linux poison RSS
linux poison Email

Bash Script - Protect your server from DDos (Distributed Denial of Service) Attack

What is DDos attack:
On the Internet, a distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.

DDoS-Deflate is a very simple but effective bash script which monitors the numbers of connection made by a particular ip address using 'netstat' command and if the number of connection from a single ip address reaches a particular limit (150 default) it will block that ip address using simple iptables rules for defined time period.

DDoS-Deflate Installation:
Open the terminal and type following command:
chmod 0700
After successful installation, you can find the DDoS-Deflate configuration file at: /usr/local/ddos/ddos.config
open this configuration file and adjust the parameter that suits your environment, in most of the case the default settings are good enough, the configuration parameter that you can set are ...
you can also white-list and permanently unblock (never ban) IP addresses by listing them in /usr/local/ddos/ignore.ip.list file.

After installation and setting up the required parameter, run the following command: ddos -c , this will setup the cron job to run the "ddos" command (script) every minute.

Uninstalling DDoS-Deflate:
Uninstalling DDos-Deflate is very simple, open the terminal and type following commands:
chmod 0700 uninstall.ddos


Anonymous said...

I love the idea!
The "ddos -c" came back with an error message. However it appears it is running every minute.
Can you suggest a way to test or confirm it is working?

Post a Comment

Related Posts with Thumbnails