Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - duy13

Pages: [1]
1
How to / [AntiDDoS] for CWP Panel with vDDoS Proxy Protection
« on: May 01, 2022, 04:18:15 AM »
ANTIDDOS CWP Panel (Update 2022 - How to full install)

Video: https://www.youtube.com/watch?v=tSoP46Q62oE


STEP 1: Install CWP Panel

Code: [Select]
cd /usr/local/src
wget http://centos-webpanel.com/cwp-el7-latest
sh cwp-el7-latest

More documentation:
https://centos-webpanel.com/cwp-installation



STEP 2: Install vDDoS Proxy Protection

vDDoS Proxy Protection is free software to provide a Reverse Proxy Server HTTP(S) protocols. It act as a Layer 7 Firewall Filter & Mitigate DOS, DDOS, SYN Floods, or HTTP Floods attack to protect your website.

Code: [Select]
wget https://files.voduy.com/vDDoS-Proxy-Protection/latest.sh ; chmod 700 latest.sh ; bash latest.sh

More documentation:
https://vddos.voduy.com





STEP 3: Change Default Port Apache Listen of Centos Web Panel:

By default CWP uses only Apache running on port 80, 443. I will switch to "Nginx Proxy Apache" mode, the purpose is to let Apache change the port and replace Nginx with vDDoS.
We can use the function: Setup default Web Servers at Apache Settings >> Select WebServer



So Apache will be listened to at another port is 8181 and 8443

Code: [Select]
[root@vDDoS-CWP Panel ~]# netstat -lntup|grep httpd
tcp6       0      0 :::8181         :::*                    LISTEN      1304/httpd
tcp6       0      0 :::8443         :::*                    LISTEN      1304/httpd

Stop Nginx:

Code: [Select]
service nginx stop
chkconfig nginx off




STEP 4: Config vDDoS Proxy Protection

For example, the IP Addr of your server is 1.2.3.4:

Code: [Select]
nano /vddos/conf.d/website.conf

# Website       Listen               Backend                  Cache Security SSL-Prikey   SSL-CRTkey
default         http://0.0.0.0:80    http://1.2.3.4:8181    no    no      no           no
default         https://0.0.0.0:443  https://1.2.3.4:8443   no    no      /vddos/ssl/your-domain.com.pri /vddos/ssl/your-domain.com.crt
Restart vDDoS service after you have configured:

Code: [Select]
/usr/bin/vddos restart


STEP 5: Config vDDoS Auto Add

vDDoS Auto Add is a addon support for vDDoS Proxy Protection - Monitor Domains/Aliasdomains/Subdomains in Panel Hosting, Web Server, List Domain, Virtual Host... and automatically add them into the website.conf file.

Code: [Select]
nano /vddos/auto-add/setting.conf

# Default Setting for vddos-add command:

SSL auto
DNS_sleep 66
DNS_alias_mode no
Cache no
Security no
HTTP_Listen http://0.0.0.0:80
HTTPS_Listen https://0.0.0.0:443
HTTP_Backend http://1.2.3.4:8181
HTTPS_Backend https://1.2.3.4:8443

Set Crontab:

Code: [Select]
echo '*/15 * * * * root /usr/bin/vddos-autoadd panel cwp apache' >> /etc/crontab



STEP 6: Config vDDoS Auto Switch

vDDoS Auto Switch is a addon support for vDDoS Proxy Protection - Automatically identifies overloaded websites and changes their Security Mode.

Code: [Select]
nano /vddos/auto-switch/setting.conf

# This is the default configuration for "sensor-switch.sh" and "vddos-autoswitch.sh"

hostname="vDDoS Master" #(Name this server, it will show up in Email notifications)

vddos_master_slave_mode="no" #(Turn on "yes" if your system has slave servers, want to sync affter switch like master)
backend_url_check="no" #(Put the URL of the backend. Ex: https://1.1.1.1:8443/ (make sure Backend status response is "200"))

send_notifications="no" #(Turn on "yes" if you want receive notification)
smtp_server="smtps://smtp.gmail.com" #(SMTP Server)
smtp_username="xxx@gmail.com" #(Your Mail)
smtp_password="xxxxxxxxxxxxx" #(Get your Apps password for Gmail from https://security.google.com/settings/security/apppasswords)
send_notifications_to="xxxx@gmail.com" #(Your Email Address will receive notification)


maximum_allowable_delay_for_backend=2 #(Means: If Backend (status response "200") is slower than 2s, vDDoS will enable challenge mode)
maximum_allowable_delay_for_website=2 #(Means: If Website (status response "200") is slower than 2s, vDDoS will enable challenge mode)

default_switch_mode_not_attack="no" #(Default Mode vDDoS use when it's not under attacked)
default_switch_mode_under_attack="high" #(Default Mode vDDoS use when it's under attack)
default_waiting_time_to_release="60" #(For example 60 minutes, release time from challenge)


Crontab vDDoS Auto Switch:

Code: [Select]
echo '*/5 * * * * root /usr/bin/vddos-autoswitch checkalldomain high' >> /etc/crontab
echo '0 */3 * * * root /usr/bin/vddos-switch allsite no && /usr/bin/vddos reload' >> /etc/crontab
echo '* * * * * root /usr/bin/vddos-sensor' >> /etc/crontab


More documentation:
https://github.com/duy13/vDDoS-Auto-Switch

2




This is awesome

3
SSL / Re: how to install third Party ssl
« on: May 14, 2020, 06:07:37 PM »
Link: http://forum.centos-webpanel.com/index.php?topic=8957.0

The same problem, it can be solved by admin but how can customers add their certificates from 3rd parties themselves in CWP cPanel?



Any suggestions?

4
SSL / Why CWP don't have "Custom SSL functionality" for customers
« on: May 12, 2020, 09:44:35 AM »
For example they buy their own ssl or certificate and they can add it to their domain themselves
Currently they can only use AutoSSL or need admin to add their custom certificate



And please design a place for them to generate CSR and Private KEY (Self-signed Certificate).

Thanks you very much!

5
How to / [ANTIDDOS] for CWP Panel with vDDoS Proxy Protection
« on: June 16, 2018, 04:34:36 PM »
ANTIDDOS CWP Panel (Update 2018 - How to full install)



STEP 1: Install CWP Panel
Code: [Select]
cd /usr/local/src
wget http://centos-webpanel.com/cwp-el7-latest
sh cwp-el7-latest

More documentation: 
http://centos-webpanel.com/cwp-installation

STEP 2: Install vDDoS Proxy Protection
vDDoS Proxy Protection is free software to provide a Reverse Proxy Server HTTP(S) protocols. It act as a Filter & Mitigate DOS, DDOS, SYN Floods, or HTTP Floods attack to protect your website.

Code: [Select]
curl -L https://github.com/duy13/vDDoS-Protection/raw/master/latest.sh -o latest.sh
chmod 700 latest.sh
bash latest.sh

STEP 3: Change Apache Default Port

By default, CWP uses Apache alone and runs on port 80, 443. We can use the function: Setup default Web Servers at Apache Settings >> Select WebServer



Change it into: Apache & Varnish Cache & Nginx Reverse Proxy or Apache & Nginx Reverse Proxy, So Apache will be listened to at another port is 8181 and 8443; to facilitate our proxying.


Click Save and Re-check Apache port:

Code: [Select]
[root@vDDoS-CWP Panel ~]# netstat -lntup|grep httpd; netstat -lntup|grep nginx; netstat -lntup|grep varnishd
tcp6       0      0 :::8181         :::*                    LISTEN      1304/httpd
tcp6       0      0 :::8443         :::*                    LISTEN      1304/httpd
tcp        0      0 1.2.3.4:80      0.0.0.0:*               LISTEN      5481/nginx: master
tcp        0      0 1.2.3.4:443     0.0.0.0:*               LISTEN      5481/nginx: master
tcp        0      0 127.0.0.1:6082  0.0.0.0:*               LISTEN      1418/varnishd
tcp        0      0 0.0.0.0:82      0.0.0.0:*               LISTEN      1418/varnishd
tcp6       0      0 :::82           :::*                    LISTEN      1418/varnishd

It can be seen that Nginx listened at 80 and 443, then it proxyed to port 82 of Varnish cache server then Varnish continued forwarding traffic to Apache at port 8181.
So you can stop Nginx and replacing it with vDDoS, Reverse Proxy for vDDoS to any port of Apache or Varnish (With Varnish you will be cached and reach faster speeds)

Code: [Select]
service nginx stop
chkconfig nginx off

STEP 4: Config vDDoS Proxy Protection

The following example assumes the IP address of the server you are 1.2.3.4:

Code: [Select]
nano /vddos/conf.d/website.conf

# Website       Listen               Backend                  Cache Security SSL-Prikey   SSL-CRTkey
default         http://0.0.0.0:80    http://1.2.3.4:8181    no    no      no           no
default         https://0.0.0.0:443  http://1.2.3.4:8181   no    no      /vddos/ssl/your-domain.com.pri /vddos/ssl/your-domain.com.crt


Configuration like the above you will use directly from vDDoS reverse proxy to Apache port, If you want to use port of Varnish cache server then you can configure as follows:

Code: [Select]
nano /vddos/conf.d/website.conf

# Website       Listen               Backend                  Cache Security SSL-Prikey   SSL-CRTkey
default         http://0.0.0.0:80    http://1.2.3.4:82    no    no      no           no
default         https://0.0.0.0:443  http://1.2.3.4:82   no    no      /vddos/ssl/your-domain.com.pri /vddos/ssl/your-domain.com.crt

Restart vDDoS service after you have configured:
Code: [Select]
/usr/bin/vddos restart
Auto-start vDDoS services on boot:
Code: [Select]
/usr/bin/vddos autostart



STEP 5: Config vDDoS Auto Add
vDDoS Auto Add is a addon support for vDDoS Proxy Protection - Monitor Domains/Aliasdomains/Subdomains in Panel Hosting, Web Server, List Domain, Virtual Host... and automatically add them into the website.conf file.

Code: [Select]
nano /vddos/auto-add/setting.conf

Default Setting for vddos-add command:

SSL Auto
Cache no
Security no
HTTP_Listen http://0.0.0.0:80
HTTPS_Listen https://0.0.0.0:443
HTTP_Backend http://1.2.3.4:82
HTTPS_Backend http://1.2.3.4:82

Crontab CWP Panel:
Code: [Select]
echo '*/25 * * * * root /usr/bin/vddos-autoadd panel cwp apache' >> /etc/crontab



STEP 6: Config vDDoS Auto Switch
vDDoS Auto Switch is a addon support for vDDoS Proxy Protection - Automatically identifies overloaded websites and changes their Security Mode.

Code: [Select]
echo '*/6 * * * * root /usr/bin/vddos-autoswitch checkalldomain high' >> /etc/crontab
echo '0 */3 * * * root /usr/bin/vddos-autoswitch flushalldomain /vddos/conf.d/website.conf no' >> /etc/crontab

6
Try ab tool:
Code: [Select]
ab -n100000 -c500 http://cloudflare-web.i-com.cf:8080/ # High load

7
CentOS-WebPanel Bugs / Re: Website Down
« on: December 24, 2017, 04:11:09 PM »
Some days my website often decreased so can not be accessed. all run normally again after I reboot the server. And after a few hours later this happens again. I do not know why, anyone can help?


You may have been attacked by ddos. Please check the connection number to your server:
Code: [Select]
netstat -an |grep ":80" |awk '{print $5}' | sed s/::ffff://g | cut -d: -f1 |sort |uniq -c |sort -n | tail -1000 | grep -v "0.0.0.0"

PM My skype voduy13 for support

8
Re-Build Apache config, kill apache, start nginx, start apache

9
Installation / Re: 安装cwp,packages下载非常缓慢1-5kb/s
« on: July 09, 2017, 02:51:35 PM »
You can try install CWP over sock proxy or something like that

10
I can install the vDDoS Proxy Protection after installing the CWP?
Problems will not be?
I did not quite understand how vDDoS works with nginx?
Should vDDoS listen on port 80? If so, how will the data be transferred from the vDDoS to the nginx configured on the non 80 port?
Is it possible to remove the vDDoS , if so, how?
Thank you!

1. vDDoS should be installed before installing other things (CWP, cPanel, VestaCP, LAMP, LEMP...)
(PS: But I try to install vDDoS after CWP is still successful-CentOS 7)

2. Nginx or Apache... running & listen on other-port /Example: 8080, 8443... Vddos listens at 80 and 443

3. Remove vDDoS:

Code: [Select]
vddos stop
rm -rf /usr/bin/vddos
rm -rf /vddos
rm -rf /usr/lib64/vddos/modules
rm -rf /var/log/vddos
rm -rf /var/cache/vddos

11
in https and centos 7 you must update nginx to 1.3 , becouse in nginx what to isntall not work openssl
Thanks for your report!



vDDoS 1.12.0 or 1.13.0 still working perfectly HTTP/2 with Openssl 1.0.2k https://www.openssl.org/source/old/1.0.2/ openssl-1.0.2l will be update soon

How to install with already installed cwp7 with apache and Nginx Reverse Proxy?

Thanks

You can change default port of nginx or stop & remove nginx (using only Apache+vDDoS)

Or install vDDoS in other-server

12
[AntiDDOS] How to Install vDDoS & CSF on CWP to AntiDDOS, DOS, SYN Flood, HTTP Floods attack

vDDoS Layer4 Mapping is a addon support for vDDoS Proxy Protection - Monitor processor logs and block it in Layer 3-4. This tool is product for those people ask me to add "BLOCK & CAPTCHA" on Layer 3-4 (Support Iptables CSF & CloudFlare API) for vDDoS Proxy Protection.



1. Install vDDoS Proxy Protection + CWP

Please visit Part 1: http://forum.centos-webpanel.com/how-to/(antiddos)-install-vddos-on-cwp-to-antiddos-dos-syn-flood-http-floods-attack/

2. Install vDDoS Layer4 Mapping

Code: [Select]
curl -L https://github.com/duy13/vDDoS-Layer4-Mapping/raw/master/vddos-layer4-mapping -o /usr/bin/vddos-layer4
chmod 700 /usr/bin/vddos-layer4
/usr/bin/vddos-layer4

Use vDDoS-Layer4-Mapping:

Code: [Select]
/usr/bin/vddos-layer4
(Choose options 5)


Code: [Select]
   Welcome to vDDoS, a HTTP(S) DDoS Protection Reverse Proxy. Thank you for using!

        Please choose vDDoS Layer 4 Running Mode:

         CloudFlare Mode:
          1. Enable Captcha-All-Country Mode (Recommend This Mode For Large DDoS Attacks)
          2. Enable Monitor-vDDoS-logs-and-Captcha Mode
          3. Enable Monitor-vDDoS-logs-and-Block Mode
          4. Remove all rules exist on CloudFlare Firewall

         CSF Mode:
          5. Enable Monitor-vDDoS-logs-and-Block Mode
          6. Remove all rules exist on CSF

         End & Exit:
          7. End All Process (Kill all Process Mode Running)
          8. Exit

Enter Your Answer [1, 2, 3... or 8]:

DOS Flood Attack - Before using vDDoS Protection:



DOS Flood Attack - After using vDDoS Protection:



View More Config: http://vddos.voduy.com

13
[AntiDDOS] How to Install vDDoS on CWP to AntiDDOS, DOS, SYN Flood, HTTP Floods attack

What is vDDoS?

vDDoS Proxy Protection is free software to provide a Reverse Proxy Server HTTP(S) protocols. It act as a Layer 7 Firewall Filter & Mitigate DOS, DDOS, SYN Floods, or HTTP Floods attack to protect your website.
Homepage: http://vddos.voduy.com

System Requirement:
CentOS Server 5/6/7 x86_64 (http://centos.org)
CloudLinux Server 5/6/7 x86_64 (http://cloudlinux.com)




Install vDDoS Proxy Protection on Centos Web Panel

1. Install vDDoS Proxy Protection: (Please goto vDDoS Homepage and get new version)

Code: [Select]
curl -L https://github.com/duy13/vDDoS-Protection/raw/master/vddos-1.12.0-centos7 -o /usr/bin/vddos
chmod 700 /usr/bin/vddos
/usr/bin/vddos help

/usr/bin/vddos setup

2. Install Centos Web Panel: (Please goto CWP Homepage and get new version)

Code: [Select]
cd /usr/local/src
wget http://centos-webpanel.com/cwp-latest
sh cwp-latest

3. Change Default Port Apache Listen of Centos Web Panel:

CWP Setting > Edit Setting > Apache Port > 8080 (or something like that)



Code: [Select]
[root@vddos ~]# netstat -lntup|grep httpd
tcp        0      0 0.0.0.0:8080                0.0.0.0:*                   LISTEN      7466/httpd

4. Config vDDoS Proxy Protection:

Code: [Select]
nano /vddos/conf.d/website.conf

# Website           Listen            Backend               Cache  Security  SSL-Prikey  SSL-CRTkey
your-domain.com http://0.0.0.0:80 http://167.114.161.2:8080 no     5s             no          no
default         http://0.0.0.0:80 http://167.114.161.2:8080 no     5s             no          no

Security mode: no < 307 < 200 < click < 5s < high < captcha

vDDoS Restart:

Code: [Select]
[root@vddos ~]# vddos restart
0.0.0.0:80
vDDos service Restart success!


4. Example Test website:

Security DDOS mode: 5s checking



Security DDOS mode: reCaptcha checking




View More Config: http://vddos.voduy.com

Part 2: http://forum.centos-webpanel.com/csf-firewall/(antiddos)-vddos-csf-on-cwp-to-antiddos-dos-syn-flood-http-floods-attack/

Pages: [1]