 127.0.0.2
apf(14083): {glob} loading preroute.rules
apf(14083): {resnet} downloading http://rfxn.com/downloads/reserved.networks
apf(14083): {resnet} parsing reserved.networks into /etc/apf/internals/reserved.networks
apf(14083): {glob} loading reserved.networks
apf(14083): {glob} loading bt.rules
apf(14083): {glob} loading common drop ports
apf(14083): {blk_ports} deny all to/from tcp port 135:139
apf(14083): {blk_ports} deny all to/from udp port 135:139
apf(14083): {blk_ports} deny all to/from tcp port 111
apf(14083): {blk_ports} deny all to/from udp port 111
apf(14083): {blk_ports} deny all to/from tcp port 513
apf(14083): {blk_ports} deny all to/from udp port 513
apf(14083): {blk_ports} deny all to/from tcp port 520
apf(14083): {blk_ports} deny all to/from udp port 520
apf(14083): {blk_ports} deny all to/from tcp port 445
apf(14083): {blk_ports} deny all to/from udp port 445
apf(14083): {blk_ports} deny all to/from tcp port 1433
apf(14083): {blk_ports} deny all to/from udp port 1433
apf(14083): {blk_ports} deny all to/from tcp port 1434
apf(14083): {blk_ports} deny all to/from udp port 1434
apf(14083): {blk_ports} deny all to/from tcp port 1234
apf(14083): {blk_ports} deny all to/from udp port 1234
apf(14083): {blk_ports} deny all to/from tcp port 1524
apf(14083): {blk_ports} deny all to/from udp port 1524
apf(14083): {blk_ports} deny all to/from tcp port 3127
apf(14083): {blk_ports} deny all to/from udp port 3127
apf(14083): {pkt_sanity} set active PKT_SANITY
apf(14083): {pkt_sanity} deny inbound tcp-flag pairs ALL NONE
apf(14083): {pkt_sanity} deny inbound tcp-flag pairs SYN,FIN SYN,FIN
apf(14083): {pkt_sanity} deny inbound tcp-flag pairs SYN,RST SYN,RST
apf(14083): {pkt_sanity} deny inbound tcp-flag pairs FIN,RST FIN,RST
apf(14083): {pkt_sanity} deny inbound tcp-flag pairs ACK,FIN FIN
apf(14083): {pkt_sanity} deny inbound tcp-flag pairs ACK,URG URG
apf(14083): {pkt_sanity} deny inbound tcp-flag pairs ACK,PSH PSH
apf(14083): {pkt_sanity} deny inbound tcp-flag pairs ALL FIN,URG,PSH
apf(14083): {pkt_sanity} deny inbound tcp-flag pairs ALL SYN,RST,ACK,FIN,URG
apf(14083): {pkt_sanity} deny inbound tcp-flag pairs ALL ALL
apf(14083): {pkt_sanity} deny inbound tcp-flag pairs ALL FIN
apf(14083): {pkt_sanity} deny outbound tcp-flag pairs ALL NONE
apf(14083): {pkt_sanity} deny outbound tcp-flag pairs SYN,FIN SYN,FIN
apf(14083): {pkt_sanity} deny outbound tcp-flag pairs SYN,RST SYN,RST
apf(14083): {pkt_sanity} deny outbound tcp-flag pairs FIN,RST FIN,RST
apf(14083): {pkt_sanity} deny outbound tcp-flag pairs ACK,FIN FIN
apf(14083): {pkt_sanity} deny outbound tcp-flag pairs ACK,PSH PSH
apf(14083): {pkt_sanity} deny outbound tcp-flag pairs ACK,URG URG
apf(14083): {pkt_sanity} deny all fragmented udp
apf(14083): {pkt_sanity} deny inbound tcp port 0
apf(14083): {pkt_sanity} deny outbound tcp port 0
apf(14083): {blk_p2p} set active BLK_P2P
apf(14083): {blk_p2p} deny all to/from tcp port 1214
apf(14083): {blk_p2p} deny all to/from udp port 1214
apf(14083): {blk_p2p} deny all to/from tcp port 2323
apf(14083): {blk_p2p} deny all to/from udp port 2323
apf(14083): {blk_p2p} deny all to/from tcp port 4660:4678
apf(14083): {blk_p2p} deny all to/from udp port 4660:4678
apf(14083): {blk_p2p} deny all to/from tcp port 6257
apf(14083): {blk_p2p} deny all to/from udp port 6257
apf(14083): {blk_p2p} deny all to/from tcp port 6699
apf(14083): {blk_p2p} deny all to/from udp port 6699
apf(14083): {blk_p2p} deny all to/from tcp port 6346
apf(14083): {blk_p2p} deny all to/from udp port 6346
apf(14083): {blk_p2p} deny all to/from tcp port 6347
apf(14083): {blk_p2p} deny all to/from udp port 6347
apf(14083): {blk_p2p} deny all to/from tcp port 6881:6889
apf(14083): {blk_p2p} deny all to/from udp port 6881:6889
apf(14083): {blk_p2p} deny all to/from tcp port 6346
apf(14083): {blk_p2p} deny all to/from udp port 6346
apf(14083): {blk_p2p} deny all to/from tcp port 7778
apf(14083): {blk_p2p} deny all to/from udp port 7778
apf(14083): {glob} SET_REFRESH is set to 10 minutes
apf(14083): {glob} loading log.rules
apf(14083): {glob} virtual net subsystem disabled.
apf(14083): {glob} loading main.rules
apf(14083): {glob} opening inbound tcp port 22 on 0/0
apf(14083): {glob} opening inbound tcp port 983 on 0/0
apf(14083): {glob} opening inbound tcp port 27015 on 0/0
apf(14083): {glob} opening inbound tcp port 22 on 0/0
apf(14083): {glob} opening inbound udp port 983 on 0/0
apf(14083): {glob} opening inbound udp port 27015 on 0/0
apf(14083): {glob} opening inbound udp port 22 on 0/0
apf(14083): {glob} opening inbound icmp type 3 on 0/0
apf(14083): {glob} opening inbound icmp type 5 on 0/0
apf(14083): {glob} opening inbound icmp type 11 on 0/0
apf(14083): {glob} opening inbound icmp type 0 on 0/0
apf(14083): {glob} opening inbound icmp type 30 on 0/0
apf(14083): {glob} opening inbound icmp type 8 on 0/0
apf(14083): {glob} resolv dns discovery for 195.60.76.114
apf(14083): {glob} resolv dns discovery for 8.8.8.8
apf(14083): {glob} loading postroute.rules
apf(14083): {glob} default (egress) output accept
apf(14083): {glob} default (ingress) input drop
apf(14043): {glob} firewall initalized
apf(14043): {glob} fast load snapshot saved

e bun ?
Post Reply

Return to “Discutii generale”

  • Information