Hello, friends. In this post, you will learn how to install DDoS Deflate to evade DoS attacks on your system. This simple tool can help save your server.
According to the GitHub profile of the project:
(D)DoS Deflate is a lightweight bash shell script designed to assist in the process of blocking a denial of service attack. It uses the command below to create a list of IP addresses connected to the server, along with their total number of connections.
Some features are:
- Pv6 support.
- It is possible to whitelist IP addresses, via /etc/ddos/ignore.ip.list.
- It is possible to whitelist hostnames, via /etc/ddos/ignore.host.list.
- IP ranges and CIDR syntax is supported on /etc/ddos/ignore.ip.list.
- Simple configuration file: /etc/ddos/ddos.conf
- IP addresses are automatically unblocked after a preconfig
DDoS Deflate is one of the easiest software solutions to install on a system. So, there is no cost to try it.
One thing is that if you want DDoS to ban IP addresses automatically, you have to install APF. However, it is perfectly usable without this component.
Let’s go for it.
Install DDoS Deflate on Linux
As it is a bash script, it is easy to install. First open a terminal and run as root user this command to download it:
wget https://github.com/jgmdev/ddos-deflate/archive/master.zip -O ddos.zip
Then, unzip it:
Navigate to the folder that has been generated:
And proceed to install it:
It is said in the GitHub profile of the tool that the script is prepared to download the necessary dependencies. However, it may fail and you can also install them manually.
Using DDoS Deflate
The first thing you need to do is to take a look at the
/etc/ddos/ignore.host.list file, which is where the hosts you want the program to ignore will be located. It is like an allow list.
And add the ones you want
Save the changes and close the editor.
Another important file is
/etc/ddos/ignore.ip.list which, as its name indicates, sets the IP addresses that the program will consider safe.
And add the ones you want
Similarly, save the changes and close the file.
However, the most essential file is
/etc/ddos/ddos/ddos.conf which is where the program configuration resides.
The first thing you have to do is to correct the paths so that all the configuration is correct.
# Paths of the script and other files PROGDIR="/usr/local/ddos" SBINDIR="/usr/local/sbin" PROG="$PROGDIR/ddos.sh" IGNORE_IP_LIST="ignore.ip.list" IGNORE_HOST_LIST="ignore.host.list" CRON="/etc/cron.d/ddos" APF="/usr/sbin/apf" CSF="/usr/sbin/csf" IPF="/sbin/ipfw" IPT="/sbin/iptables" IPT="/sbin/iptables" IPT6="/sbin/ip6tables" TC="/sbin/tc"
You can also define the frequency in seconds that it will run as a daemon. Furthermore, a critical option is to define how many connections an IP will be considered as malicious.
You can define a ban time
And set a bandwidth control
The file is very well documented, so you should have no problem reading and understanding it.
Save the changes and close the text editor and to apply the changes you can restart the service
systemctl restart ddos
And check if it is running properly
systemctl status ddos ● ddos.service - (D)Dos Deflate Loaded: loaded (/lib/systemd/system/ddos.service; enabled; vendor preset: enabled) Active: active (running) since Sat 2023-02-18 18:04:01 UTC; 7s ago Process: 62146 ExecStart=/usr/local/sbin/ddos --start (code=exited, status=0/SUCCESS) Main PID: 62175 (ddos.sh) Tasks: 2 (limit: 2258) Memory: 560.0K CPU: 113ms CGroup: /system.slice/ddos.service ├─62175 /bin/sh /usr/local/ddos/ddos.sh -l └─62258 sleep 5 Feb 18 18:04:01 unixcop systemd: Starting (D)Dos Deflate... Feb 18 18:04:01 unixcop ddos: starting ddos daemon... Feb 18 18:04:01 unixcop systemd: Started (D)Dos Deflate.
So, you are done.
Occasionally, the simplest applications are the ones that can get us out of a real trouble. In this case, DDoS Deflate is a simple application that increases server security with simple techniques.