DDoS deflate-a simple solution for DDOS/CC attacks on VPS

I think now that we have been in contact with VPS for a long time, we also know that CC attacks are common on the Internet. Without hard defense, finding software is the most direct method, for example, if iptables is used, but iptables cannot be automatically blocked, it can only be manually shielded. Today I will introduce a software that can automatically block DDOS, CC, and SYN Attacks: DDoS Deflate.

DDoS deflate official URL: http://deflate.medialayer.com/

Dos deflate is a lightweight bash shell script to help users prevent DDOS attacks. It uses the following command to create a list of IP addresses connected to the server and the total number of connections to them. It is one of the simplest and easiest installation solutions at the software level.

How to check whether the website is attacked

Enter the above command in VPS to view

?1netstat-ntu | awk'{print $5}'| cut-d: -f1 | sort| uniq-c | sort-n

The following is an installation tutorial

?123wget http://www.inetbase.com/scripts/ddos/install.shchmod0700 install.sh./install.sh

After the installation, you will see a large number of protocols. Press q to exit:

After installation, the installation directory is/usr/local/ddos/

1. Ddos. conf? DDoS-Deflate configuration file, which is configured to prevent ddos attacks

2. Ddos. sh? The main program of DDoS-Deflate, written in shell, the functional modules of the entire program

3. Ignore. ip. list? Whitelist. When the ip address in the file exceeds the set number of connections, It is not blocked by DDoS-Deflate.

4. LICENSE? DDoS-Deflate program publishing Protocol

The following is a description of the configuration file in Chinese. You can modify the configuration file by default.

?12345678910111213141516171819202122232425##### Paths of the script and other filesPROGDIR=”/usr/local/ddos”PROG=”/usr/local/ddos/ddos.sh”IGNORE_IP_LIST=”/usr/local/ddos/ignore.ip.list” # White list. If there is a reverse proxy, add the local address and the local Internet IP address to prevent the host providing the reverse proxy from being determined as an attack.CRON=”/etc/cron.d/ddos.cron”APF=”/etc/apf/apf”IPT=”/sbin/iptables”##### frequency in minutes for running the script##### Caution: Every time this setting is changed, run the script with ?cron##### option so that the new frequency takes effectFREQ=1##### How many connections define a bad IP? Indicate that below. # threshold for the number of connections initiated by a single IP address. It is not recommended to set it too low.NO_OF_CONNECTIONS=150##### APF_BAN=1 (Make sure your APF version is atleast 0.96)##### APF_BAN = 0 (Uses iptables for banning ips instead of filters) # generally, you use iptables for firewall, so here you need to change the value of APF_BAN to 0.APF_BAN=1##### KILL=0 (Bad IPs are’nt banned, good for interactive execution of script)##### KILL=1 (Recommended setting)KILL=1 //Whether the IP address is blocked. The default value is OK.##### An email is sent to the following address when an IP is banned. # when the number of connections initiated by a single IP address exceeds the threshold, An email is sent to the specified recipient.##### Blank would suppress sending of mailsEMAIL_TO=”root” //Here is the mailbox, you can replace it with your mailbox##### Number of seconds the banned ip shoshould remain in blacklist. # set the Number of seconds after the blocked IP address is removed from the blacklist.BAN_PERIOD=600View the 117th rows of the/usr/local/ddos. sh file?1netstat-ntu | awk'{print $5}'| cut-d: -f1 | sort| uniq-c | sort-nr > $BAD_IP_LISTModify it to the following code !?1netstat-ntu | awk'{print $5}'| cut-d: -f1 | sed-n '/[0-9]/p'| sort| uniq-c | sort-nr > $BAD_IP_LISTUninstall?123wget http://www.inetbase.com/scripts/ddos/uninstall.ddoschmod0700 uninstall.ddos./uninstall.ddos

When setting a whitelist, the default whitelist is often incorrect. To avoid this problem, we can manually set the ip address of the whitelist and force it not to be modified?123vi/usr/local/ddos/ignore.ip.list //Set whitelist IP manuallychattr +i /usr/local/ddos/ignore.ip.list //Cannot be modifiedchattr -i /usr/local/ddos/ignore.ip.list //UnmodifiableFAQs

1. 1. How can I determine whether it takes effect?

2. Use web stress testing to attack yourself. This article will be introduced in a few days.

3. 2. Will the VPS script automatically run after it is restarted?

4. Will run automatically

5. 3. What is necessary software?

6. The Installation Method of iptables and sendmail is yum install iptables or sendmail.

7. 4. How to view blocked IP addresses

8. If the IP address is blocked, run the iptables-L-n command to view the blocked IP address.