Author Topic: DDoS Protection script  (Read 36581 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
DDoS Protection script
« on: December 07, 2014, 01:13:37 AM »
Popular DDoS Deflate script with tiny modification to use CSF Firewall for IP blocking.
By default once installed, script will block all IP's having more than 250 connections.

Configuration
- File for ignored IPs "/usr/local/ddos/ignore.ip.list"
- Configuration File "/usr/local/ddos/ddos.conf"

INSTALL
Code: [Select]
cd /usr/local/src
rm -f /usr/local/src/install.sh
wget http://dl1.centos-webpanel.com/files/security/ddos-deflate/install.sh
chmod 0700 install.sh
./install.sh

IP's will be blocked with the comment "DDoS Deflate".


« Last Edit: May 16, 2017, 05:13:20 AM by Administrator »
AntiDDoS Protection (web + mail)
http://centos-webpanel.com/website-ddos-protection-proxy

Join our Development Team and get paid !
http://centos-webpanel.com/develope-modules-for-cwp


Services Monitoring & RBL Monitoring
http://centos-webpanel.com/services-monitor


Do you need Fast and FREE Support included for your CWP linux server?
http://centos-webpanel.com/noc-partner-list
Installation Instructions
http://centos-webpanel.com/installation-instructions
Get Fast Support Here
http://centos-webpanel.com/support-services

Offline
*
Re: DDoS Protection script
« Reply #1 on: December 28, 2014, 07:18:21 PM »
Hello.

CSF itself can be used to create Layer DDOS protection better than this script it have 2 options

1 . CONNLIMIT = 80;20,443;15
Port 80 no more than 20 connections from single ip and on ssl port no more than 15

2. CT_LIMIT = 250
CT_INTERVAL = 30

No more than 250 connections for 30 seconds from IP address (same as ddos deflate)

Offline
***
Re: DDoS Protection script
« Reply #2 on: December 30, 2014, 08:38:29 AM »
Thank you for such info.

I have used mod_slowloris when rebuilding Apache, and now with anti DDOS i can sleep a 1% more restfull than yesterday. My real panic comes from the invoice of the machines hahahaha.

Dudes about a "good connection limit".
Anyone with real experience on that?

#### Below this line i can be totally wrong. Tell me if you know ####

By "a connection (1)" i think "a single http request", like open a basic html/php web page wich is a GET http request. But if webpage has 20 images, the number or connections will be 1 or 21?

20 images can be 20 image resources being loaded from 1 connection, but usually would be a 4 simultaneous connections downloading 5 resources each one. I read somewhere that http web request can read up to 4 resources/link/images at time per domain. (This is the WHY about CDN techniques, 4 connections per sub/domain using extra subdomains for static/public content, and also applies for combine files, to reduce amount of request to get the full page load).

ANYWAY, i think 250x30 secs = 500 per minute, a bit HIGH value.
But if you have a bulletin board, a gallery or something like that may be LOW value.
As i see, i cannot set that rules PER DOMAIN. Don't?

By now i set it to 100/30 to do some testings :D.

Best regards.
8==D it's a function that try to compare 8 (int) against D (string) which returns True or False depending on the asker.

Offline
*
Re: DDoS Protection script
« Reply #3 on: February 02, 2016, 10:04:35 PM »
Maybe helps you, i know that the http protocol open 2 connections by request, the SPDY come to expand this limit, then over http i guess that 1 request is 2 connections, must be validated this...

Offline
*****
Re: DDoS Protection script
« Reply #4 on: March 06, 2016, 08:06:13 AM »
this scripts are useless

use cloudflare free plan

Offline
*
Re: DDoS Protection script
« Reply #5 on: March 24, 2016, 11:17:33 PM »
anybody can use it ? how it's work ? fine ?
thank you
best regards dude's

Offline
*****
Re: DDoS Protection script
« Reply #6 on: March 25, 2016, 03:51:09 AM »
it is basic protection

Offline
*
Re: DDoS Protection script
« Reply #7 on: March 25, 2016, 09:55:32 AM »
anybody can use it ? how it's work ? fine ?
thank you
best regards dude's

this can help you only if you kernel isn't overloaded with tcp connections and if you don't have ddos attacks over your network capacity.
In other cases you should use cloudflare our our ddos protection.
AntiDDoS Protection (web + mail)
http://centos-webpanel.com/website-ddos-protection-proxy

Join our Development Team and get paid !
http://centos-webpanel.com/develope-modules-for-cwp


Services Monitoring & RBL Monitoring
http://centos-webpanel.com/services-monitor


Do you need Fast and FREE Support included for your CWP linux server?
http://centos-webpanel.com/noc-partner-list
Installation Instructions
http://centos-webpanel.com/installation-instructions
Get Fast Support Here
http://centos-webpanel.com/support-services

Offline
*
Re: DDoS Protection script
« Reply #8 on: April 21, 2016, 04:51:39 AM »
I installed this script, and immediately un-installed it as soon as I discovered it was obsolete.

Look in the configuration file -- it looks for "ASF". What is that?
Sure enough, there was nothing on my CentOS installation at /etc/asf

Now it's CSF.

Offline
*
Re: DDoS Protection script
« Reply #9 on: April 02, 2017, 09:20:13 PM »
How does this help against DDOS?  By its very nature DDOS  (DISTRIBUTED denial of service) will come from multiple IP addresses.

Hello.

CSF itself can be used to create Layer DDOS protection better than this script it have 2 options

1 . CONNLIMIT = 80;20,443;15
Port 80 no more than 20 connections from single ip and on ssl port no more than 15

2. CT_LIMIT = 250
CT_INTERVAL = 30

No more than 250 connections for 30 seconds from IP address (same as ddos deflate)

Offline
*****
Re: DDoS Protection script
« Reply #10 on: April 12, 2017, 10:43:22 AM »
How does this help against DDOS?  By its very nature DDOS  (DISTRIBUTED denial of service) will come from multiple IP addresses.

Hello.

CSF itself can be used to create Layer DDOS protection better than this script it have 2 options

1 . CONNLIMIT = 80;20,443;15
Port 80 no more than 20 connections from single ip and on ssl port no more than 15

2. CT_LIMIT = 250
CT_INTERVAL = 30

No more than 250 connections for 30 seconds from IP address (same as ddos deflate)
this settings will conditionally mitigate the DDOS, you need to configure the server to mitigate it.

Offline
***
Re: DDoS Protection script
« Reply #11 on: May 15, 2017, 04:43:20 PM »
Hello.

CSF itself can be used to create Layer DDOS protection better than this script it have 2 options

1 . CONNLIMIT = 80;20,443;15
Port 80 no more than 20 connections from single ip and on ssl port no more than 15

2. CT_LIMIT = 250
CT_INTERVAL = 30

No more than 250 connections for 30 seconds from IP address (same as ddos deflate)

Thank you for this information, however I found a syntax error, it should be
Quote
CONNLIMIT = "80;150 21;50 443;150"

I added port 21, you might add more rules
150 connections per IP is fine to detect attacking
« Last Edit: May 15, 2017, 04:55:21 PM by locvfx »

Offline
*
Re: DDoS Protection script
« Reply #12 on: May 27, 2017, 09:08:46 AM »
What can you say about this fork https://github.com/jgmdev/ddos-deflate?
It has more features.

Offline
*
Re: DDoS Protection script
« Reply #13 on: May 27, 2017, 11:21:24 PM »
Popular DDoS Deflate script with tiny modification to use CSF Firewall for IP blocking.
By default once installed, script will block all IP's having more than 250 connections.

Configuration
- File for ignored IPs "/usr/local/ddos/ignore.ip.list"
- Configuration File "/usr/local/ddos/ddos.conf"

INSTALL
Code: [Select]
cd /usr/local/src
rm -f /usr/local/src/install.sh
wget http://dl1.centos-webpanel.com/files/security/ddos-deflate/install.sh
chmod 0700 install.sh
./install.sh

IP's will be blocked with the comment "DDoS Deflate".

why is this not implemented in gui cwp pro for easy setup?

Offline
*
Re: DDoS Protection script
« Reply #14 on: February 25, 2023, 03:44:55 PM »
Popular DDoS Deflate script with tiny modification to use CSF Firewall for IP blocking.
By default once installed, script will block all IP's having more than 250 connections.

Configuration
- File for ignored IPs "/usr/local/ddos/ignore.ip.list"
- Configuration File "/usr/local/ddos/ddos.conf"

INSTALL
Code: [Select]
cd /usr/local/src
rm -f /usr/local/src/install.sh
wget http://dl1.centos-webpanel.com/files/security/ddos-deflate/install.sh
chmod 0700 install.sh
./install.sh

IP's will be blocked with the comment "DDoS Deflate".

i have done these steps, how to sure this service is running, what is the command for it to check this service is running and what is command to restart this service is service is stopped... Please write these commands as well sir.