DDoS deflate– Simple Solution VPS is ddos/cc attack

I think now everyone contact with the VPS for a long time, also know that the Internet is ddos,cc is the norm, in the absence of hard defense, looking for software replacement is the most direct method, such as with iptables, but iptables can not be automatically shielded, can only be manually shielded, Today, I would like to introduce you to a software that can automatically block Ddos,cc,syn attacks: DDoS Deflate.

ddos deflate official address: http://deflate.medialayer.com/

dos deflate is a lightweight bash shell script that assists users in blocking DDoS attacks by using the following command to create a list of IP addresses connected to the server and the total number of connections to them. It is one of the simplest and easiest to install solutions at the software level.

How to see if you are attacked

Enter the above command in the VPS to view

netstat-ntu | awk‘{print $5}‘| cut-d: -f1 | sort| uniq-c | sort-n

Here is the installation tutorial

wget http://www.inetbase.com/scripts/ddos/install.sh chmod +x install .sh . /install .sh

After installation, you will see a large agreement, press Q to exit:

After installation file description installation directory is:/usr/local/ddos/

1. ddos.conf? Ddos-deflate configuration file, which configures various behaviors to prevent DDoS when

2. ddos.sh? Ddos-deflate main program, using the shell written, the entire program function module

3. ignore.ip.list? Whitelist, the IP in this file exceeds the set number of connections and is not blocked by ddos-deflate

4. license? Ddos-deflate the release protocol of the program

Here is the Chinese description of the configuration file can be modified according to the configuration file, the default can also

##### Paths of the script and other files
PROGDIR = ”/ usr / local / ddos”
PROG = ”/ usr / local / ddos / ddos .sh”
IGNORE_IP_LIST = "/ usr / local / ddos / ignore.ip.list" # White list. If there is a reverse proxy, pay attention to adding the local address and the local external IP address to prevent the host providing the reverse proxy from being judged as an attack .
CRON = ”/ etc / cron .d / ddos. Cron”
APF = ”/ etc / apf / apf”
IPT = ”/ sbin / iptables” ##### frequency in minutes for running the script
##### Caution: Every time this setting is changed, run the script with? Cron
##### option so that the new frequency takes effect
FREQ = 1 ##### How many connections define a bad IP? Indicate that below. # The threshold for the number of connections initiated by a single IP is not recommended.
NO_OF_CONNECTIONS = 150
##### APF_BAN = 1 (Make sure your APF version is atleast 0.96)
##### APF_BAN = 0 (Uses iptables for banning ips instead of APF) #Generally you use iptables to make the firewall, so here you need to change the value of APF_BAN to 0.
APF_BAN = 1
##### KILL = 0 (Bad IPs are’nt banned, good for interactive execution of script)
##### KILL = 1 (Recommended setting)
KILL = 1 // Whether to block the IP, the default is fine
##### An email is sent to the following address when an IP is banned. # When the number of connections initiated by a single IP exceeds the threshold, an email will be sent to the specified recipient.
##### Blank would suppress sending of mails
EMAIL_TO = ”root” // here is the mailbox, you can replace it with yours
##### Number of seconds the banned ip should remain in blacklist. # Set how many seconds the blocked IP will be removed from the blacklist.
BAN_PERIOD = 600

View line 117th of the/usr/local/ddos/ddos.sh file

netstat-ntu | awk‘{print $5}‘| cut-d: -f1 | sort| uniq-c | sort-nr > $BAD_IP_LIST

Modify it to the following code!

netstat-ntu | awk‘{print $5}‘| cut-d: -f1 | sed-n ‘/[0-9]/p‘| sort| uniq-c | sort-nr > $BAD_IP_LIST

Unloading

wget http: //www .inetbase.com /scripts/ddos/uninstall .ddos
chmod +x uninstall.ddos
. /uninstall .ddos

White List settings

Sometimes the default whitelist often has errors, in order to avoid this situation, we can manually set the whitelist IP, and then force not allowed to modify

vi / usr / local / ddos / ignore .ip.list // Set the whitelist IP manually
chattr + i / usr / local / ddos / ignore .ip.list // Force modification is not allowed
chattr -i / usr / local / ddos / ignore .ip.list // Cancel modification

Problems

1. How to determine whether it is effective
Use web stress test, attack yourself, detailed article, will introduce in a few days

2. Will restarting the VPS script run automatically?
Will run automatically

3. What is the necessary software to run

iptables and sendmail installation method yum install iptables or sendmail sendmail can be installed.

4.How to check blocked IP
If blocked, use the iptables -L -n command to view the blocked IP
Reprinted please keep the permalink: https://www.linuxeye.com/security/2398.html