1. You are currently either unregistered (not logged in), or a visitor. Unregistered and/or unverified accounts can only see the basic public forums. We invite you to sign up to our new Community Forums to help fill it with useful content that may help others.

Informational Protect Your Vps With (d)dos Deflate

Discussion in 'Teamspeak 3 NPL Servers' started by TJ Martin, Nov 20, 2013.

  1. TJ Martin

    TJ Martin Director of Operations WASD Hosting Staff Tier 3 Support

    Joined:
    Nov 6, 2013
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    2
    There are two types of DDoS attacks: a network-centric attack which overloads a service by using up bandwidth and an application-layer attack which overloads a service or database with application calls. The inundation of packets to the target causes a denial of service. While the media tends to focus on the target of a DDoS attack as the victim, in reality there are many victims in a DDoS attack -- the final target and as well the systems controlled by the intruder. Below we will show you how you can help protect your VPS from a network-centric attack. Keep in mind that this is not 100% full proof, but is a good start in protecting yourself from the smaller attacks.

    (D)DoS Deflate is a lightweight bash shell script designed to assist in the process of blocking a denial of service attack. It utilizes the command below to create a list of IP addresses connected to the server, along with their total number of connections. It is one of the simplest and easiest to install solutions at the software level.
    Code:
    netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
    IP addresses with over a pre-configured number of connections are automatically blocked in the server's firewall, which can be direct iptables or Advanced Policy Firewall (APF). (We highly recommend that you use APF on your server in general, but deflate will work without it.)

    Notable Features
    • It is possible to whitelist IP addresses, via /usr/local/ddos/ignore.ip.list.
    • Simple configuration file: /usr/local/ddos/ddos.conf
    • IP addresses are automatically unblocked after a preconfigured time limit (default: 600 seconds)
    • The script can run at a chosen frequency via the configuration file (default: 1 minute)
    • You can receive email alerts when IP addresses are blocked.
    Installation
    Code:
    wget http://www.inetbase.com/scripts/ddos/install.sh
chmod 0700 install.sh
./install.sh
    Uninstallation
    Code:
    wget http://www.inetbase.com/scripts/ddos/uninstall.ddos
chmod 0700 uninstall.ddos
./uninstall.ddos
    Questions?
    Although most things are explained on this page, if you have any further questions, you may contact the original developer of the script, Zaf.
    TJ Martin, Nov 20, 2013
    #1

Share This Page

Style
WASDHosting.com