DDoS Protection script

Popular DDoS Deflate script with tiny modification to use CSF Firewall for IP blocking.
By default once installed, script will block all IP's having more than 250 connections.

Configuration
- File for ignored IPs "/usr/local/ddos/ignore.ip.list"
- Configuration File "/usr/local/ddos/ddos.conf"

INSTALL

Code: [Select]

cd /usr/local/src
rm -f /usr/local/src/install.sh
wget http://dl1.centos-webpanel.com/files/security/ddos-deflate/install.sh
chmod 0700 install.sh
./install.sh
IP's will be blocked with the comment "DDoS Deflate".

Hello.

CSF itself can be used to create Layer DDOS protection better than this script it have 2 options

1 . CONNLIMIT = 80;20,443;15
Port 80 no more than 20 connections from single ip and on ssl port no more than 15

2. CT_LIMIT = 250
CT_INTERVAL = 30

No more than 250 connections for 30 seconds from IP address (same as ddos deflate)

Thank you for such info.

I have used mod_slowloris when rebuilding Apache, and now with anti DDOS i can sleep a 1% more restfull than yesterday. My real panic comes from the invoice of the machines hahahaha.

Dudes about a "good connection limit".
Anyone with real experience on that?

#### Below this line i can be totally wrong. Tell me if you know ####

By "a connection (1)" i think "a single http request", like open a basic html/php web page wich is a GET http request. But if webpage has 20 images, the number or connections will be 1 or 21?

20 images can be 20 image resources being loaded from 1 connection, but usually would be a 4 simultaneous connections downloading 5 resources each one. I read somewhere that http web request can read up to 4 resources/link/images at time per domain. (This is the WHY about CDN techniques, 4 connections per sub/domain using extra subdomains for static/public content, and also applies for combine files, to reduce amount of request to get the full page load).

ANYWAY, i think 250x30 secs = 500 per minute, a bit HIGH value.
But if you have a bulletin board, a gallery or something like that may be LOW value.
As i see, i cannot set that rules PER DOMAIN. Don't?

By now i set it to 100/30 to do some testings .

Best regards.

Maybe helps you, i know that the http protocol open 2 connections by request, the SPDY come to expand this limit, then over http i guess that 1 request is 2 connections, must be validated this...

this scripts are useless

use cloudflare free plan

anybody can use it ? how it's work ? fine ?
thank you
best regards dude's

it is basic protection

anybody can use it ? how it's work ? fine ?
thank you
best regards dude's

this can help you only if you kernel isn't overloaded with tcp connections and if you don't have ddos attacks over your network capacity.
In other cases you should use cloudflare our our ddos protection.

I installed this script, and immediately un-installed it as soon as I discovered it was obsolete.

Look in the configuration file -- it looks for "ASF". What is that?
Sure enough, there was nothing on my CentOS installation at /etc/asf

Now it's CSF.

How does this help against DDOS?  By its very nature DDOS  (DISTRIBUTED denial of service) will come from multiple IP addresses.

Hello.

CSF itself can be used to create Layer DDOS protection better than this script it have 2 options

1 . CONNLIMIT = 80;20,443;15
Port 80 no more than 20 connections from single ip and on ssl port no more than 15

2. CT_LIMIT = 250
CT_INTERVAL = 30

No more than 250 connections for 30 seconds from IP address (same as ddos deflate)

How does this help against DDOS?  By its very nature DDOS  (DISTRIBUTED denial of service) will come from multiple IP addresses.

Hello.

CSF itself can be used to create Layer DDOS protection better than this script it have 2 options

1 . CONNLIMIT = 80;20,443;15
Port 80 no more than 20 connections from single ip and on ssl port no more than 15

2. CT_LIMIT = 250
CT_INTERVAL = 30

No more than 250 connections for 30 seconds from IP address (same as ddos deflate)

this settings will conditionally mitigate the DDOS, you need to configure the server to mitigate it.

Hello.

CSF itself can be used to create Layer DDOS protection better than this script it have 2 options

1 . CONNLIMIT = 80;20,443;15
Port 80 no more than 20 connections from single ip and on ssl port no more than 15

2. CT_LIMIT = 250
CT_INTERVAL = 30

No more than 250 connections for 30 seconds from IP address (same as ddos deflate)

Thank you for this information, however I found a syntax error, it should be

CONNLIMIT = "80;150 21;50 443;150"

I added port 21, you might add more rules
150 connections per IP is fine to detect attacking

What can you say about this fork https://github.com/jgmdev/ddos-deflate?
It has more features.

Popular DDoS Deflate script with tiny modification to use CSF Firewall for IP blocking.
By default once installed, script will block all IP's having more than 250 connections.

Configuration
- File for ignored IPs "/usr/local/ddos/ignore.ip.list"
- Configuration File "/usr/local/ddos/ddos.conf"

INSTALL

Code: [Select]

cd /usr/local/src
rm -f /usr/local/src/install.sh
wget http://dl1.centos-webpanel.com/files/security/ddos-deflate/install.sh
chmod 0700 install.sh
./install.sh
IP's will be blocked with the comment "DDoS Deflate".

why is this not implemented in gui cwp pro for easy setup?

Popular DDoS Deflate script with tiny modification to use CSF Firewall for IP blocking.
By default once installed, script will block all IP's having more than 250 connections.

Configuration
- File for ignored IPs "/usr/local/ddos/ignore.ip.list"
- Configuration File "/usr/local/ddos/ddos.conf"

INSTALL

Code: [Select]

cd /usr/local/src
rm -f /usr/local/src/install.sh
wget http://dl1.centos-webpanel.com/files/security/ddos-deflate/install.sh
chmod 0700 install.sh
./install.sh
IP's will be blocked with the comment "DDoS Deflate".

i have done these steps, how to sure this service is running, what is the command for it to check this service is running and what is command to restart this service is service is stopped... Please write these commands as well sir.