• Stars
    star
    723
  • Rank 62,657 (Top 2 %)
  • Language
    Shell
  • License
    Other
  • Created almost 10 years ago
  • Updated about 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Fork of DDoS Deflate with fixes, improvements and new features.

DDoS Deflate

Fork of DDoS Deflate on now inexistent http://deflate.medialayer.com/ (MediaLayer went out of business) with fixes, improvements and new features.

Original Author: Zaf [email protected] (Copyright (C) 2005)

Maintainer: Jefferson González [email protected]

Contributor (BSD support): Marc S. Brooks [email protected]

About

(D)DoS Deflate is a lightweight bash shell script designed to assist in the process of blocking a denial of service attack. It utilizes the command below to create a list of IP addresses connected to the server, along with their total number of connections. It is one of the simplest and easiest to install solutions at the software level.

ss -Hntu | awk '{print $6}' | sort | uniq -c | sort -nr

IP addresses with over a pre-configured number of connections are automatically blocked in the server's firewall, which can be direct ipfw, iptables, or Advanced Policy Firewall (APF).

Notable Features

  • IPv6 support.
  • It is possible to whitelist IP addresses, via /etc/ddos/ignore.ip.list.
  • It is possible to whitelist hostnames, via /etc/ddos/ignore.host.list.
  • IP ranges and CIDR syntax is supported on /etc/ddos/ignore.ip.list
  • Simple configuration file: /etc/ddos/ddos.conf
  • IP addresses are automatically unblocked after a preconfigured time limit (default: 600 seconds)
  • The script can run as a cron job at chosen frequency via the configuration file (default: 1 minute)
  • The script can run as a daemon at chosen frequency via the configuration file (default: 5 seconds)
  • You can receive email alerts when IP addresses are blocked.
  • Control blocking by connection state (see man ss or man nestat).
  • Auto-detection of firewall.
  • Support for APF, CSF, ipfw, and iptables.
  • Logs events to /var/log/ddos.log
  • Can ban only incoming connections or by specific port rules.
  • Option to reduce transfer speed for IP addresses that reach certain limit using iftop and tc.
  • Uses tcpkill to reduce the amount of processes opened by attackers.
  • Cloudflare support by using tcpdump to get the real user ip and using iptables string matching to drop connections.

Dependencies

The installation script has some support to automatically install the required dependencies but, it may fail to install some or all of them. You may want to manually install the required dependencies before proceeding to installation as listed below on the subsection of your linux distro.

Ubuntu/Debian

sudo apt install dnsutils
sudo apt-get install net-tools
sudo apt-get install tcpdump
sudo apt-get install dsniff -y
sudo apt install grepcidr

Installation

As root user execute the following commands:

wget https://github.com/jgmdev/ddos-deflate/archive/master.zip -O ddos.zip
unzip ddos.zip
cd ddos-deflate-master
./install.sh

Uninstallation

As root user execute the following commands:

cd ddos-deflate-master
./uninstall.sh

Usage

The installer will automatically detect if your system supports init.d scripts, systemd services or cron jobs. If one of them is found it will install apropiate files and start the ddos script. In the case of init.d and systemd the ddos script is started as a daemon, which monitoring interval is set at 5 seconds by default. The daemon is much faster detecting attacks than the cron job since cron's are capped at 1 minute intervals.

Once you hava (D)Dos deflate installed proceed to modify the config files to fit your needs.

/etc/ddos/ignore.host.list

On this file you can add a list of host names to be whitelisted, for example:

googlebot.com
my-dynamic-ip.somehost.com

/etc/ddos/ignore.ip.list

On this file you can add a list of ip addresses to be whitelisted, for example:

12.43.63.13
165.123.34.43-165.123.34.100
192.168.1.0/24
129.134.131.2

/etc/ddos/ddos.conf

The behaviour of the ddos script is modified by this configuration file. For more details see man ddos which has documentation of the different configuration options.

After you modify the config files you will need to restart the daemon. If running on systemd:

systemctl restart ddos

If running as classical init.d script:

/etc/init.d/ddos restart
or
service ddos restart

When running the script as a cronjob no restarting is required.

CLI Usage

ddos [OPTIONS] [N]

N : number of tcp/udp connections (default 150)

OPTIONS

-h | --help:

Show the help screen.

-c | --cron:

Create cron job to run the script regularly (default 1 mins).

-i | --ignore-list:

List whitelisted ip addresses.

-b | --bans-list:

List currently banned ip addresses.

-u | --unban:

Unbans a given ip address.

-d | --start:

Initialize a daemon to monitor connections.

-s | --stop:

Stop the daemon.

-t | --status:

Show status of daemon and pid if currently running.

-v[4|6] | --view [4|6]:

Display active connections to the server.

-y[4|6] | --view-port [4|6]:

Display active connections to the server including the port.

-k | --kill:

Block all ip addresses making more than N connections.

More Repositories

1

wl-color-picker

A wayland color picker that also works on wlroots
Shell
76
star
2

phar-gui

A graphical user interface to work with PHP Phar files.
PHP
24
star
3

watchsys

Bash shell script for basic system monitoring and prevention.
Shell
23
star
4

lessram

Pure PHP implementation of array data structures that use less memory.
PHP
20
star
5

alarm-raspi-config

Stripped down version of raspi-config for ArchLinux ARM
Shell
14
star
6

stopspam

Anti-spam system that uses text ip databases from various sources to block spammers at firewall level.
Shell
8
star
7

php-webkitgtk

A php extension that wraps the webkitgtk library.
C
7
star
8

rgb2cmyk

Linux GUI to facilitate conversion of an image from RGB to CMYK colorspace
C++
5
star
9

fossilize

A small php script to manage fossil repositories hosted on a web server.
PHP
5
star
10

infocus

Automatic activity time tracker application.
PHP
5
star
11

deficiencias

Aplicación web con interfaz movil para reportar hoyos en la carretera.
PHP
4
star
12

phoxygen

Some tryout to document php internals using doxygen.
C
3
star
13

dev-php-ext

Temporary repo to create a small manual that explains how to develop a PHP extension.
3
star
14

lite-xl-fontseek

A crossplatform font searching and loading plugin.
Lua
2
star
15

mailnagtray

A tray icon applet for mail monitoring using Mailnag and written on QT
C++
2
star
16

sidemenu

A simple jquery plugin to dynamically display a side menu on left or right.
JavaScript
1
star
17

lite-xl-net

TCP and UDP sockets support for Lite XL using SDL2_net
C
1
star
18

lite-xl-threads

Lite XL plugin that adds the missing threading functionality
C
1
star
19

lite-xl-encoding

Encoding auto-detection and conversion support for Lite XL
C
1
star
20

bluecontrol

A Puente showcase application to control color temperatures using xrandr.
PHP
1
star
21

ttf2eot

Copy of http://code.google.com/p/ttf2eot/ into github with small include fix
C
1
star