Tuesday, 26 April 2011

Preventing DDOS Attacks Simple Methods

To prevent DDos attacks you should install some kind of third party programs. There are other programs that can Defend against DDOS Attacks such Dos_Deflate that their method is to count the number of total connections of each ip address and preventing them from accessing your server in specific ammount of time.

DOS_Defalte Can Help you protect your Server from DDos Attacks

Dos_Deflate is a shell program that can ban the ips that have reached the specific amount of connections you specified and also they will be banned until the time you have specified in the configuration of Dos_deflate shell program.

Dos_Deflate Installation Guide:

To install first ssh to your server, download it to your server

wget http://www.inetbase.com/scripts/ddos/install.sh

then run this by

sh install.sh

cd /usr/local/ddos/;./ddos.sh

sh /usr/local/ddos/ddos.sh [/cc]

then you can edit the config by

nano /usr/local/ddos/ddos.conf

Dos_Deflate Configration Guide:
Email Notifier

you can configure dos_defalte to email you and make you notified of whicdh ips have been banned or had more connection than limit that you specified.just go down and assign an email infront of the equal sign in quotation.

EMAIL_TO=”your_email@domain.com”

Frequncy Check

you can configure to test ip connections how much in miniute.let say if you had it configured 5 then by dividing 60 to 5 this means that dos_defalte will be ran every 12 seconds.have this variable configured with between 3 to 5 times per minute that is the best configration.

FREQ=5

Specify the number of maximum connection of each ip address
you can specify how many connections will define a bad ip address to be blocked fro myuor server.it depends on your apache timeout and other ports such as ftp that is a connection hungry.I recommend you configure dos_defalte to test only prot 80 that is mostly subject to DDOS attacks and provide between 100 to 200 connections.all the value you would define is mostly depends on your other configration factors of your server.

NO_OF_CONNECTIONS=

APF Ban Variable in Dos_Deflate
If you have APF installd change this value to 1,otherwise to have iptables to drop ips assign this variable the 0 value

APF_BAN=0

Killor Not,Test Mode or Active mode
you can configure to bann those suspicous ips or not, this will help you to have dos_deflate in testing mode for debuging purpuoses .to have it enabled to ban ip addresses have it 1,otherwise change it to 0

KILL=1

Define How much time bad ipaddress to be banned with dos_deflate
with this option you can define the time that an ip addresss that has beenknown as bad ip address to be banned from accessign to the server.Ideal times are between 300 to 1200 miniute period.

BAN_PERIOD=700

1 comment:

Bob Dos said...

Great informative post, thanks so much for sharing your thoughts on this... visit once at http://ddoscube.com/

Post a Comment