Hello, friends. In this post, you will learn how to install DDoS Deflate to evade DoS attacks on your system. This simple tool can help save your server.
According to the GitHub profile of the project:
(D)DoS Deflate is a lightweight bash shell script designed to assist in the process of blocking a denial of service attack. It uses the command below to create a list of IP addresses connected to the server, along with their total number of connections.
Some features are:
- Pv6 support.
- It is possible to whitelist IP addresses, via /etc/ddos/ignore.ip.list.
- It is possible to whitelist hostnames, via /etc/ddos/ignore.host.list.
- IP ranges and CIDR syntax is supported on /etc/ddos/ignore.ip.list.
- Simple configuration file: /etc/ddos/ddos.conf
- IP addresses are automatically unblocked after a preconfig
DDoS Deflate is one of the easiest software solutions to install on a system. So, there is no cost to try it.
One thing is that if you want DDoS to ban IP addresses automatically, you have to install APF. However, it is perfectly usable without this component.
Let’s go for it.
Install DDoS Deflate on Linux
As it is a bash script, it is easy to install. First open a terminal and run as root user this command to download it:
wget https://github.com/jgmdev/ddos-deflate/archive/master.zip -O ddos.zipThen, unzip it:
unzip ddos.zipNavigate to the folder that has been generated:
cd ddos-deflate-masterAnd proceed to install it:
./install.sh
It is said in the GitHub profile of the tool that the script is prepared to download the necessary dependencies. However, it may fail and you can also install them manually.
Using DDoS Deflate
The first thing you need to do is to take a look at the /etc/ddos/ignore.host.list file, which is where the hosts you want the program to ignore will be located. It is like an allow list.
nano /etc/ddos/ignore.host.listAnd add the ones you want
website.com
website2.comSave the changes and close the editor.
Another important file is /etc/ddos/ignore.ip.list which, as its name indicates, sets the IP addresses that the program will consider safe.
nano /etc/ddos/ignore.ip.listAnd add the ones you want
12.34.56.78
18.19.203.22Similarly, save the changes and close the file.
However, the most essential file is /etc/ddos/ddos/ddos.conf which is where the program configuration resides.
The first thing you have to do is to correct the paths so that all the configuration is correct.
# Paths of the script and other files
PROGDIR="/usr/local/ddos"
SBINDIR="/usr/local/sbin"
PROG="$PROGDIR/ddos.sh"
IGNORE_IP_LIST="ignore.ip.list"
IGNORE_HOST_LIST="ignore.host.list"
CRON="/etc/cron.d/ddos"
APF="/usr/sbin/apf"
CSF="/usr/sbin/csf"
IPF="/sbin/ipfw"
IPT="/sbin/iptables" IPT="/sbin/iptables"
IPT6="/sbin/ip6tables"
TC="/sbin/tc"
You can also define the frequency in seconds that it will run as a daemon. Furthermore, a critical option is to define how many connections an IP will be considered as malicious.
NO_OF_CONNECTIONS=150You can define a ban time
BAN_PERIOD=600And set a bandwidth control
BANDWIDTH_CONTROL=falseThe file is very well documented, so you should have no problem reading and understanding it.
Save the changes and close the text editor and to apply the changes you can restart the service
systemctl restart ddosAnd check if it is running properly
systemctl status ddos
● ddos.service - (D)Dos Deflate
Loaded: loaded (/lib/systemd/system/ddos.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2023-02-18 18:04:01 UTC; 7s ago
Process: 62146 ExecStart=/usr/local/sbin/ddos --start (code=exited, status=0/SUCCESS)
Main PID: 62175 (ddos.sh)
Tasks: 2 (limit: 2258)
Memory: 560.0K
CPU: 113ms
CGroup: /system.slice/ddos.service
├─62175 /bin/sh /usr/local/ddos/ddos.sh -l
└─62258 sleep 5
Feb 18 18:04:01 unixcop systemd[1]: Starting (D)Dos Deflate...
Feb 18 18:04:01 unixcop ddos[62147]: starting ddos daemon...
Feb 18 18:04:01 unixcop systemd[1]: Started (D)Dos Deflate.So, you are done.
Conclusion
Occasionally, the simplest applications are the ones that can get us out of a real trouble. In this case, DDoS Deflate is a simple application that increases server security with simple techniques.
