release A Powerful Tool for Mitigating DDoS Attacks

[100%]

DDoS Deflate is a modified version of the previously available DDoS Deflate found at the now-defunct

This is the hidden content, please

• Sign In
• or
• Sign Up

. This updated fork comes with a range of fixes, enhancements, and new features that improve its performance.

Maintainer: Jefferson González ([email protected])

DDoS Deflate is a lightweight bash script designed to help thwart denial-of-service attacks. Utilizing the following command, it generates a list of IP addresses connected to your server, along with the number of connections attributed to each:

This is the hidden content, please

• Sign In
• or
• Sign Up

IPs exceeding a predefined connection limit are automatically blocked via the server's firewall, which can be any of the following: ipfw, iptables, or the Advanced Policy Firewall (APF).

Key Features

• Supports IPv6.
• Allows IP addresses to be whitelisted through /etc/ddos/ignore.ip.list.
• Hostnames can also be whitelisted via /etc/ddos/ignore.host.list.
• Supports IP ranges and CIDR notation in /etc/ddos/ignore.ip.list.
• Simple configuration settings found in /etc/ddos/ddos.conf.
• Automatic unblocking of IPs after a specified time (default: 600 seconds).
• The script can be scheduled as a cron job at a set interval (default: 1 minute).
• It can operate as a daemon with a configurable frequency (default: 5 seconds).
• Receive email notifications when IP addresses are blocked.
• Control over blocking based on connection state.
• Automatic firewall detection.
• Compatibility with APF, CSF, ipfw, and iptables.
• Event logging to /var/log/ddos.log.
• Block incoming connections or apply specific port rules.
• Option to limit data transfer rates for IPs reaching specified thresholds using iftop and tc.
• Utilizes tcpkill to minimize the number of processes spawned by attackers.
• Offers Cloudflare support with real user IP acquisition via tcpdump and connection dropping through iptables string matching.

Dependencies

The installation script attempts to automatically install any required dependencies; however, it might not succeed in all cases. It's advisable to manually ensure you have the following packages based on your Linux distribution.

For Ubuntu/Debian:

This is the hidden content, please

• Sign In
• or
• Sign Up

Installation

To install DDoS Deflate, execute the following commands as a root user:

This is the hidden content, please

• Sign In
• or
• Sign Up

Uninstallation

To remove DDoS Deflate, run the following commands as a root user:

This is the hidden content, please

• Sign In
• or
• Sign Up

Usage

The installer will automatically detect if your system supports init.d scripts, systemd services, or cron jobs. Upon detection, it will install the appropriate files and initiate the DDoS script. If using init.d or systemd, the script runs as a daemon with a default monitoring interval of 5 seconds, allowing quicker attack detection compared to the 1-minute delay of cron jobs.

After installation, customize the configuration files as needed:

/etc/ddos/ignore.host.list

Add hostnames to whitelist, such as:

googlebot.com
my-dynamic-ip.somehost.com
    

/etc/ddos/ignore.ip.list

Whitelist specific IPs, such as:

12.43.63.13
165.123.34.43-165.123.34.100
192.168.1.0/24
129.134.131.2
    

/etc/ddos/ddos.conf

Adjust script behavior through this configuration file. For detailed options, consult man ddos.

After modifying configuration files, remember to restart the daemon:

• For systemd:

• systemctl restart ddos
      

• For init.d:

• /etc/init.d/ddos restart
  # or
  service ddos restart
      

No restart is necessary when running the script as a cron job.

Command-Line Interface Usage

ddos [OPTIONS] [N]
    

• N: Number of TCP/UDP connections (default: 150).
• OPTIONS:
  • -h | --help: Displays the help screen.
  • -c | --cron: Set up a cron job for regular script execution (default: 1 minute).
  • -i | --ignore-list: List whitelisted IP addresses.
  • -b | --bans-list: List currently banned IP addresses.
  • -u | --unban: Unban a specified IP address.
  • -d | --start: Initiate a daemon to monitor connections.
  • -s | --stop: Halt the daemon.
  • -t | --status: Show the current status of the daemon and its PID if running.
  • -v[4|6] | --view [4|6]: Display active connections to the server.
  • -y[4|6] | --view-port [4|6]: Display active server connections including port details.
  • -k | --kill: Block all IPs exceeding N connections.

Conclusion

DDoS Deflate is a straightforward yet effective solution for safeguarding your server against denial-of-service attacks. Its ease of setup and robust feature set make it an ideal choice for users seeking reliable DDoS mitigation. Try DDoS Deflate today to enhance your server's security!

 

This is the hidden content, please

• Sign In
• or
• Sign Up

This is the hidden content, please

• Sign In
• or
• Sign Up

This is the hidden content, please

• Sign In
• or
• Sign Up

This is the hidden content, please

• Sign In
• or
• Sign Up

This is the hidden content, please

• Sign In
• or
• Sign Up

Author

Zaf, Jefferson González, Marc S. Brooks