W3 Total Cache支持三种缓存机制,一种是Disk磁盘缓存,一种是Opcode,另一种是Memcached。关于如何开启后两种模式,在Debian系统的VPS主机上配置W3 Total Cache这篇文章中有详细说明。
修改fail2ban的配置文件增加对同网段多IP暴力破解的防护
上篇文章讲到在fail2ban日志中发现大量来自103.41.124.0网段的不同IP的攻击,针对这种自动更换ip地址的暴力破解,fail2ban的默认配置是无能为力的。但是看了下fail2ban的文档之后,发现只需要修改一下默认的配置文件,就能够实现自动屏蔽整个网段的功能,防止这种更换ip地址的暴力破解方式。下面就来动手操作一下
查找和编辑动作配置文件
首先,找到fail2ban使用的动作配置文件。
一般情况下,可以在/etc/fail2ban/jail.local 的配置文件内查找banaction 变量,后面跟的就是使用的动作配置文件名称,一般情况下默认的配置文件名称是iptables-multiport.conf
找到配置文件名称后打开对应的动作配置文件
# nano /etc/fail2ban/action.d/iptables-multiport.conf
fail2ban日志分析
最近更新了bail2ban的策略,改为了永久禁止访问,今天查看了一下日志,结果发现有一个网段的ip地址频繁出现
2015-02-13 18:08:57,207 fail2ban.actions: WARNING [ssh] Ban 103.41.124.33 2015-02-13 18:09:16,248 fail2ban.actions: WARNING [ssh] Ban 103.41.124.16 2015-02-13 19:00:02,999 fail2ban.actions: WARNING [ssh] Ban 103.41.124.27 2015-02-13 19:16:27,926 fail2ban.actions: WARNING [ssh] Ban 103.41.124.35 2015-02-13 20:00:40,905 fail2ban.actions: WARNING [ssh] Ban 103.41.124.34 2015-02-13 20:00:44,936 fail2ban.actions: WARNING [ssh] Ban 103.41.124.100 2015-02-13 21:06:59,809 fail2ban.actions: WARNING [ssh] Ban 103.41.124.50 2015-02-13 21:16:57,486 fail2ban.actions: WARNING [ssh] Ban 103.41.124.43 2015-02-13 21:58:26,833 fail2ban.actions: WARNING [ssh] Ban 103.41.124.41 2015-02-13 22:49:11,007 fail2ban.actions: WARNING [ssh] Ban 103.41.124.32 2015-02-13 23:04:09,953 fail2ban.actions: WARNING [ssh] Ban 103.41.124.45 2015-02-13 23:48:15,939 fail2ban.actions: WARNING [ssh] Ban 103.41.124.31 2015-02-14 01:09:43,018 fail2ban.actions: WARNING [ssh] Ban 103.41.124.25 2015-02-14 01:10:19,081 fail2ban.actions: WARNING [ssh] Ban 103.41.124.59 2015-02-14 02:01:26,588 fail2ban.actions: WARNING [ssh] Ban 103.41.124.15 2015-02-14 02:17:38,680 fail2ban.actions: WARNING [ssh] Ban 103.41.124.55 2015-02-14 03:02:33,731 fail2ban.actions: WARNING [ssh] Ban 103.41.124.39 2015-02-14 04:04:54,910 fail2ban.actions: WARNING [ssh] Ban 103.41.124.101 2015-02-14 04:12:04,420 fail2ban.actions: WARNING [ssh] Ban 103.41.124.30 2015-02-14 04:57:14,321 fail2ban.actions: WARNING [ssh] Ban 103.41.124.19 2015-02-14 06:06:29,596 fail2ban.actions: WARNING [ssh] Ban 103.41.124.40 2015-02-14 06:48:14,308 fail2ban.actions: WARNING [ssh] Ban 103.41.124.61 2015-02-14 06:48:14,331 fail2ban.actions: WARNING [ssh] Ban 103.41.124.53 2015-02-14 07:57:25,026 fail2ban.actions: WARNING [ssh] Ban 103.41.124.20 2015-02-14 08:44:33,402 fail2ban.actions: WARNING [ssh] Ban 103.41.124.48 2015-02-14 09:48:18,648 fail2ban.actions: WARNING [ssh] Ban 103.41.124.28 2015-02-14 10:30:31,395 fail2ban.actions: WARNING [ssh] Ban 103.41.124.63 2015-02-14 12:34:26,457 fail2ban.actions: WARNING [ssh] Ban 103.41.124.111 2015-02-14 13:18:15,364 fail2ban.actions: WARNING [ssh] Ban 103.41.124.64 2015-02-14 14:16:19,407 fail2ban.actions: WARNING [ssh] Ban 103.41.124.46 2015-02-14 15:14:35,912 fail2ban.actions: WARNING [ssh] Ban 103.41.124.22 2015-02-14 15:29:50,005 fail2ban.actions: WARNING [ssh] Ban 103.41.124.42 2015-02-14 16:16:53,012 fail2ban.actions: WARNING [ssh] Ban 103.41.124.17 2015-02-14 17:09:27,315 fail2ban.actions: WARNING [ssh] Ban 103.41.124.102
Debian7下Apache2的配置方法
Debian 7下面安装的Apache2的配置方式与普通的Linux系统有些不一样,很多原本在apache2.conf里的配置现在都在不同的地方设置。下面就来一一介绍一下。
虚拟主机的配置
Debian7下,虚拟主机VirtualHost的配置全都是通过sites-available和sites-enabled这两个文件夹来控制,通过将sites-available里的配置文件硬链接到sites-enabled来达到启用的目的。
这种机制有一个好处,就是通过SSH命令行进行管理变得非常容易。这里有两个命令
a2ensite a2dissite
每个命令后跟上相应的配置文件名称就可以达到启用和停用虚拟主机的目的,更加重要的是用了这两个命令之后,不需要手动用ln命令创建硬链接了,Debian会自动在sites-enabled文件夹中创建和删除相应的配置文件。
如果忘了配置文件的名称,也可以不带参数直接输入命令,就会列出所有存在的虚拟主机配置文件。
PS:参照Apache自带的default配置文件,似乎虚拟主机的配置文件是不需要后缀名的。另外,Debian自动创建的硬链接似乎在SFTP下无法识别。
Apache模块的配置
Debian7下,除了虚拟主机是这种机制外,Apache2模块的启用和停用也是基于同样的机制。
同样是包含两个命令
a2enmod a2dismod
使用W3 Total Cache插件优化前后对比
在使用了Memcache作为W3 Total Cache的缓存引擎之后,页面的加载时间对比