(D)DoS-Deflate

AndyII

Verified User
Joined
Oct 3, 2006
Messages
566
while doing a lot of searching, and learning along the way, I came across this little script.
looking into different ways and approaches to help protect a server, and reading posts here in this forum, there seems to be several ways of doing things, like restarting Apache when a load reaches a set point. It would seem that all these troubles are related to someone using too many connection bringing Apache to a halt, so I would like some input on this script, to me is seems a good route to go.
I am including the config file for easy viewing, opposed to issuing a kill and then restart apache this says you can only have X connections per IP open and if exceeded, the offending IP gets a temporary ban
What is (D)DoS Deflate?
(D)DoS Deflate is a shell script developed by Zaf, originally for use on MediaLayer servers to assist in combating denial of service attacks. However, it was seen to be very effective for our purpose, and therefore was released as a contribution to the web hosting community. (D)DoS Deflate is now used by not only many web hosts, but by many people who run their own servers looking for additional security in dealing with such attacks.
links here
http://deflate.medialayer.com/old/
http://blog.medialayer.com/projects-ddos-deflate/
config file
##### Paths of the script and other files
PROGDIR="/usr/local/ddos"
PROG="/usr/local/ddos/ddos.sh"
IGNORE_IP_LIST="/usr/local/ddos/ignore.ip.list"
CRON="/etc/cron.d/ddos.cron"
APF="/etc/apf/apf"
IPT="/sbin/iptables"

##### frequency in minutes for running the script
##### Caution: Every time this setting is changed, run the script with --cron
##### option so that the new frequency takes effect
FREQ=1

##### How many connections define a bad IP? Indicate that below.
NO_OF_CONNECTIONS=150

##### APF_BAN=1 (Make sure your APF version is atleast 0.96)
##### APF_BAN=0 (Uses iptables for banning ips instead of APF)
APF_BAN=1

##### KILL=0 (Bad IPs are'nt banned, good for interactive execution of script)
##### KILL=1 (Recommended setting)
KILL=1

##### An email is sent to the following address when an IP is banned.
##### Blank would suppress sending of mails
EMAIL_TO="root"

##### Number of seconds the banned ip should remain in blacklist.
BAN_PERIOD=600
some questions to me are, what is the best settings,
is 150 connections an average "safe" area?
is 1 minute checks to frequent? (-server resources--)
using iptables opposed to APF better?
 
Last edited:
Back
Top