Control Web Panel

Security => CSF Firewall => Topic started by: Administrator on December 07, 2014, 01:13:37 AM

Title: DDoS Protection script
Post by: Administrator on December 07, 2014, 01:13:37 AM
Popular DDoS Deflate script with tiny modification to use CSF Firewall for IP blocking.
By default once installed, script will block all IP's having more than 250 connections.

Configuration
- File for ignored IPs "/usr/local/ddos/ignore.ip.list"
- Configuration File "/usr/local/ddos/ddos.conf"

INSTALL
Code: [Select]
cd /usr/local/src
rm -f /usr/local/src/install.sh
wget http://dl1.centos-webpanel.com/files/security/ddos-deflate/install.sh
chmod 0700 install.sh
./install.sh

IP's will be blocked with the comment "DDoS Deflate".


Title: Re: DDoS Protection script
Post by: coolice on December 28, 2014, 07:18:21 PM
Hello.

CSF itself can be used to create Layer DDOS protection better than this script it have 2 options

1 . CONNLIMIT = 80;20,443;15
Port 80 no more than 20 connections from single ip and on ssl port no more than 15

2. CT_LIMIT = 250
CT_INTERVAL = 30

No more than 250 connections for 30 seconds from IP address (same as ddos deflate)
Title: Re: DDoS Protection script
Post by: erm3nda on December 30, 2014, 08:38:29 AM
Thank you for such info.

I have used mod_slowloris when rebuilding Apache, and now with anti DDOS i can sleep a 1% more restfull than yesterday. My real panic comes from the invoice of the machines hahahaha.

Dudes about a "good connection limit".
Anyone with real experience on that?

#### Below this line i can be totally wrong. Tell me if you know ####

By "a connection (1)" i think "a single http request", like open a basic html/php web page wich is a GET http request. But if webpage has 20 images, the number or connections will be 1 or 21?

20 images can be 20 image resources being loaded from 1 connection, but usually would be a 4 simultaneous connections downloading 5 resources each one. I read somewhere that http web request can read up to 4 resources/link/images at time per domain. (This is the WHY about CDN techniques, 4 connections per sub/domain using extra subdomains for static/public content, and also applies for combine files, to reduce amount of request to get the full page load).

ANYWAY, i think 250x30 secs = 500 per minute, a bit HIGH value.
But if you have a bulletin board, a gallery or something like that may be LOW value.
As i see, i cannot set that rules PER DOMAIN. Don't?

By now i set it to 100/30 to do some testings :D.

Best regards.
Title: Re: DDoS Protection script
Post by: Hackaust on February 02, 2016, 10:04:35 PM
Maybe helps you, i know that the http protocol open 2 connections by request, the SPDY come to expand this limit, then over http i guess that 1 request is 2 connections, must be validated this...
Title: Re: DDoS Protection script
Post by: Sandeep on March 06, 2016, 08:06:13 AM
this scripts are useless

use cloudflare free plan
Title: Re: DDoS Protection script
Post by: crmgddn63 on March 24, 2016, 11:17:33 PM
anybody can use it ? how it's work ? fine ?
thank you
best regards dude's
Title: Re: DDoS Protection script
Post by: Sandeep on March 25, 2016, 03:51:09 AM
it is basic protection
Title: Re: DDoS Protection script
Post by: Administrator on March 25, 2016, 09:55:32 AM
anybody can use it ? how it's work ? fine ?
thank you
best regards dude's

this can help you only if you kernel isn't overloaded with tcp connections and if you don't have ddos attacks over your network capacity.
In other cases you should use cloudflare our our ddos protection.
Title: Re: DDoS Protection script
Post by: DeveloperMcD on April 21, 2016, 04:51:39 AM
I installed this script, and immediately un-installed it as soon as I discovered it was obsolete.

Look in the configuration file -- it looks for "ASF". What is that?
Sure enough, there was nothing on my CentOS installation at /etc/asf

Now it's CSF.
Title: Re: DDoS Protection script
Post by: MarkE on April 02, 2017, 09:20:13 PM
How does this help against DDOS?  By its very nature DDOS  (DISTRIBUTED denial of service) will come from multiple IP addresses.

Hello.

CSF itself can be used to create Layer DDOS protection better than this script it have 2 options

1 . CONNLIMIT = 80;20,443;15
Port 80 no more than 20 connections from single ip and on ssl port no more than 15

2. CT_LIMIT = 250
CT_INTERVAL = 30

No more than 250 connections for 30 seconds from IP address (same as ddos deflate)
Title: Re: DDoS Protection script
Post by: Sandeep on April 12, 2017, 10:43:22 AM
How does this help against DDOS?  By its very nature DDOS  (DISTRIBUTED denial of service) will come from multiple IP addresses.

Hello.

CSF itself can be used to create Layer DDOS protection better than this script it have 2 options

1 . CONNLIMIT = 80;20,443;15
Port 80 no more than 20 connections from single ip and on ssl port no more than 15

2. CT_LIMIT = 250
CT_INTERVAL = 30

No more than 250 connections for 30 seconds from IP address (same as ddos deflate)
this settings will conditionally mitigate the DDOS, you need to configure the server to mitigate it.
Title: Re: DDoS Protection script
Post by: locvfx on May 15, 2017, 04:43:20 PM
Hello.

CSF itself can be used to create Layer DDOS protection better than this script it have 2 options

1 . CONNLIMIT = 80;20,443;15
Port 80 no more than 20 connections from single ip and on ssl port no more than 15

2. CT_LIMIT = 250
CT_INTERVAL = 30

No more than 250 connections for 30 seconds from IP address (same as ddos deflate)

Thank you for this information, however I found a syntax error, it should be
Quote
CONNLIMIT = "80;150 21;50 443;150"

I added port 21, you might add more rules
150 connections per IP is fine to detect attacking
Title: Re: DDoS Protection script
Post by: IgorA100 on May 27, 2017, 09:08:46 AM
What can you say about this fork https://github.com/jgmdev/ddos-deflate?
It has more features.
Title: Re: DDoS Protection script
Post by: irwanto on May 27, 2017, 11:21:24 PM
Popular DDoS Deflate script with tiny modification to use CSF Firewall for IP blocking.
By default once installed, script will block all IP's having more than 250 connections.

Configuration
- File for ignored IPs "/usr/local/ddos/ignore.ip.list"
- Configuration File "/usr/local/ddos/ddos.conf"

INSTALL
Code: [Select]
cd /usr/local/src
rm -f /usr/local/src/install.sh
wget http://dl1.centos-webpanel.com/files/security/ddos-deflate/install.sh
chmod 0700 install.sh
./install.sh

IP's will be blocked with the comment "DDoS Deflate".

why is this not implemented in gui cwp pro for easy setup?
Title: Re: DDoS Protection script
Post by: imRelease on February 25, 2023, 03:44:55 PM
Popular DDoS Deflate script with tiny modification to use CSF Firewall for IP blocking.
By default once installed, script will block all IP's having more than 250 connections.

Configuration
- File for ignored IPs "/usr/local/ddos/ignore.ip.list"
- Configuration File "/usr/local/ddos/ddos.conf"

INSTALL
Code: [Select]
cd /usr/local/src
rm -f /usr/local/src/install.sh
wget http://dl1.centos-webpanel.com/files/security/ddos-deflate/install.sh
chmod 0700 install.sh
./install.sh

IP's will be blocked with the comment "DDoS Deflate".

i have done these steps, how to sure this service is running, what is the command for it to check this service is running and what is command to restart this service is service is stopped... Please write these commands as well sir.
Title: Re: DDoS Protection script
Post by: overseer on March 04, 2023, 07:35:57 AM
You do understand that DDoS Deflate on CWP is out-of-date (note this thread is from 2014)? Sandeep characterized it as "useless" at this point. Better to go with the Cloudflare advice primarily and also do the basic CSF tuning mentioned in this thread.