如何将 DDoS 过滤 IP 绑定到 Debian VPS

tag-icon tag-icon apache-2.2
如何将 DDoS 过滤 IP 绑定到 Debian VPS

几周前,我的 VPS 遭受了 DDoS 攻击,IP:81.4.108.50。我刚刚获得了一个 DDoS 过滤 IP:185.34.216.166,并将域名指向它。但我不知道如何将此 IP 绑定到 Apache 服务。我尝试重新启动 Apache 以查看它是否会绑定,结果如下:

apache2:无法可靠地确定服务器的完全限定域名,使用 81.4.108.50 作为 ServerName

Apache 仍然想使用旧 IP。我查看了 apache2.conf,没有找到 IP 地址,也没有任何“监听”的内容。我不知道该怎么做才能让这个过滤后的 IP 绑定到 Apache。我希望这里有人能帮我解决这个问题。谢谢。

服务器版本:Apache/2.2.22(Debian)

root@Landslyde ~# netstat -tap | grep LISTEN
tcp        0      0 *:8033                  *:*                     LISTEN      31317/eggdrop
tcp        0      0 *:8067                  *:*                     LISTEN      8570/ircd
tcp        0      0 *:6697                  *:*                     LISTEN      8570/ircd
tcp        0      0 Landslyde:7050          *:*                     LISTEN      31794/eggdrop
tcp        0      0 *:ircd                  *:*                     LISTEN      8570/ircd
tcp        0      0 Landslyde:6668          *:*                     LISTEN      18439/eggdrop
tcp        0      0 Landslyde:6669          *:*                     LISTEN      18709/eggdrop
tcp        0      0 underworld.chat:http    *:*                     LISTEN      18915/apache2
tcp        0      0 *:32277                 *:*                     LISTEN      31317/eggdrop
tcp        0      0 *:ssh                   *:*                     LISTEN      19920/sshd
tcp        0      0 Landslyde:32278         *:*                     LISTEN      31407/eggdrop
tcp6       0      0 [::]:12322              [::]:*                  LISTEN      18915/apache2
tcp6       0      0 [::]:41411              [::]:*                  LISTEN      28336/znc
tcp6       0      0 [::]:5555               [::]:*                  LISTEN      9577/znc
tcp6       0      0 [::]:33333              [::]:*                  LISTEN      16304/znc
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN      19920/sshd
tcp6       0      0 [::]:https              [::]:*                  LISTEN      18915/apache2
root@Landslyde ~#

root@Landslyde ~# ifconfig -a
gre0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
      NOARP  MTU:1476  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

gretap0   Link encap:Ethernet  HWaddr 00:00:00:00:00:00
      BROADCAST MULTICAST  MTU:1476  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

ip6tnl0   Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
      NOARP  MTU:1460  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:16436  Metric:1
      RX packets:1333187 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1333187 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:90117469 (85.9 MiB)  TX bytes:90117469 (85.9 MiB)

venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
      inet addr:127.0.0.2  P-t-P:127.0.0.2  Bcast:0.0.0.0  Mask:255.255.255.255
      inet6 addr: 2a00:d880:3:2::7ae5:4651/128 Scope:Global
      inet6 addr: 2a00:d880:3:2::e756:ba7c/128 Scope:Global
      inet6 addr: 2a00:d880:3:2::bd41:1a90/128 Scope:Global
      inet6 addr: 2a00:d880:3:2::5c0b:2714/128 Scope:Global
      inet6 addr: 2a00:d880:3:2::297:a731/128 Scope:Global
      inet6 addr: 2a00:d880:3:2::6f2e:3a5c/128 Scope:Global
      inet6 addr: 2a00:d880:3:2::7d2:891e/128 Scope:Global
      inet6 addr: 2a00:d880:3:2::b6e8:cab1/128 Scope:Global
      inet6 addr: 2a00:d880:3:2::3583:7f57/128 Scope:Global
      inet6 addr: 2a00:d880:3:2::b962:72d6/128 Scope:Global
      inet6 addr: 2a00:d880:3:2::7f0b:2696/128 Scope:Global
      inet6 addr: 2a00:d880:3:2::a726:9e75/128 Scope:Global
      inet6 addr: 2a00:d880:3:2::e212:fcba/128 Scope:Global
      inet6 addr: 2a00:d880:3:2::ae8b:17c/128 Scope:Global
      inet6 addr: 2a00:d880:3:2::d5a:47c3/128 Scope:Global
      inet6 addr: 2a00:d880:3:2::5e63:c793/128 Scope:Global
      UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
      RX packets:239700733 errors:0 dropped:0 overruns:0 frame:0
      TX packets:62084551 errors:0 dropped:4 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:83918544871 (78.1 GiB)  TX bytes:10965021780 (10.2 GiB)

venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
      inet addr:81.4.108.50  P-t-P:81.4.108.50  Bcast:81.4.108.50  Mask:255.255.255.255
      UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

venet0:1  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
      inet addr:185.34.216.166  P-t-P:185.34.216.166  Bcast:185.34.216.166  Mask:255.255.255.255
      UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

root@Landslyde ~#

答案1

您不要将 IP 绑定到 Apache,而是使用服务器的网络接口进行绑定。

您要尝试做的是让 Apache 监听特定的 IP 地址和端口,因此该部分是正确的。语义。

/etc/apache2/ports.conf 文件中有什么?添加新 IP 后,您是否重新启动过服务器?

您能给我们提供以下命令的输出吗?

ifconfig -a

netstat -tap | grep LISTEN

相关内容