Saturday, June 18, 2011

Anti DDOS dengan DDOS-Deflate

Pada saat server terasa berat ada kemungkinan anda terkena serangan DDOS. klo masih sempet kebuka sih masih bisa banned ip yang melakukan bad request ke server kita .. kita bisa cek dengan perintah :

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

DDOS-Deflate di mana tools ini akan membantu anda dalam pengamanan dari serangan DDOS.

download toolnya disini http://www.inetbase.com/scripts/ddos/install.sh
tentunya melalui root console

setelah di download kita ubah chmod nya dulu agar dapat di esekusi
#chmod 0700 install.sh
./install.sh

setelah terinstall di edit file-file configurasi sesuai kehendak..

Untuk whitelist IP
vim /usr/local/ddos/ignore.ip.list

Untuk konfigurasi utamanya ada di
vim /usr/local/ddos/ddos.conf

kira - kira seperti ini defaultnya

##### Paths of the script and other files
PROGDIR="/usr/local/ddos"
PROG="/usr/local/ddos/ddos.sh"
IGNORE_IP_LIST="/usr/local/ddos/ignore.ip.list"
CRON="/etc/cron.d/ddos.cron"
APF="/etc/apf/apf"
IPT="/sbin/iptables"

##### frequency in minutes for running the script
##### Caution: Every time this setting is changed, run the script with --cron
##### option so that the new frequency takes effect
FREQ=1

##### How many connections define a bad IP? Indicate that below.
NO_OF_CONNECTIONS=150

##### APF_BAN=1 (Make sure your APF version is atleast 0.96)
##### APF_BAN=0 (Uses iptables for banning ips instead of APF)
APF_BAN=1

##### KILL=0 (Bad IPs are'nt banned, good for interactive execution of script)
##### KILL=1 (Recommended setting)
KILL=1

##### An email is sent to the following address when an IP is banned.
##### Blank would suppress sending of mails
EMAIL_TO="root"

##### Number of seconds the banned ip should remain in blacklist.
BAN_PERIOD=600
Share:

0 comments:

Post a Comment

Followers

Total Pageviews

Definition List

Unordered List

Support