Архив рубрики: Публикации

D-Link USB Wi-Fi адаптер: какой WiFi модуль лучше выбрать

Всем привет! В статье мы сегодня пообщаемся про WiFi адаптеры от всем известной компании D-Link. Конечно, известная сетевая фирма не могла обойти свое внимание такое популярное устройство как беспроводной Wi-Fi adapter. В статье мы рассмотрим разные модели, а также посмотрим какая из них самая лучшая. Если у вас будут какие-то вопросы в ходе обзора – смело пишем в комментариях. Также я буду рад услышать и ваше мнение по поводу этих аппаратов. Читать →

Защищаем WordPress от спам-ботов и авто-ботов.

Рассмотрим скрипт, который позволяет «вычислить» как спам-ботов, так и авто-ботов и закрывать им доступ на весь сайт.

Всех «нехороших» ботов объединяет следующее: попадая на
любую страницу сайта, подобные боты первым делом пробегаются по всем
ссылкам на страничке для того, чтобы выяснить, где еще можно наспамить
или что-нибудь скачать. Вот на этом и будет основан наш скрипт защиты от
ботов.

Для начала создайте папку bad_bot в корне сайта. В папке bad_bot создайте четыре файла:

1) black_list.dat — изначально пустой файл, в который будет помещаться информация о ботах, «попавших в ловушку»;

2) pixel.gif — прозрачный файл размером в 1 пиксель. Простой человек его не видит, но только не бот. Скачать данный файл Вы можете по ссылке;

3) black_list.php — страничка, со скриптом
перейдя на которую бот будет «в ловушке», а вся необходимая информация о
боте будет помещена в файл black_list.dat;

4) index.php — скрипт, проверяющий есть ли данный IP в списке ботов. Если есть, то доступ для данного IP блокируется.

Теперь поместите в файл black_list.php следующий код:

<?php
echo '<html><body><p>Как Вы сюда попали?</p>';
echo '<p><a href="https://Ваш_домен.ru/">вернуться на главную страницу</a></p>';
if(phpversion() >= "4.2.0") {extract($_SERVER);}
$bad_bot = 0;
/* Смотрим, имеется ли такой же IP в базе */
$file_name = "black_list.dat";
$fp = fopen($file_name, "r") or die ("Ошибка, файл black_list.dat не найден <br>");
while ($line = fgets($fp, 255)) {
$u = explode(" ", $line);
if (preg_match("/".$u[0]."/", $REMOTE_ADDR)) {$bad_bot++;}
}
fclose($fp);
if ($bad_bot == 0) {
$tmestamp = time();
$datum = date("H:i:s d.m.Y",$tmestamp);
/* отсылаем отчет на email */
$to = "ваш@email.ru";
$subject = "Заголовок сообщения";
$msg = "Пришёл с $REQUEST_URI $datum IP: $REMOTE_ADDR, User-агент $HTTP_USER_AGENT";
mail($to, $subject, $msg);
/* Если отсылать отчет на email не надо, то 4 строки выше можно удалить*/

/* Добавляем запись в файл black_list.dat */
$fp = fopen($file_name,'a+');
fwrite($fp,"$REMOTE_ADDR $datum $REQUEST_URI $HTTP_REFERER $HTTP_USER_AGENTrn");
fclose($fp);
}
echo '</body></html>';
?>

Далее в файл index.php поместите следующий код:

<?php
if(phpversion() >= "4.2.0") {extract($_SERVER);}
$bad_bot = 0;
/* перебираем все записи в файле black_list.dat */
$file_name = "bad_bot/black_list.dat";
$fp = fopen($file_name, "r") or die ("Ошибка, файл black_list.dat не найден<br>несуществующий путь<br>");
while ($line = fgets($fp, 255)) {
$data = explode(" ", $line);
if (preg_match("/".$data[0]."/", $REMOTE_ADDR)) {$bad_bot++;}
}
fclose($fp);
if ($bad_bot > 0) { /* это бот и мы запрещаем ему вход на сайт */
sleep(3);            /* задержка загрузки странички */
echo '<html><head>';
echo '<title>Сайт временно недоступен.</title>';
echo '</head><body><br>';
echo '<center><h1>Сайт временно недоступен!</h1></center><br>';
echo '<p><center>Приносим свои извинения ...</center></p><br>';
echo '</body></html>';
exit;
}
?>

Обязательно в файле robots.txt запрещаем индексацию данной папки путем добавления строчки:

disallow: /bad_bot/

Теперь для защиты вашего сайта от ботов, на всех страницах сайта разместите невидимую ссылку следующим образом:

<a href="https://Baш_домен.ru/bad_bot/black_list.php">
<img src="https://Baш_домен.ru/bad_bot/pixel.gif" border="0" alt="" width="1" height="1">
</a>

Перед выводом каждой странички необходимо постоянно проверять содержимое файла black_list.dat, чтобы отсеивать «попавшихся» ботов. Для этого просто добавьте на все странички следующий код:

<?php include("https://Baш_домен.ru/bad_bot/index.php"); ?>

Файлу blacklist.dat необходимо дать на сервере права доступа для чтения и записи – 666.

Использовать данный скрипт необходимо с осторожностью,
т.к. он может заблокировать и некоторых «хороших» ботов. Например,
ботов, которые создают карту Вашего сайта.

[endtxt]

2019-09-16T00:55:15

WEB

MikroTik Unequal Dual WAN Load Balancing with Failover using ECMP

MikroTik Router is capable of doing Load Balancing with Failover over multiple gateways. Policy Based Routing, ECMP, PCC and NTH Load Balancing are the popular load balancing methods in MikroTik Router. Among these methods, ECMP is so easy to configure and provides almost 100% load balancing and link redundancy solution. In my previous article, I discussed how to configure Load Balancing and Link Redundancy using ECMP over two equal bandwidth gateways. ECMP method is also capable of doing load balancing over unequal bandwidth gateway. In this article, I will discuss how to configure load balancing with failover over two unequal bandwidth gateways using ECMP method.

ECMP (Equal Cost Multi Path) Routing

ECMP stands for Equal-Cost Multi-Path routing. ECMP is persistent per-connection load balancing or per-src-dst-address combination load balancing where a new gateway is chosen for each source and destination IP pair. It means that, for example, one FTP connection will use only one link, but new connection to a different server will use another link.

Network Diagram

We will configure Dual WAN load balancing over two unequal gateways using ECMP method according to the following diagram.

In this network, MikroTik Router’s ether1 port is connected to ISP1 with IP block 192.168.30.0/30 and ether2 port is connected to ISP2 with IP block 172.30.30./30 and ether3 port is connected to LAN network and its IP block is 10.10.10.0/24. PC-1 and PC-2 are two LAN workstations which are connected to LAN interface through a LAN switch.

We will configure ECMP Load Balancing in this MikroTik Router so that LAN traffics can pass though the both WAN connections. As ECMP is a per connection load balancing method and WAN connection has different bandwidth (WAN1: 20Mbps and WAN2: 10Mbps) with bandwidth ratio 2:1, we will pass two connections among three connections to WAN1 link and one connection to WAN2 link.

This ECMP configuration will also ensure Link Redundancy. So, if any WAN connection gets disconnected, LAN traffic will pass through the available WAN connection until the lost WAN connection gets available.

Load Balancing Configuration using ECMP over Unequal DUAL WAN Connections

We will now start Load Balancing and Link Redundancy configuration in MikroTik Router according to the above network diagram. Complete configuration can be divided into the following five steps.

Renaming MikroTik interface name
Assigning WAN and LAN IP
Assigning DNS IP
NAT configuration and
Routing configuration

Step 1: Renaming MikroTik Interface Name

We will first rename interface name so that we can easily understand and remember configuration. The following steps will show how to rename MikroTik interface name.

Login to MikroTik Router using Winbox with full permission user privilege.
Click on Interfaces menu item. Interface List window will appear.
Double click on ether1 interface. The properties window of the ether1 interface will appear.
Put WAN1 in Name input field under General tab and then click Apply and OK button.
Similarly, rename ether2 to WAN2 and ether3 to LAN.
Your Interface List window will look like the below image.

Step 2: Assigning WAN and LAN IP

We will now assign WAN and LAN IP addresses on our respected interface. The following steps will show how to assign IP address on MikroTik interfaces.

Go to IP > Addresses menu item. Address List window will appear.
Click on PLUS SIGN (+) and put ISP1 provided IP address (192.168.30.2/30) in Address input field.
Choose WAN1 from Interface dropdown menu and click Apply and OK button.
Similarly, Click on PLUS SIGN (+) and put ISP2 provided IP address (172.30.30.2/30) in Address input field and choose WAN2 from interface dropdown menu and then click Apply and OK button.
Click on PLUS SIGN (+) again and put LAN gateway IP (10.10.10.1/24) in Address input field and choose LAN from Interface drop down menu and then click Apply and OK button
Your Address List window will look like the below image.

Step 3: Assigning DNS IP

DNS is required to resolve domain name to IP address. Without DNS server MikroTik Router cannot resolve domain name to IP address and fail to communicate with the public domain server. The following steps will show how to assign DNS IP in MikroTik Router.

Go to IP > DNS menu item. DNS Settings window will appear.
Put your DNS server IP provided by your ISP or put Google public DNS Server IP 8.8.8 in Serversinput field.
Click Apply and OK button.

Step 4: NATing Configuration

We will now create two masquerade NAT rules so that LAN users can access internet through the both WAN connections. That means, if any packet leaves via WAN1, it will be NATed to WAN1 gateway IP address and if any packet leaves via WAN2, it will be NATed to WAN2 gateway IP address. The following steps will show how to create masquerade NAT rule in MikroTik Router.

Go to IP > Firewall menu option. Firewall window will appear.
Click on NAT tab and then click on PLUS SIGN (+). New NAT Rule window will appear now. From General tab, choose srcnat from Chain drop-down menu and put LAN IP block (10.10.10.0/24) in Src. Address input field and then choose WAN1 interface (in this article: WAN1) from Out. Interface drop-down menu. Now click on Action tab and choose masquerade from Action drop-down menu and then click Apply and OK button.
Similarly, click on PLUS SIGN (+) again and choose srcnat from Chain drop-down menu and put LAN IP block (10.10.10.0/24) in Src. Address input field and then choose your WAN2 interface (in this article: WAN2) from Out. Interface drop-down menu. Now click on Action tab and choose masquerade from Action drop-down menu and then click Apply and OK button.

Step 5: Routing Configuration

We will now configure ECMP (Equal Cost Multi-Path) gateway over two WAN links. As we have unequal bandwidth link (WAN1:WAN2=2:1), we will put WAN1 gateway twice time and WAN2 gateway one time. The following steps will show how to assign ECMP gateway in MikroTik Router.

Go to IP > Routes menu option. Route List window will appear.
Click on PLUS SIGN (+). New Route window will appear.
Put WAN1 gateway IP (in this article: 192.168.30.1) in Gateway input box and then click on Add new value button located after gateway input box. New gateway input box will appear. Put WAN1 gateway IP (192.168.30.1) again and click on Add new value button. Put WAN2 gateway IP (172.30.30.1) in new Gateway input box.
Now choose ping from Check Gateway drop-down menu.
Click Apply and OK button.

So, two connections among three connections will pass through WAN1 connection and one connection will pass through WAN2 connection. WAN connections will be checked by ping and if any connection gets disconnected, traffic will pass through the available WAN connection until the lost WAN connection gets connected. So, load balancing with failover will be established with ECMP load balancing method.

Connections to the Router Itself

With all multi-gateway situations there is a usual problem to reach router from public network via one, other or both gateways. Because outgoing packets use same routing decision as packets those are going through the router. So reply to a packet that was received via WAN1 might be sending out via WAN2. To avoid this we need to do policy based routing.

The following steps will show how to mark router’s incoming connection to pass it over proper gateway.

Go to IP > Firewallmenu option and click on Mangle Now click on PLUS SIGN (+). New Mangle Rule window will appear now.
From General tab, choose input from Chain drop-down menu and choose WAN1 from Interface drop-down menu. Now click on Action tab and choose mark connection from Action drop-down menu and put connection name (WAN1_CONN) whatever string you like in New Connection Mark input field and then uncheck the Passthrough check box if it is checked. Click Apply and OK button.
Similarly, click on PLUS SIGN (+) and choose input from Chain drop-down menu and then choose WAN2 from In. Interface drop-down menu. Click on Action tab and choose mark connection from Action drop-down menu and put connection name (WAN2_CONN) whatever string you like in New Connection Mark input field and uncheck the Passthrough checkbox if it is checked and then click Apply and OK
Now click on PLUS SIGN (+) and choose output from Chain drop-down menu and then click on Connection Mark drop-down menu and choose WAN1 connection mark (in this article: WAN1_CONN) that you have created at the first step. Now click on Action tab and choose mark routing from Action drop-down menu and put routing mark name (to_WAN1) in New Routing Mark input field and uncheck the Passthrough checkbox if it is checked and then click Apply and OK
Similarly, click on PLUS SIGN (+). Choose output from Chain drop-down menu and choose WAN2 connection mark (in this article: WAN2_CONN) that you have created at the second step. Now click on Action tab and choose mark routing from Action drop-down menu and then put routing mark name (to_WAN2) in New Routing Mark input box and uncheck the Passthrough checkbox if it is checked. Click Apply and OK

Mangle Rule to Mark Router's Incoming Connections — Mangle Rule to Mark Router’s Incoming Connections

We have created policy to pass router’s incoming packets to the respected WAN interface. Now we will create routing based on this policy.

Go to IP > Routes menu option. Route List window will appear.
Click on PLUS SIGN (+) and put WAN1 gateway IP (192.168.30.1) in Gateway input box and choose ping from Check Gateway drop down and then choose ISP1 routing mark (in this article: to_WAN1) from Routing Mark drop-down menu. Click Apply and OK button.
Similarly, click on PLUS SIGN (+) and put ISP2 gateway IP (172.30.30.1) in Gateway input box and choose ping from Check Gateway drop down and then choose WAN2 routing mark (in this article: to_WAN2) from Routing Mark drop-down menu. Now click Apply and OK button.

Policy based routing to get router properly from public network has been completed. Now ECMP load balancing will affect no more on getting router from public network.

If you face any confusion to follow the above steps, watch the following video on MikroTik ECMP Load Balancing with Failover over two unequal gateways. Hope it will reduce your any confusion.

ReadMag.ru

рецепты по настройке программного обеспечения