Results 1 to 10 of 22
-
10th Aug 2010, 07:25 PM #1OPMemberWebsite's:
awfuck.itBlock DoS/DDoS attacks using IPTables in SSH
Alright. For starts, 1 to 14 connections is a basic connection for most users. 15 to 29 is asking for it but with the whole firefox max.connections tweat, users put 20 or 25 to load pages faster, which really makes the site slower on a small server. So, 1 to 29 connections you can keep unless you know it's a DoS/DDoS attack.
Alrighty. Before you being, you must login your SSH. Personally, I use terminal via Ubuntu. Login styles may vary upon the tool you are using whether it's a third-party SSH client such as Putty, cPanel, HyperVM, etc.
Alright, once logged in, put in the following command:
Code:netstat -atun | awk '{print $5}' | cut -d: -f1 | sed -e '/^$/d' |sort | uniq -c | sort -n
Example list:
1 1.3.3.7
4 69.0.0.69
13 55.55.55.55
88 41.99.0.0
The 1 1.3.3.7 means, 1 connection, ip: 1.3.3.7
Same goes for the rest, number connections, then IP address.
Please note: It will only show connections within the last minute I believe. Not within the past few minutes. But most attackers attack for as long as possible so you can hopefully catch them.
You see the 88 connections on 41.99.0.0 so that would be our attacker.
Now, to ban the IP, type in the following command into SSH
Code:iptables -A INPUT -s 41.99.0.0 -j DROP
Now, I'd suggest you save the this into iptables by doing the following command:
Code:service iptables save
Code:service iptables restart
What if you ban the wrong IP?
You can unban an IP by logging into your SSH. Now, let's say we banned 41.99.0.0 on accident.
Type in the following 2 commands in SSH (one, submit, then the other).
Code:iptables -D INPUT -p all -s 41.99.0.0 -j DROP
Code:iptables -D OUTPUT -p all -s 41.99.0.0 -j DROP
Then again, save and restart the iptables service with the 2 commands below:
Code:service iptables save
Code:service iptables restart
I hope this helps anyone that would need this to stop DoS/DDoS attacks the easy way.
=============================
=============================
EDIT: I forgot to add how to ban by port.
To ban an IP by a specific port number, like for instance, you don't want to let 41.99.0.0 on port 80 (by default it's http then put in the following command:
Code:iptables -A INPUT -p tcp -s 41.99.0.0 --dport 80 -j DROP
Save and restart service.
To unban, it's the same way as the unban method above.
To ban on a different port, replace 80 with the port number.DXS Reviewed by DXS on . Block DoS/DDoS attacks using IPTables in SSH Alright. For starts, 1 to 14 connections is a basic connection for most users. 15 to 29 is asking for it but with the whole firefox max.connections tweat, users put 20 or 25 to load pages faster, which really makes the site slower on a small server. So, 1 to 29 connections you can keep unless you know it's a DoS/DDoS attack. Alrighty. Before you being, you must login your SSH. Personally, I use terminal via Ubuntu. Login styles may vary upon the tool you are using whether it's a third-party Rating: 5"People that walk, need to learn how to sound like a book from the age of movies that has routers, then you can change the wall color, if you truly believe in food."
- el_jentel1 (Link to quote)I love esotorisk and st0ne <3
http://www.formspring.me/iamgodhimself - Ask me anything!
-
10th Aug 2010, 07:27 PM #2Member
nice share
Not Allowed
-
10th Aug 2010, 07:33 PM #3MemberWebsite's:
ttrtt.comthanks
The message you have entered is too short. Please lengthen your message to at least 8 characters.
-
10th Aug 2010, 07:39 PM #4Member
You can just install ddosdeflate to do it for you
PHP Code:wget http://www.inetbase.com/scripts/ddos/install.sh
chmod 0700 install.sh
./install.sh
-
10th Aug 2010, 07:40 PM #5mmm mmm!
thanks for sharing
HATERS GONNA probably bring up some valid points considering I am an ignorant little twat so far up my own ass that i blame my problems on everyone and if you criticize me you're automatically wrong.
-
10th Aug 2010, 07:43 PM #6OPMemberWebsite's:
awfuck.itI forgot how to add the ban by port. Added at the end of the post.
And thanks everyone for the replies."People that walk, need to learn how to sound like a book from the age of movies that has routers, then you can change the wall color, if you truly believe in food."
- el_jentel1 (Link to quote)I love esotorisk and st0ne <3
http://www.formspring.me/iamgodhimself - Ask me anything!
-
10th Aug 2010, 07:51 PM #7MemberWebsite's:
CodeSociety.netnice post
-
10th Aug 2010, 08:23 PM #8OPMemberWebsite's:
awfuck.itThanks.
"People that walk, need to learn how to sound like a book from the age of movies that has routers, then you can change the wall color, if you truly believe in food."
- el_jentel1 (Link to quote)I love esotorisk and st0ne <3
http://www.formspring.me/iamgodhimself - Ask me anything!
-
10th Aug 2010, 08:34 PM #9Member
Nice share.
Works preety well. You can also add all those ips on the cpanel csf if you have it installed.
Thanks & regards
-
10th Aug 2010, 10:44 PM #10Member
Very helpful, thanks.
Sponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
Block ddos ip ? iptables dont works ?
By devNULL in forum Technical and Security TutorialsReplies: 0Last Post: 3rd Apr 2012, 08:27 AM -
Howto Block common DDOS Attacks
By robert420 in forum Tutorials and GuidesReplies: 0Last Post: 14th Oct 2010, 06:34 PM -
What else can one do [to block attacks]
By Zombie in forum Webmaster DiscussionReplies: 0Last Post: 13th Mar 2009, 02:52 PM -
DDoS Attacks - Need help!
By Saurav in forum Technical Help Desk SupportReplies: 19Last Post: 24th Jan 2009, 08:56 PM
themaCreator - create posts from...
Version 3.24 released. Open older version (or...