nvram set sdram_init=0x0008
nvram set sdram_config=0x0033
nvram set sdram_ncdl=0x0000
nvram set ip_conntrack_max=65536
nvram commit
存档
分类: 网络相关2010年3月8日22点34分42秒,朋友赵小猫QQ发来消息说编辑帖子就会500 - Internal server error,2010年3月9日上班时,同事说报告文件无法上传,也是提示500错误,经过查看发现服务器/var 的10G空间已经满满的了,习惯的备份并删除之,后来感觉不对劲,再查看一下,发现nginx日志以每秒2M的速度上涨,这就不正常了,查看日志,发现,有人总是访问一个不存在的页面,而且useragent并不是主流浏览器
183.2.109.60 "09/Mar/2010:03:25:56 +0000" "GET /contribute.php HTTP/1.1" 403 169 "-" "Mozilla/3.0 (compatible; Indy Library)" -
123.171.5.7 "09/Mar/2010:03:25:56 +0000" "GET /contribute.php HTTP/1.1" 403 169 "-" "Mozilla/3.0 (compatible; Indy Library)" -
124.163.139.83 "09/Mar/2010:03:25:56 +0000" "GET /contribute.php HTTP/1.1" 403 169 "-" "Mozilla/3.0 (compatible; Indy Library)" -
59.55.47.46 "09/Mar/2010:03:25:56 +0000" "GET /contribute.php HTTP/1.1" 403 169 "-" "Mozilla/3.0 (compatible; Indy Library)" -
113.128.132.41 "09/Mar/2010:03:25:56 +0000" "GET /contribute.php HTTP/1.1" 403 169 "-" "Mozilla/3.0 (compatible; Indy Library)" -
122.230.11.56 "09/Mar/2010:03:25:56 +0000" "GET /contribute.php HTTP/1.1" 403 169 "-" "Mozilla/3.0 (compatible; Indy Library)" -
117.59.46.176 "09/Mar/2010:03:25:56 +0000" "GET /contribute.php HTTP/1.1" 403 169 "-" "Mozilla/3.0 (compatible; Indy Library)" -
112.4.161.20 "09/Mar/2010:03:25:56 +0000" "GET /contribute.php HTTP/1.1" 403 169 "-" "Mozilla/3.0 (compatible; Indy Library)" -
110.16.129.42 "09/Mar/2010:03:25:56 +0000" "GET /contribute.php HTTP/1.1" 403 169 "-" "Mozilla/3.0 (compatible; Indy Library)" -
119.101.102.145 "09/Mar/2010:03:25:56 +0000" "GET /contribute.php HTTP/1.1" 403 169 "-" "Mozilla/3.0 (compatible; Indy Library)" -
这是其中一段日志,可以看出,访问速度非常之快,当时就怀疑是被CC攻击了,由于对服务器影响并不大,所以没有重视,3月10日上午对公司网站功能模块进行了更新,下午突然发现网站访问速度变慢,起初以为是网站功能模块编写不恰当造成卡机,但是后来进行本地测试并没有发现这个问题,10 日下午3点左右,服务器突然无法访问了,联系机房后得知是被攻击,攻击流量超过1G,这里援引客服的话
尊敬的客户:
您好,请查看附件这个是您机器遇到攻击的流量,这只能为您划出的交换机上的流量 (最大100M),但光纤上遇到的流量已经超过1G.所以我们进行停机处理。
停机后,我们对所有域名停止解析,等待一切平静,晚上9点,流量过去了,赶紧对公司主域名恢复访问,其他域名仍然是停止解析状态,回家睡觉,今天早上来到公司,大家都在议论此事,而此时一切风平浪静,公司网站访问正常,这时我将所有域名重新开启解析,本以为平安无事了,没想到没过多久,新一轮的CC攻击开始了,我们立即意识到,DDoS即将来临,赶紧叫同事把今天需要完成的订单下载下来,以防服务器被停机,暂停解析所有域名,并且通知机房做好连接日志的记录,流量刚上来,估计是域名解析生效了,没有造成太大的破坏,这时服务器还能连接上,通过查看服务器连接发现,38这个IP连接数巨大,而38这个IP是分配给Vcor的黑帽安全小组使用,立即将38这个IP停止,并联系他本人,据他描述,由于黑客动画吧想要吞并他们,但是他们拒绝了,所以黑吧就对他们的网站发动了攻击,了解到这点,我听取了职业欠钱的建议,我启用了黑帽的域名,并且将黑帽的域名解析到了工信部,让他们去攻击,所以各位现在去访问黑帽的首页,蹦出来的就是工信部的网站了,让丫的攻击,攻击完了等着工信部去收拾你
以下是我们自行监视到的流量
上面是按小时查看,可以很清楚的看到受到攻击的情况,后面的没有流量了说明是被机房切断了
上面是按天查看的,可以发现8-11日流量激增
上面是按月查看,可以看到,这个月才10天左右,流量就已经比上一个月多了一倍了
======================================
3月12日更新:
昨天晚上把Vcor的域名解析到了黑吧,结果发现他们的网站停了,今天上午把域名解析到黑吧VIP,发现VIP也停了,但是主站恢复正常
引言:前段时间一直没空翻译,所以直接贴了英文版的在上面,可能难为了那些英文比我还烂的童鞋(本人至今公共英语四级未通过),今天拿来翻译下,上面一行是英文,下面一行是中文,翻译的不好的地方请大家指教
Installing the Client Program
安装客户端程序
Install PPTP Client from the Ubuntu Project:
从Ubuntu Project安装PPTP客户端
apt-get install pptp-linux
上面那行是命令,在终端输入的,不翻译了
Installing the Configuration Program
安装配置程序
Note: you may wish to skip the configuration program and configure the client by hand.
注意:你可能想要跳过安装配置程序,并且手工配置客户端
1. add the following lines to the sources list file, /etc/apt/sources.list :
1.添加下面几行到源列表,/etc/apt/sources.list
# James Cameron's PPTP GUI packaging
deb http://quozl.netrek.org/pptp/pptpconfig ./
Note: can use a text editor, or simply cat the lines on to the end of the file using >>, but if you make a mistake in formatting you will likely be told by the apt-get update step.
注意:你可以使用文本编辑器,或者使用 >> cat这几行到文件末端,但是如果你的格式出错了,在apt-get update时可能会出问题
2. update the list of packages:
2.更新包列表
apt-get update
上面是命令
3. install the PPTP Client GUI:
3.安装PPTP客户端GUI程序
apt-get install pptpconfig
上面是命令
Note: you may be told that the packages could not be authenticated. For the moment, tell your system to install them anyway. We'll take patches to our release process if anyone can explain simply how to provide authentication.
这句太麻烦,不翻译了,大概意思是如果系统提示无法验证包,请选择无论如何都安装
Configuration, by hand
手工配置
1. obtain from your PPTP Server administrator:
1.从你的PPTP服务器管理员处获取:
* the IP address or host name of the server ($SERVER),
* 服务器的IP地址或名称(下面用$SERVER代替)
* the name you wish to use to refer to the tunnel ($TUNNEL),
* VPN连接的通道名称(下面用$TUNNEL代替)(译者注:一般情况下,通道名称可以自己起,比如我就是用vpn这三个字母做通道名称的)
* the authentication domain name ($DOMAIN),
* 验证域的名称(下面用$DOMAIN代替)(译者注:一般是没有这个东西,留空就好)
* the username you are to use ($USERNAME),
* 拨号用的用户名(下面用$USERNAME代替)
* the password you are to use ($PASSWORD),
* 拨号用的密码(下面用$PASSWORD代替)
* whether encryption is required.
* 是否要求加密
In the steps below, substitute these values manually. For example, where we write $PASSWORD we expect you to replace this with your password.
这句话的内容都在上面的注释里了,不翻译了
2. create or edit the /etc/ppp/options.pptp file, which sets options common to all tunnels:
2.创建或者编辑 /etc/ppp/options.pptp文件,这个是所有通道的共同设置
下面这个是文件的内容
lock noauth nobsdcomp nodeflate
3. create or add lines to the /etc/ppp/chap-secrets file, which holds usernames and passwords:
3. 创建或者添加下面这些行到 /etc/ppp/chap-secrets 文件,这个文件存储用户名和密码
$DOMAIN\\$USERNAME PPTP $PASSWORD * #备注:$DOMAIN可以不要
Note: if you are using a PPTP Server that does not require an authentication domain name, omit the slashes as well as the domain name.
这句是我上面的备注内容,不翻译了
Note: if the passwords contain any special characters, quote them. See man pppd for more details.
注意:如果密码中有特殊字符,用双引号引起来
4. create a /etc/ppp/peers/$TUNNEL file:
4. 创建 /etc/ppp/peers/$TUNNEL 文件内容如下
pty "pptp $SERVER --nolaunchpppd"
name $DOMAIN\\$USERNAME
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
ipparam $TUNNEL
Note: if you do not need MPPE support, then remove the require-mppe-128 option from this file and /etc/ppp/options.pptp.
注意:如果你不需要MPPE支持,从这个文件和/etc/ppp/options.pptp删除 require-mppe-128
5. start the tunnel using the pon command:
5. 用pon命令连接VPN
pon $TUNNEL
to further diagnose a failure, add options to the command:
pon $TUNNEL debug dump logfd 2 nodetach
Note: we have further information on enabling debug mode, and on diagnosing problems.
6. stop the tunnel using the poff command:
6. 用poff命令断开连接
poff $TUNNEL
注:上面的翻译已经足够连接上VPN服务器了,下面是讲创建启动脚本的,这里就不翻译了,有空继续下面的翻译
7. to script the tunnel connection so that something is done as soon as the tunnel is up, use either ip-up.d scripts or the updetach keyword.
1. see the Routing HOWTO for examples of ip-up.d scripting that adds routes or iptables rules.
2. using updetach will cause pppd to fork, detach, and exit with success once the network link is up. This example connects a provider link, then the tunnel, then runs fetchmail to get new e-mail:
pon provider updetach && pon $TUNNEL updetach && fetchmail
Note: the double ampersand && means that the commands following it will only be executed if the command to the left of it was successful. If the tunnel fails to connect, the fetchmail will not happen.
8. to have the tunnel automatically restarted if it fails, add the option persist to either the command line or the /etc/ppp/peers/$TUNNEL file.
9. to have the tunnel started on system boot:
* for Debian Sarge and later, edit the /etc/network/interfaces file, and add this section:
auto tunnel
iface tunnel inet ppp
provider $TUNNEL
* for Debian Woody, edit the /etc/ppp/no_ppp_on_boot file, remove the first line comment, and change the word provider to the name of your tunnel, so that it looks like this:
#!/bin/sh
...
$PPPD call $TUNNEL
(The line ... means the other lines in the file, it doesn't mean a line with three dots.)
Then rename the no_ppp_on_boot file and make it executable:
# mv /etc/ppp/no_ppp_on_boot /etc/ppp/ppp_on_boot
# chmod +x /etc/ppp/ppp_on_boot
Every time your computer starts, the tunnel will be started automatically.
我所在的学校使用802.1x的人证方式,每个月10元网费,有4G流量可以使用,超过1M1分钱,这TMD贵啊,但是有一点,用到40元就封顶了,这个还算人性吧,就是路由器没办法用,既然40元能封顶,而且网速还算凑合,为什么不整个宿舍使用一个账号呢?想到这里,我宿舍正好有一台电脑闲置,配置还凑合,512M 内存,2.4G CPU,40G 硬盘,跑Ubuntu的Server版是绰绰有余了,这就动手,搞成路由器!
闲话不多说,下面看看怎么搞
继续阅读
$fp=fsockopen('time.nist.gov',13,$errno,$errstr,90); echo fread($fp,2096);
这段代码使用的是Daytime Protocol协议,只要进行TCP连接,不用发送任何数据,时间服务器就会返回标准时间,格式如下
55088 09-09-14 00:45:33 50 0 0 773.8 UTC(NIST) *