I have been using DDoS Deflate, which is a simple script that will automatically help you against DoS attacks on your server. Basically it works by killing any HTTPD processes/banning IPs that reach more than set number of TCP connections.
It’s a great script since it’s free, simple, and works well against DoS attacks. Yes, forget paying that extra hundred dollars to your server company, who’s going to probably install this script anyways.
The real gem of the DDoS Deflate script lies in configuration. Depending on how you configure the DDoS script, you can protect yourself in number of different ways.
To install, simply follow these directions on your SSH command prompt in the linux server:
wget http://www.inetbase.com/scripts/ddos/install.sh chmod 0700 install.sh ./install.sh
After installing, go to the directory /usr/local/ddos, where the configuration files are.
If you open up ddos.conf file using your favorite editor, you can edit the following settings for getting the most out of the script:
This is the number of connections before your server kills/bans that IP address for a set amount of time. I think 150 works well but if you are suddenly getting attacked from smart hackers with many, many IPs, you could probably adjust this to a very low number.
You can adjust the BAN_PERIOD setting to set amount of time to ban that IP since you don’t want to ban the IP permanently, there could be other innocent visitors sharing the same IP.
You can first use the default settings in the beginning and play around a bit.
The script will also e-mail you under the default domain name firstname.lastname@example.org whenever an IP reaches beyond the maximum number of allowed connections. Make sure you set the e-mail correctly so you receive those alerts if you want them by editing the EMAIL_TO variable in the ddos.conf.
Using More than 1 server?
For example, you can also “whitelist” IP addresses that might be connected to your server such as your MySQL server by editing the file ignore.ip.list file under the same directory. By the way, I’ve accidently forgot to whitelist my MySQL server before and my website started showing “Database Connection Error”, don’t let that happen to you.
Well, that’s about it, this script is pretty good against DoS flooding so you don’t have to be manually messing with your iptables or whatnot. I install this script on everyone of my VPS/dedicated servers and you should too just in case some hacker decided to flood you with garbage.