Adblock breaks this site

Anti-DDoS

Discussion in 'Archives' started by ShameOnYou, Jan 7, 2009.

Thread Tools

Thread Tools

  • Thread ID:
  1. ShameOnYou

    ShameOnYou Guru
    $100 USD Donor

    Joined:
    Jan 22, 2007
    Posts:
    1,228
    Referrals:
    5
    Sythe Gold:
    9
    Discord Unique ID:
    135447835230470144
    Discord Username:
    blyatifulgopnik
    MushyMuncher
    Anti-DDoS
    I'm getting DDoSed, can someone make me a guide on an anti script and how to setup it?
     
    ShameOnYou, Jan 7, 2009
    #1
  2. Tezlin

    Tezlin Guru
    Banned

    Joined:
    Apr 9, 2008
    Posts:
    1,780
    Referrals:
    0
    Sythe Gold:
    0
    Anti-DDoS
    Preventing DoS attacks is infinitely easier than preventing DDoS's, since you're basically only blocking one IP.

    With a DDoS, you have to block tens, maybe even hundred or thousands of IP's.

    http://wiki.wegotserved.co.uk/Block_Certain_IP_Addresses_from_Accessing_Your_Website

    That site seems to give the information needed. Post here again if you need anymore help.

    That method seems to help against DoS attacks, but you may need to just sit out and twiddle your thumbs against a DDoS.
     
    Tezlin, Jan 11, 2009
    #2
  3. cp

    cp an cat
    Banned

    Joined:
    Jan 30, 2007
    Posts:
    3,278
    Referrals:
    6
    Sythe Gold:
    0
    Anti-DDoS
    To Tezlin:
    That guide is for IIS. If you're using IIS, then maybe you deserve to get DDoS'd.

    Do you have root access through ssh? If you do, look at Iptables.
    http://www.netadmintools.com/art216.html

    To find out which IP addresses you're dealing with, run "netstat -tcpn" as root, and see which IP addresses are appearing the most. If the person operating the botnet is any skilled, however, you won't see many IP addresses repeating.

    Code:
    iptables -A INPUT -s IPADDRESS -j DROP
    ^ run that if you see a single or small source of the attack.

    Code:
    #!/bin/bash
echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
echo 0 > /proc/sys/net/ipv4/tcp_sack
echo 1280 > /proc/sys/net/ipv4/tcp_max_syn_backlog
for z in /proc/sys/net/ipv4/conf/*/accept_source_route;
do
echo 0 > $z
done
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo "1" > /proc/sys/net/ipv4/conf/all/accept_redirects
echo "1" > /proc/sys/net/ipv4/conf/all/log_martians
echo "65535" > /proc/sys/net/ipv4/ip_conntrack_max
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD DROP
/sbin/iptables -F
/sbin/iptables -F INPUT
/sbin/iptables -F OUTPUT
/sbin/iptables -F FORWARD
/sbin/iptables -F -t mangle
/sbin/iptables -X
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -d 127.0.0.0/8 -j REJECT
/sbin/iptables -A INPUT -i eth0 -j ACCEPT
/sbin/iptables -A INPUT -m state --state INVALID -j DROP
/sbin/iptables -N syn-flood
/sbin/iptables -A syn-flood -m limit --limit 100/second --limit-burst 150 -j RETURN
/sbin/iptables -A syn-flood -j LOG --log-prefix "SYN flood: "
/sbin/iptables -A syn-flood -j DROP
    ^ Save that& run it as root, it should help you lower the effects by a lot.

    If it's Apache that's being targeted specifically, either switch to lighttpd, or install mod_evasive.
     
    cp, Jan 11, 2009
    #3
< [FREE] Usernames - check it out | [PAYPAL] Selling Level 34 >


 
 
Adblock breaks this site