Introduction to DDoS Deflate
DDoS deflate is a free script for defending and mitigating DDoS attacks. It creates an IP address for a large number of network connections through Netstat monitoring trails that prohibit or block these IPs through APF or iptables when a node is detected that exceeds the preset limit.
DDoS Deflate official website: http://deflate.medialayer.com/
How do I verify that DDoS attacks are being exploited? Perform:
| The code is as follows | Copy Code |
Netstat-ntu | awk ' {print $} ' | Cut-d:-f1 | Sort | uniq-c | Sort-n |
|
After execution, the number of connections to each IP on the server is displayed.
Here are the results of my own VPS test:
| The code is as follows | Copy Code |
li88-99:~# Netstat-ntu | awk ' {print $} ' | Cut-d:-f1 | Sort | uniq-c | Sort-n |
|
A few, more than 10, or dozens of connections per IP are fairly normal, and if hundreds of thousands of them seem to be out of the ordinary.
1. Install DDoS deflate123 wget http://www.inetbase.com/scripts/ddos/install.sh//download DDoS deflate
| The code is as follows | Copy Code |
| Chmod 0700 install.sh//Add Permissions ./install.sh//Executive |
|
2. Configure DDoS deflate The following is the default configuration for DDoS deflate located in/usr/local/ddos/ddos.conf, which reads as follows:
| The code is as follows | Copy Code |
| ##### Paths of the script and other files Progdir= "/usr/local/ddos" Prog= "/usr/local/ddos/ddos.sh" Ignore_ip_list= "/usr/local/ddos/ignore.ip.list"//IP address white list cron= "/etc/cron.d/ddos.cron"//Timed execution procedure apf= "/etc/apf/apf" ipt= "/sbin/iptables" ##### frequency in minutes for running the script ##### caution:every time This setting are changed, run the script with--cron ##### option so the new frequency takes effect Freq=1//Check time interval, default 1 minutes ##### How many connections define a bad IP? indicate that below. no_of_connections=150//Maximum number of connections, more than this number of IP will be blocked, the general default can be ##### apf_ban=1 (Make sure your APF version is atleast 0.96) ##### apf_ban=0 (Uses iptables for banning IPs instead of APF) Apf_ban=1//using APF or iptables. It is recommended to use Iptables to change the value of Apf_ban to 0. ##### kill=0 (Bad IPs are ' NT banned, good for interactive execution of script) ##### kill=1 (recommended setting) Kill=1//Whether shielding IP, the default can ##### an email was sent to the following address when a IP is banned. ##### Blank would suppress sending of mails email_to= "root"///when IP is blocked to send mail to the specified mailbox, recommended to use, change your own mailbox can ##### number of seconds the banned IP should remain in blacklist. ban_period=600//Disable IP time, default 600 seconds, can be adjusted according to the situation |
|
The user can modify the configuration file according to the comment content that is added to the default profile.
View the 117th line of the/usr/local/ddos/ddos.sh file (partial personality, and then modify it when the default is found to be invalid)
| The code is as follows | Copy Code |
Netstat-ntu | awk ' {print $} ' | Cut-d:-f1 | Sort | uniq-c | Sort-nr > $BAD _ip_list |
|
Modify to the following code!
| The code is as follows | Copy Code |
Netstat-ntu | awk ' {print $} ' | Cut-d:-f1 | Sed-n '/[0-9]/p ' | Sort | uniq-c | Sort-nr > $BAD _ip_list |
|
Like toss can use the web stress test software to test the effect, believe that DDoS deflate or can give your VPS or server to protect against a part of DDoS attacks, to your site more protection.
In addition to this approach we recommend ourselves to use a method of preventing DDoS attacks
Script
| The code is as follows | Copy Code |
wget http://www.inetbase.com/scripts/ddos/install.sh |
|
If uninstall is required
| The code is as follows | Copy Code |
wget http://www.inetbase.com/scripts/ddos/uninstall.sh |
|
Then the installation was successful. For general DDoS should be no problem.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
