DDoS deflate protects against Linux DDoS attacks

Server operations may be attacked by hackers. Common attacks include SYN and DDoS. By changing the IP address, it is possible to find the attacked site to avoid the attack, but the service interruption takes a long time. A thorough solution is to add a hardware firewall. However, hardware firewalls are expensive. In the absence of hardware protection, finding a software alternative is the most direct method. For example, iptables is used, but iptables cannot be automatically shielded and can only be manually shielded. Here we will introduce a software that can automatically block the IP address of DDoS attackers: DDoS deflate.

 

DDoS deflate is a lightweight script to help block the bash shell script in the Process of DoS attacks. It uses the following command to create a list of IP addresses connected to the server and the total number of connections to them. This is one of the simplest solutions for installing software.

#Netstat-NTU | awk '{print $5}' | cut-D:-F1 | sort | uniq-c | sort-n

IP addresses that exceed the number of pre-configured connections are automatically blocked by the server firewall

 

Script features:

1. You can configure the IP address of the whitelist by configuring:/usr/local/DDOS/ignore. IP. List

2. simple configuration file:/usr/local/DDOS/DDoS. conf

3. The IP address sealing time is preset (default: 600 seconds later)

4. Through the configuration file, the script can be periodically run (default: 1 minute)

5. When an IP address is blocked, you can receive email alerts for the specified email address.

 

Installation:

#Wget http://www.inetbase.com/scripts/ddos/install.sh #Chmod 0700 install. Sh #Cat install. Sh #! /Bin/sh If [-d '/usr/local/DDOS']; then Echo; ECHO; echo "Please un-install the previous version first" Exit 0 Else Mkdir/usr/local/DDoS Fi Clear Echo; echo 'installing DOS-Deflate 0.6 '; echo Echo; echo-N 'downloading source files ...' Http://www.inetbase.com/scripts/ddos/ddos.conf for wget-Q-O/usr/local/DDOS/DDoS. conf Echo-n '.' Wget-Q-O/usr/local/DDOS/license http://www.inetbase.com/scripts/ddos/LICENSE Echo-n '.' Wget-Q-O/usr/local/DDOS/ignore. IP. List http://www.inetbase.com/scripts/ddos/ignore.ip.list Echo-n '.' Wget-Q-O/usr/local/DDOS/DDoS. Sh http://www.inetbase.com/scripts/ddos/ddos.sh Chmod 0755/usr/local/DDOS/DDoS. Sh CP-S/usr/local/DDOS/DDoS. sh/usr/local/sbin/DDoS Echo '... done'   Echo; echo-N 'Creating cron To run script every minute... (default setting )' /Usr/local/DDOS/DDoS. Sh -- cron>/dev/null 2> & 1 Echo '... done' Echo; echo 'installation has completed .' Echo 'config file is at/usr/local/DDOS/DDoS. conf' Echo 'Please send in your comments and/or suggestions to zaf@vsnl.com' Echo CAT/usr/local/DDOS/license | less #./Install. Sh

 

Configuration file:

#Ll/usr/local/DDOS/ Total usage 24 -RW-r --. 1 Root 971 January 10 2006DDoS. conf -Rwxr-XR-X. 1 Root 3945 2006 DDoS. Sh -RW-r --. 1 Root 10 August January 10 2006 ignore. IP. List -RW-r --. 1 Root 10113 January 10 2006 license #CAT/usr/local/DDOS/DDoS. conf ##### Paths of the script and other files Progdir = "/usr/local/DDOS" # file storage directory Prog = "/usr/local/DDOS/DDoS. Sh" # main function script Ignore_ip_list = "/usr/local/DDOS/ignore. IP. List" # whitelist address list Cron = "/etc/cron. d/DDoS. cron" # crond scheduled task script <G id = "1"> </etc/</G>" EPT = "/sbin/iptables"   ##### Frequency in minutes for running the script ##### Caution: Every time this setting is changed, run the script with -- Cron ##### Option so that the new frequency takes effect Freq = 1 # frequency of DDoS. Sh execution, in minutes. It is executed with crontab. ##### How many connections define a bad Ip? Indicate that below. No_of_connections = 150 # set the maximum number of connections. IP addresses exceeding this number will be blocked.   ##### Apf_ban = 1 (make sure your APL version is atleast 0.96) ##### Apf_ban = 0 (uses iptables for banning IPS instead of APT) Apf_ban = 1 #1: Use<G id = "1"> </G>: UseIptables,Generally, you useIptablesFirewall,So here you needApf_banThe value is changed0   ##### Kill = 0 (Bad IPs are 'nt banned, good for interactive execution of script) ##### Kill = 1 (recommended setting) Kill = 1 #Will be invalidIPJoinIptablesOfInputChain in progress, DropOf.   ##### An email is sent to the following address when an IP is banned. ##### Blank wocould suppress sending of mails Email_to = "root" # email address for sending email alerts   ##### Number of seconds the banned IP shoshould remain in blacklist. Ban_period = 600 # time when the IP address is blocked, which can be adjusted as needed #

 

Uninstall ddosdeflate

#Wget http://www.inetbase.com/scripts/ddos/uninstall.ddos #Chmod 0700 Uninstall. DDoS #./Uninstall. DDoS