Prevent and Stop DoS or DDoS Attacks on Web Server (D)DOS-Deflate

[Zake]

All web servers been connected to the Internet subjected to DoS (Denial of Service) or DDoS (Distrubuted Denial of Service) attacks in some kind or another, where hackers or attackers launch large amount connections consistently and persistently to the server, and in advanced stage, distributed from multiple IP addresses or sources, in the hope to bring down the server or use up all network bandwidth and system resources to deny web pages serving or website not responding to legitimate visitors.

 

There are plenty of ways to prevent, stop, fight and kill off DDoS attack, such as using firewall. A low cost, and probably free method is by using software based firewall or filtering service. (D)DoS-Deflate is a free open source Unix/Linux script by MediaLayer that automatically mitigate (D)DoS attacks. It claims to be the best, free, open source solution to protect servers against some of the most excruciating DDoS attacks.

 

(D)DoS-Deflate script basically monitors and tracks the IP addresses are sending and establishing large amount of TCP network connections such as mass emailing, DoS pings, HTTP requests) by using “netstat” command, which is the symptom of a denial of service attack. When it detects number of connections from a single node that exceeds certain preset limit, the script will automatically uses APF or IPTABLES to ban and block the IPs. Depending on the configuration, the banned IP addresses would be unbanned using APF or IPTABLES (only works on APF v 0.96 or better).

 

Installation and setup of (D)DOS-Deflate on the server is extremely easy. Simply login as root by open SSH secure shell access to the server, and run the the following commands one by one:

 

wget http://www.inetbase.com/scripts/ddos/install.sh

chmod 0700 install.sh

./install.sh

 

To uninstall the (D)DOS-Deflate, run the following commands one by one instead:

 

wget http://www.inetbase.com/scripts/ddos/uninstall.ddos

chmod 0700 uninstall.ddos

./uninstall.ddos

 

The configuration file for (D)DOS-Deflate is ddos.conf, and by default it will have the following values:

 

FREQ=1

NO_OF_CONNECTIONS=50

APF_BAN=1

KILL=1

EMAIL_TO=”root”

BAN_PERIOD=600

 

Users can change any of these settings to suit the different need or usage pattern of different servers. It’s also possible to whitelist and permanently unblock (never ban) IP addresses by listing them in /usr/local/ddos/ignore.ip.list file. If you plan to execute and run the script interactively, users can set KILL=0 so that any bad IPs detected are not banned.

[Nosti21]

this is working for sure?? i can do it to all machines?? it looks really good. i will test it for my own server..

[Lucky Dice]

this is working for sure?? i can do it to all machines??

[Hax0r]

It is addressed to Linux operating systems.

[ArkeyWave]

It is addressed to Linux operating systems.

ofc .. because of .SH link ..

 

btw .. this really looks nice, and you just say for WEB SERVER .. couldn't be used on dedicated servers ?

[Nosti21]

its only for web server?? or i can do it and for dedicate servers? tell me..

[Zake]

its only for web server?? or i can do it and for dedicate servers? tell me..

I didn't check this, its tested on webservers for sure, give it a try on a dedicate one, then post here.

Also something is missing, its tested only in Linux[more specificly in Ubuntu 10.10 (Maverick Meerkat)]  i don't know about windows or any other os.

[Nosti21]

I didn't check this, its tested on webservers for sure, give it a try on a dedicate one, then post here.

Also something is missing, its tested only in Linux[more specificly in Ubuntu 10.10 (Maverick Meerkat)]  i don't know about windows or any other os.

ok thanks for the informations.. i will test it and i will give a feedback.

[Pinaepple]

Tested and its really cool.

Thanks a lot.

[Vkouk]

Tested and its really cool.

Thanks a lot.