A DoS (Distributed Denial of Service) attack basically makes numerous connections to the server, making the server overloaded.
You can check with the command below which and how many IP addresses are connected to the server:
netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n
If there are more than 100 connections coming from the same IP, it is probably a DDoS attack, so it is recommended that this IP be blocked. (D)DoS Deflate does it for you.
How to install (D)DoS Deflate?
Use the following commands:
- wget http://www.inetbase.com/scripts/ddos/install.sh
- chmod 0700 install.sh
- ./install.sh
OBS:
- You can add IPs to the whitelist: /usr/local/ddos/ignore.ip.list.
- Configuration file: /usr/local/ddos/ddos.conf
- Blocked IP addresses are automatically unblocked after the pre-configured value of 600 seconds.
- The script runs at 1-minute intervals by default.
- You can set up notifications in your email about IP blocks.
How to uninstall (D)DoS Deflate?
- wget http://www.inetbase.com/scripts/ddos/uninstall.ddos
- chmod 0700 uninstall.ddos
- ./uninstall.ddos
- Tags:
- ddos
