linux poison RSS
linux poison Email

Bash Script - Protect your server from DDos (Distributed Denial of Service) Attack

What is DDos attack:
On the Internet, a distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.

DDoS-Deflate is a very simple but effective bash script which monitors the numbers of connection made by a particular ip address using 'netstat' command and if the number of connection from a single ip address reaches a particular limit (150 default) it will block that ip address using simple iptables rules for defined time period.

DDoS-Deflate Installation:
Open the terminal and type following command:
wget http://www.inetbase.com/scripts/ddos/install.sh
chmod 0700 install.sh
./install.sh
After successful installation, you can find the DDoS-Deflate configuration file at: /usr/local/ddos/ddos.config
open this configuration file and adjust the parameter that suits your environment, in most of the case the default settings are good enough, the configuration parameter that you can set are ...
FREQ=1
NO_OF_CONNECTIONS=150
APF_BAN=1
KILL=1
EMAIL_TO=”admins@foo.com”
BAN_PERIOD=600
you can also white-list and permanently unblock (never ban) IP addresses by listing them in /usr/local/ddos/ignore.ip.list file.

After installation and setting up the required parameter, run the following command: ddos -c , this will setup the cron job to run the "ddos" command (script) every minute.

Uninstalling DDoS-Deflate:
Uninstalling DDos-Deflate is very simple, open the terminal and type following commands:
wget http://www.inetbase.com/scripts/ddos/uninstall.ddos
chmod 0700 uninstall.ddos
./uninstall.ddos





1 comments:

Post a Comment

Related Posts with Thumbnails