Shell script blocking DDoS attacks. Simplified fork of (D)DoS Deflate.
Not maintained since 2016.
sudo -i
cd /tmp
wget -q -O - https://raw.githubusercontent.com/Amet13/ddos-deflate/master/install.sh | bash
Setup config for example:
vim /usr/local/ddos-deflate/ddos-deflate.conf
NO_OF_CONNECTIONS=500
EMAIL_TO="mail@example.com"
BAN_PERIOD=60
CUSTOM_PORTS=":80|:443:|:53|:21"
ENABLE_LOG=YES
Add your ignore IP's to ignore list:
vim /usr/local/ddos-deflate/ignoreip.list
127.0.0.1
192.168.0.1
1.1.1.1
2.2.2.2
Check:
bash /usr/local/ddos-deflate/ddos-deflate.sh
724 127.0.0.1
214 2.2.2.2
59 3.3.3.3
...
Run ab from another computer:
user@192.168.0.100 ~ $ ab -n 200000 -c 100 http://server-ip/
Check new IPTables rules on server:
iptables -t raw -L PREROUTING
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DROP all -- 192.168.0.100 anywhere
Check logs:
tail -1 /var/log/ddos-deflate.log
26/12/2015 [17:50:00] -- 192.168.0.100 blocked on 60 seconds
Check your inbox:
Subject: IP addresses banned on 26/12/2015 [17:50:02]
Banned the following IP addresses on 26/12/2015 [17:50:02]
From: hostname.tld (192.168.0.13)
192.168.0.100 with 4183 connections blocked on 60 seconds
sudo -i
cd /tmp
wget -q -O - https://raw.githubusercontent.com/Amet13/ddos-deflate/master/uninstall.sh | bash