C0nw0nk/Nginx-Lua-Anti-DDoS C0nw0nk/Nginx-Lua-Anti-DDoS

  • Stars
    star
    993
  • Rank 45,867 (Top 1.0 %)
  • Language
    Lua
  • License
    MIT License
  • Created about 5 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
C0nw0nk/Nginx-Lua-Anti-DDoS
github

C0nw0nk

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A Anti-DDoS script to protect Nginx web servers using Lua with a HTML Javascript based authentication puzzle inspired by Cloudflare I am under attack mode an Anti-DDoS authentication page protect yourself from every attack type All Layer 7 Attacks Mitigating Historic Attacks DoS DoS Implications DDoS All Brute Force Attacks Zero day exploits Social Engineering Rainbow Tables Password Cracking Tools Password Lists Dictionary Attacks Time Delay Any Hosting Provider Any CMS or Custom Website Unlimited Attempt Frequency Search Attacks HTTP Basic Authentication HTTP Digest Authentication HTML Form Based Authentication Mask Attacks Rule-Based Search Attacks Combinator Attacks Botnet Attacks Unauthorized IPs IP Whitelisting Bruter THC Hydra John the Ripper Brutus Ophcrack unauthorized logins Injection Broken Authentication and Session Management Sensitive Data Exposure XML External Entities (XXE) Broken Access Control Security Misconfiguration Cross-Site Scripting (XSS) Insecure Deserialization Using Components with Known Vulnerabilities Insufficient Logging & Monitoring Drupal WordPress Joomla Flash Magento PHP Plone WHMCS Atlassian Products malicious traffic Adult video script avs KVS Kernel Video Sharing Clip Bucket Tube sites Content Management Systems Social networks scripts backends proxy proxies PHP Python Porn sites xxx adult gaming networks servers sites forums vbulletin phpbb mybb smf simple machines forum xenforo web hosting video streaming buffering ldap upstream downstream download upload rtmp vod video over dl hls dash hds mss livestream drm mp4 mp3 swf css js html php python sex m3u zip rar archive compressed mitigation code source sourcecode chan 4chan 4chan.org 8chan.net 8ch 8ch.net infinite chan 8kun 8kun.net anonymous anon tor services .onion torproject.org nginx.org nginx.com openresty.org darknet dark net deepweb deep web darkweb dark web mirror vpn reddit reddit.com adobe flash hackthissite.org dreamhack hack hacked hacking hacker hackers hackerz hackz hacks code coding script scripting scripter source leaks leaked leaking cve vulnerability great firewall china america japan russia .gov government http1 http2 http3 quic q3 litespeedtech litespeed apache torrents torrent torrenting webtorrent bittorrent bitorrent bit-torrent cyberlocker cyberlockers cyber locker cyberbunker warez keygen key generator free irc internet relay chat peer-to-peer p2p cryptocurrency crypto bitcoin miner browser xmr monero coinhive coin hive coin-hive litecoin ethereum cpu cycles popads pop-ads advert advertisement networks banner ads protect ovh blazingfast.io amazon steampowered valve store.steampowered.com steamcommunity thepiratebay lulzsec antisec xhamster pornhub porn.com pornhub.com xhamster.com xvideos xvdideos.com xnxx xnxx.com popads popcash cpm ppc

Languages Top language File size

Cloudflare I am Under Attack Mode!

Nginx-Lua-Anti-DDoS

A Anti-DDoS script to protect Nginx web servers using Lua with a Javascript based authentication puzzle inspired by Cloudflare I am under attack mode I built my own Anti-DDoS authentication HTML page puzzle intergrating my Lua, Javascript, HTML and HTTP knowledge.

Mitigate a DDoS attack of any size using my free DDoS protection. Don't get ddos attacked!

If you're under attack and use my script during the attack, visitors will receive an interstitial page for about five seconds while I analyze the traffic to make sure it is a legitimate human visitor.

This can protect you from many different forms of DDoS works with both HTTP and HTTPS / SSL traffic.

No limit on attack size Uptime guarantee

Features :

These are some of the features I built into the script so far.

Security

I am Under Attack Mode (DDoS Authentication HTML Page)

IP Address Whitelist

IP Subnet Ranges Whitelist

IP Address Blacklist

IP Subnet Ranges Blacklist

User-Agent Whitelist

User-Agent Blacklist

Protected area / Restricted access field username / password box to restrict access to sites / paths.

WAF (Web Application Firewall)

IPv4 and IPv6 blocking and whitelisting including subnet ranges.

User-Agent blocking and whitelisting to block bad bots and exploits / scanners.

Ability to inspect POST Data / Fields and block malicious POST requests / exploits.

Ability to inspect URL for malicious content SQL/SQI Injections XSS attacks / exploits.

Ability to inspect query strings and arguements for malicious content / exploits.

Ability to inspect all Request Headers provided by the client connecting.

Ability to inspect cookies for exploits.

Caching Speed and Performance

Query String Sorting

Query String Whitelist

Query String Removal (It is a blacklist but it will just drop / remove the argument from the URL not block the request)

Minification / Compression of files removing white space and nulled out code / lines JS JavaScript, CSS Stylesheets, HTML etc

Customization of error pages responses and webpage outputs

Custom error page interception to replace with your own error pages

Hide Web application errors such as PHP errorrs MySQL errors it will intercept them and display a custom error page instead of showing visitors sensative information

Modify webpage outputs to replace contents on pages / files

Information :

If you have any bugs issues or problems just post a Issue request.

https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS/issues

If you fork or make any changes to improve this or fix problems please do make a pull request for the community who also use this.

https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS/pulls

Usage / Installation :

Edit settings inside anti_ddos_challenge.lua to cater for your own unique needs or improve my work. (Please share your soloutions and additions)

https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS/blob/master/lua/anti_ddos_challenge.lua#L55

Add this to your Nginx configuration folder.

nginx/conf/lua/

Once installed into your nginx/conf/ folder.

Add this to your HTTP block or it can be in a server or location block depending where you want this script to run for individual locations the entire server or every single website on the server.

access_by_lua_file anti_ddos_challenge.lua;

Example nginx.conf :

This will run for all websites on the nginx server

http {
#nginx config settings etc
access_by_lua_file anti_ddos_challenge.lua;
#more config settings and some server stuff
}

This will make it run for this website only

server {
#nginx config settings etc
access_by_lua_file anti_ddos_challenge.lua;
#more config settings and some server stuff
}

This will run in this location block only

location / {
#nginx config settings etc
access_by_lua_file anti_ddos_challenge.lua;
#more config settings and some server stuff
}

Other setup options

https://github.com/C0nw0nk/Nginx-Lua-Anti-DDoS/wiki

For setting up the script to run with Tor .onion services, Cloudflares proxy services, Configuration options of the script view the wiki.

Requirements :

NONE! :D You only need Nginx + Lua to use my scripts.

Where can you download Nginx + Lua ?

Openresty provide Nginx + Lua builds for Windows Linux etc here.

https://openresty.org/en/download.html

Nginx4windows has Windows specific builds with Lua here.

http://nginx-win.ecsds.eu/

Or you can download the source code for Nginx here and compile Nginx yourself with Lua.

https://nginx.org/en/download.html

About :

I was inspired to create this because of Cloudflare feature "I'm Under Attack Mode" https://www.cloudflare.com/

There are similar sites and services like BitMitigate but I prefer my own script over their methods.

If you're under attack and have this feature enabled during the attack, visitors will receive an interstitial page for about five seconds while we analyze the traffic to make sure it is a legitimate human visitor.

Advanced DDoS Attack Protection

Unmetered DDoS mitigation to maintain performance and availability

Denial of Service attacks continue to grow in sophistication and force: more distributed, greater volumes of traffic, and encroaching on the application layer.

A successful attack increases unnecessary costs on your infrastructure and IT/security staff. More importantly, it hurts your revenue, customer satisfaction, and brand.

To combat attacks and stay online, you’ll need a solution that’s resilient scalable, and intelligent.

Mitigate a DDoS attack of any size or duration, Don't get ddos attacked!

I love that feature so much ontop of having it enabled on all my Cloudflare proxied sites I decided to make it into a feature on my own servers so the traffic that hits my servers without coming from Cloudflares network is kept in check and authenticated! (Every little helps right!)

Thank you to @Cloudflare for the inspiration and your community for all the love, A big thanks to the @openresty community you guys rock Lua rocks you are all so awesome!

Lets build a better internet together! Where Speed, Privacy, Security and Compression matter!

Here are links to my favorite communities :)

http://openresty.org/en/

https://community.cloudflare.com/

Protected attack types :

All Layer 7 Attacks
Mitigating Historic Attacks
DoS
DoS Implications
DDoS
All Brute Force Attacks
Zero day exploits
Social Engineering
Rainbow Tables
Password Cracking Tools
Password Lists
Dictionary Attacks
Time Delay
Any Hosting Provider
Any CMS or Custom Website
Unlimited Attempt Frequency
Search Attacks
HTTP Basic Authentication
HTTP Digest Authentication
HTML Form Based Authentication
Mask Attacks
Rule-Based Search Attacks
Combinator Attacks
Botnet Attacks
Unauthorized IPs
IP Whitelisting
Bruter
THC Hydra
John the Ripper
Brutus
Ophcrack
unauthorized logins
Injection
Broken Authentication and Session Management
Sensitive Data Exposure
XML External Entities (XXE)
Broken Access Control
Security Misconfiguration
Cross-Site Scripting (XSS)
Insecure Deserialization
Using Components with Known Vulnerabilities
Insufficient Logging & Monitoring
And many others…

Features :

Advanced DDoS Attack Protection

My script gives you Unmetered DDoS mitigation to maintain performance and availability for free Denial of Service attacks continue to grow in sophistication and force: more distributed, greater volumes of traffic, and encroaching on the application layer. A successful attack increases unnecessary costs on your infrastructure and IT/security staff. More importantly, it hurts your revenue, customer satisfaction, and brand. To combat attacks and stay online, you’ll need a solution that’s resilient scalable, and intelligent.

Common Types of DDoS Attacks

Block Malicious Bot Abuse

Block abusive bots from damaging Internet properties through content scraping, fraudulent checkout, and account takeover.

Prevent Customer Data Breach

Prevent attackers from compromising sensitive customer data, such as user credentials, credit card information, and other personally identifiable information.

Layered Security Defense

layered security approach combines multiple DDoS mitigation capabilities into one service. It prevents disruptions caused by bad traffic, while allowing good traffic through, keeping websites, applications and APIs highly available and performant.

HTTP Flood (Layer 7)

HTTP flood attacks generate high volumes of HTTP, GET, or POST requests from multiple sources, targeting the application layer, causing service degradation or unavailability.

Defend against the largest attacks

Shared Network Intelligence / Collective Intelligence

With every new property, contributor and person using this script your help and contributions to this script makes everyones network safer. You are helping identify and block new and evolving threats across the entire internet back bone / infrastructure.

No Performance Tradeoffs

Eliminate security induced latencies by integrating my script with your servers. You do not need to rely on third party services like Cloudflare, BitMitigate, Sucuri or other such CDN Cloud distributed networks or companies anymore I have given you the tool for free.

Web Application Firewall

enterprise-class web application firewall (WAF) protects your Internet property from common vulnerabilities like SQL injection attacks, cross-site scripting, and cross-site forgery requests and protectects your existing infrastructure.

Rate Limiting

Control to block suspicious visitors

Rate Limiting protects against denial-of-service attacks, brute-force login attempts, and other types of abusive behavior targeting the application layer.

Rate Limiting provides the ability to configure thresholds, define responses, and gain valuable insights into specific URLs of websites, applications, or API endpoints. It adds granular HTTP/HTTPS traffic control. This also reduces bandwidth costs by eliminating unpredictable traffic spikes or attacks.

Protect any Web Application

This script can protect every web application ever built.

Drupal
WordPress
Joomla
Flash
Magento
PHP
Plone
WHMCS
Atlassian Products
Adult video script avs
KVS Kernel Video Sharing
Clip Bucket
Tube sites
Content Management Systems
Social networks
scripts
backends proxy proxies
PHP
Python
Porn sites xxx adult
gaming networks servers sites
forums
vbulletin
phpbb
mybb
smf simple machines forum
xenforo
web hosting
And many more...

Tor network / Project .onion :

You can also use this script to protect servers and sites on the Tor network preventing ddos on .onion links. It can help stop attacks on the deepweb / darkweb aswell as on the mainline internet for those who browse your site through the tor browser it makes sure they are legitimate users.

HTTP(S) / HTTP2 / HTTP3 / QUIC :

So with modern internet protocols yes this script does work with all of them! It can protect both encrypted and unencrypted connections and traffic served over TCP aswell as UDP the new method for HTTP3/QUIC connections.

Works with :

Nginx

Nginx + Lua

Openresty

Custom Nginx builds with Lua compiled

Litespeed / Litespeedtech as can be seen here https://openlitespeed.org/kb/openlitespeed-lua-module/ the reason this works with Litespeed Lua is because they use Openresty Lua builds on their server as can be understood here https://openlitespeed.org/kb/openlitespeed-lua-module/#Use

More Repositories

1

SteamCMD-AutoUpdate-Any-Gameserver

Windows SteamCMD to autoupdate and install any game server steam cmd settings configurable lots of useful features. This batch script will keep your game servers automaticly updated updating intervals announce the server is shutting down for updates etc all configurable.
Batchfile
135
star
2

CoinHive

A nice friendly simple and easly customizable GUI for coinhives javascript miner to embed onto websites so users of your site can interact with features of the miner on every single page this javascript miner is to help those who have problems with advertisements/advertising/ads popups banners mobile redirects malvertising/malware etc and provide a all around better cleaner web experience for everyone. coinhive.com
HTML
71
star
3

Garrys-Mod-Family-Sharing

Prevent players bypassing existing bans on Garrys Mod Servers via steam family sharing / shared accounts or buying a new GMod. Banned messages and banning lengths configurable with lots of extra useful custom features such as a ban tracker / tracking. This script is guaranteed to make players regret receiving a ban from your server in GarrysMod / GarryMod / Garry'sMod / Garry's Mod / G Mod / G-Mod familysharing alts / alternative are a thing of the past. familysharing / familyshared checks / checker / checked / checking. lua script addon addons
Lua
35
star
4

qBittorrent

qBittorrent Windows Automatic batch file command line script to check torrent for seeders if it has no seeders it will delete the torrent automatically .cmd .bat batch file command line cli cmd
Batchfile
21
star
5

Nginx-Lua-minification-library

A compression and minification library to minify static or dynamic assets like HTML PHP outputs CSS style sheets JS Javascript all text/html or plain text mime types that nginx can output that the browser will read so they are small compressed and have white space removed as well as helping reduce bandwidth consumption since the files served from nginx webserver are now smaller.
Lua
21
star
6

Nginx-Lua-Secure-Link-Anti-Hotlinking

My soloution to those who try to hotlink / steal or waste bandwidth from your sites and servers will also help with DoS / DDoS / Slowloris attacks it works the same as the secure_link module but i did it using entirely Lua generate and create secure link outputs using Nginx and Lua only modify web app outputs on the fly works with pseudo streaming url format ?md5= &expires= ngx exit error access status flood spam attacking defence proxies proxy proxying upstream ssl https google porn media static dynamic files videos downloads tubes hubs social networks salted hash sha1 sha256 secret key one way hashing distributed denial of service security securing bans banning banned blocked blocking blocks
19
star
7

Garrys-Mod-Fake-Players

Spoof / Spoofing / fake / faked / faking players counts on servers in Garrys Mod using bots lots of useful features to customize slots to be kept free / open and make the bots look like real players GMod / GarrysMod / Garry's Mod / Garry'sMod has allot of fake servers
Lua
17
star
8

Garrys-Mod-Anti-Cheat

Putting Anti back into Anti Cheat by blocking players cheating instead of just detecting what they do. Anti Bhop bunny hopping gmod lua garrysmod
Lua
12
star
9

ASN-BlackList

This ASN (autonomous system number) Blacklist is for bad hosters around the world who are operating networks of botnets, spamming tools, flooders, automated hacking and penetration testing, network scanning, servers used for DDoS, proxies, tor exit nodes, servers used for stress testing sites and more.
10
star
10

Garrys-Mod-Zombie-Survival

GMod / GarrysMod / Garry'sMod / Garry's Mod / Garrys Mod / G Mod / G-Mod Zombie Survival Scripts zombiesurvival zs fixes
Lua
7
star
11

PlexCleaner

PlexCleaner Utility to optimize media files for Direct Play in Plex, Emby, Jellyfin it will scan through the media server directory and automatically convert files to mkv for direct playback the reason this is a good idea is it saves your NAS or plex host effort having to transcode media when all media is direct play ready
Batchfile
3
star
12

Javascript-Block-Proxy

Simple method to block proxies using javascript
HTML
2
star
13

ExtractNow

Automatic ExtractNow script to monitor directory and extract file useful for transmission qbittorrent utorrent sonarr radarr lidarr auto unrar unzip gzip 7z .rar .7z .zip .gzip .iso .tar etc .cmd .bat batch file command line cmd script
Batchfile
2
star
14

DisableForcedSubtitles

Batchfile
1
star
15

Blacklisted-Crypto-Addresses

Blacklisted crypto addresses for rug pulls honey pots slow rugs scams etc
1
star
16

PlexCleaner-AV1

AV1 Encode your entire plex/emby library it will save you disk space!
Batchfile
1
star
17

TV-Season-Ordering

Easily mass rename and order tv series in a folder.
Batchfile
1
star
18

Windows-BatchFile-FFMPEG-Compiler

Windows BatchFile FFMPEG Compiler automatic easy to use and modify
Batchfile
1
star
19

youtube-dl-concurrent

Youtube-dl youtube downloader Windows to run multiple concurrent parallel video downloads simultaneously batch file cmd .bat .cmd windows automatic
Batchfile
1
star
20

Cloudflare-my-ip

A script to update a DNS record with eithe rlocalhost or public internet facing IP address just like Afraid.org would provide. DDNS Dynamic DNS update modify record api windows shell command line batch file .bat .cmd
Batchfile
1
star
21

Selenium

Batch file selenium fast portable no dependencies i have built it to be very automated for tasks phantomjs selenium chromium google chrome geckodrive firefox msedgedriver microsoft edge iedriverserver internet explorer sonarr radarr lidarr transmission qbittorrent utorrent bittorrent localhost networking vivaldi brave chrome firefox tor opera edge
Batchfile
1
star