Quite popular and the most common is the SYN Flood attack, sending a large number of requests to a web server. This type of attack creates a large number of connections to the web server, which leads to a denial of service if the bots’ IP addresses are not blocked in time. Installation and configuration is carried out on the CentOS 7 operating system. The original program is located at https://github.com/jgmdev/ddos-deflate.
1. We need to download and install ddos deflate
wget https://github.com/jgmdev/ddos-deflate/archive/master.zip -O ddos.zip
unzip ddos.zip
cd ddos-deflate-master
./install.sh
2. Setup
/etc/ddos/ignore.host.list
/etc/ddos/ignore.ip.list
/etc/ddos/ddos.conf
In the file ignore.ip.list you must enter the IP addresses that are assigned to the server. Next in the configuration file we change the settings to our own:
/etc/ddos/ddos.conf
NO_OF_CONNECTIONS=390
ONLY_INCOMING=false
ENABLE_PORTS=false
EMAIL_TO="user@domain.tld"
BAN_PERIOD=5400
Please note the value NO_OF_CONNECTIONS=390 should be less than what you set in the firewall restrictions. Enter your email and start the service.
service ddos start
Check that the service is running with the command
ps aux | grep ddos
We also recommend adding it to cron in case the service ends.
*/5 * * * * nice -n -5 /usr/local/ddos/ddos.sh -d >> /dev/null 2>&1
In case of freezing, we recommend adding it to the load monitoring script as a command
service ddos restart
3. Using the CLI
ddos [OPTIONS] [N]
OPTIONS
-h | --help:
Shows the help window.
-c | --cron:
Add the script to cron (by default every 1 minute).
-i | --ignore-list:
IP whitelist
-b | --bans-list:
Show currently blocked addresses.
-u | --unban:
Unblock a specific IP address.
-d | --start:
Run as a service in the background.
-s | --stop:
Stop the service.
-t | --status:
Show the status of the service and its pid if running.
-v[4|6] | --view [4|6]:
Show active connections.
-y[4|6] | --view-port [4|6]:
Show active connections including port.
-k | --kill:
Block all IP addresses that have more than N connections.