(D)DoS Deflate is a lightweight bash shell script designed to assist in the process of blocking a denial of service attack. DDoS Deflate utilizes the command below to create a list of IP addresses connected to the server. It Calculates the total number of connections per IP. It is one of the simplest and easiest to install solutions at the software level. However, when you install DDoS Deflate in Linux it is not foolproof.
First2Host can help to protect you against DDoS attacks by hosting your IPtables firewall rules on our routers. This means we can block the DDoS traffic before it enters our network. Managed Firewall rules can be used on any Linux NVMe VPS or High Availability NVMe VPS.
However, you can use the below command on your server to see what IPs are currently connected to your server and how many connections each IP has.
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nCustomers who use a First2Host Dedicated Server or NVMe VPS server should not need to use DDoS Deflate. We will automatically detect any type of DDoS attack and filter the attack traffic out before it reaches your server. Whilst you could still use DDoS Deflate we can filter out 200TB of DDoS traffic making this program redundant.
Install DDoS Deflate On Linux Servers
So, issue the below commands as the root user or a user that has root privileges to install DDos deflate;
wget http://www.inetbase.com/scripts/ddos/install.sh
chmod 0700 install.sh
./install.shSo, IP addresses over a pre-configured number of connections are automatically blocked in the server’s firewall.
These can be iptables or CSF. (We highly recommend that you use CSF on your server in general, but deflate will work without it. See how to install CSF)
DDoS Deflate Whitelist
It is possible to whitelist IP addresses, via /usr/local/ddos/ignore.ip.list. You can edit this file and place IPs in the white list with the following command
nano /usr/local/ddos/ignore.ip.listDDoS Deflate Configuration
The configuration file has all the options you need to tweak the software to your own needs. You shouldn’t need to touch this file but you can lower the connections each IP can have to the server inside this file.
We advise placing this at 50. Anything lower and people uploading using FTP might get blacklisted. IP addresses are automatically unblocked after a pre-configured time limit (default: 600 seconds) To edit the file;
nano /usr/local/ddos/ddos.confUninstall DDOS Deflate
To remove the software copy the line below into the console like you did to install.
wget http://www.inetbase.com/scripts/ddos/uninstall.ddos
chmod 0700 uninstall.ddos
/uninstall.ddos
