皮皮虾的博客

一个备受大佬们欺负的萌新

安装vDDoS Proxy防御 DDOS CC攻击

Vddos proxy 是什么

引用原文“

vDDoS Protection is Nginx bundled with module HTTP/2; GeoIP; Limit Req, Testcookie; reCaptcha processor…

Working like CloudFlare, but vDDoS is software help you build your own System Firewall.

安装

vDDos proxy 必须安装在WEB程序以前例如(cPanel, VestaCP, LAMP, LEMP…)

vDDos proxy 暂支持Centos5/6/7 64位 CloudLinux Server 5/6/7 64位

接下来以Centos 7为例。

首先安装支持

yum -y install epel-release 
yum -y update 
yum -y install curl wget gc gcc gcc-c++ pcre-devel zlib-devel make openssl-devel libxml2-devel libxslt-devel
yum -y install gd-devel perl-ExtUtils-Embed GeoIP-devel gperftools gperftools-devel libatomic_ops-devel
yum -y install automake autoconf apr-util-devel GeoIP-devel libatomic_ops-devel

目前最新版本为1.13.1

curl -L https://github.com/duy13/vDDoS-Protection/raw/master/vddos-1.13.1-centos7 -o /usr/bin/vddos
#curl -L https://github.com/duy13/vDDoS-Protection/raw/master/vddos-1.13.1-centos6 -o /usr/bin/vddos #Centos6.X
#curl -L https://github.com/duy13/vDDoS-Protection/raw/master/vddos-1.13.1-centos5 -o /usr/bin/vddos #Centos5.X
chmod 700 /usr/bin/vddos
/usr/bin/vddos help
/usr/bin/vddos setup

至此,安装完毕

使用

 Welcome to vDDoS, a HTTP(S) DDoS Protection Reverse Proxy. Thank you for using!

                Command Line Usage:
        vddos setup             :installing vDDoS service for the first time into /vddos
        vddos start             :start vDDoS service
        vddos stop              :stop vDDoS service
        vddos restart           :restart vDDoS service
        vddos autostart         :auto-start vDDoS services on boot
        vddos attack            :create a DDoS attacks to HTTP target (in 30 min)
        vddos stopattack        :stop "vddos attack" command
        vddos help              :display this help

                                        Please sure download vDDoS source from: vddos.voduy.com

保护某一个网站

# vi /vddos/conf.d/website.conf

# Website       Listen               Backend                  Cache Security SSL-Prikey   SSL-CRTkey
default         http://0.0.0.0:80    http://127.0.0.1:8080    no    200      no           no
your-domain.com http://0.0.0.0:80    http://127.0.0.1:8080    no    200      no           no
default         https://0.0.0.0:443  https://127.0.0.1:8443   no    307   /ssl/key.pri /ssl/crt.crt
your-domain.com https://0.0.0.0:443  https://127.0.0.1:8443   no    307   /ssl/key.pri /ssl/crt.crt

参数解释

your-domain.com 为你想要保护的域名 listen为本地监听IP端口 backend 为后端IP端口 (可以当作为使用CDN或者反代源网站) cache 是是否进行缓存

security 是保护强度 可选 no, 307, 200, click, 5s, high, captcha

强度阶梯:no < 307 < 200 < click < 5s < high < captcha

5s类似于Cloudflare的五秒盾

captcha为启用谷歌人机验证码后面会详细说

SSL-Prikey 为SSL密匙

SSL-CRTket 为SSL证书

5S盾

5s盾的默认文件储存于

/vddos/html/5s.html

如有需要,可自行DIY

captcha谷歌验证码

因为国内无法使用谷歌验证码,所以本虾也没有去测试

下面贴出LET上给出的使用方法,请自行测试

# vi /vddos/conf.d/recaptcha-sitekey.conf
# Website       reCaptcha-sitekey (View KEY in https://www.google.com/recaptcha/admin#list)
your-domain.com     6Lcr6QkUAAAAAxxxxxxxxxxxxxxxxxxxxxxxxxxx
...
# vi /vddos/conf.d/recaptcha-secretkey.conf
DEBUG=False
RE_SECRETS = { 'your-domain.com': '6Lcr6QkUAAAAxxxxxxxxxxxxxxxxxxxxxxxxxxx',
               'your-domain.org': '6LcKngoUAAAAxxxxxxxxxxxxxxxxxxxxxxxxxxx' }

所需的KEY需要在https://www.google.com/recaptcha/admin#list申请,似乎是一个域名对应了一个key。

禁止某个国家的IP访问

修改文件  /vddos/conf.d/blacklist-countrycode.conf

#vi /vddos/conf.d/blacklist-countrycode.conf

geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allowed_country {
    default yes;
    US yes;
    CN no;#这个。。自带禁止中国是啥意思 mjj

}
deny 1.1.1.1;

添加白名单

修改文件 /vddos/conf.d/whitelist-botsearch.conf

# vi /vddos/conf.d/whitelist-botsearch.conf

#Alexa Bot IP Addresses
204.236.235.245; 75.101.186.145;
...

添加白名单之后,启用的如5s盾 验证码将不会对白名单IP访客生效

设置IP直接访问源站

修改文件 /vddos/conf.d/cdn-ip.conf

# vi /vddos/conf.d/cdn-ip.conf

# Cloudflare
set_real_ip_from 103.21.244.0/22;
...

一键安装

《安装vDDoS Proxy防御 DDOS CC攻击》

可一键安装Vddos程序。并且简便的添加网站配置

wget http://files.ppx.ink/Sh/Vddos/vddos.sh
bash vddos.sh
#维护中,勿使用

PS:本脚本只适用于Centos,只提供常规添加保护域名功能,不提供白名单,验证码等功能,如需要,请手动配置

作者详情

Github:点我前往

作者主页:点我前往

原作者还提供了更强大的功能以及更详细的说明,有能力的MJJ可以前去研究

 

点赞

发表评论

电子邮件地址不会被公开。 必填项已用*标注

Captcha Code