Activity Stream
48,167 MEMBERS
61241 ONLINE
besthostingforums On YouTube Subscribe to our Newsletter besthostingforums On Twitter besthostingforums On Facebook besthostingforums On facebook groups

Page 1 of 3 123 LastLast
Results 1 to 10 of 22
  1.     
    #1
    Member
    Website's:
    awfuck.it

    Default Block DoS/DDoS attacks using IPTables in SSH

    Alright. For starts, 1 to 14 connections is a basic connection for most users. 15 to 29 is asking for it but with the whole firefox max.connections tweat, users put 20 or 25 to load pages faster, which really makes the site slower on a small server. So, 1 to 29 connections you can keep unless you know it's a DoS/DDoS attack.

    Alrighty. Before you being, you must login your SSH. Personally, I use terminal via Ubuntu. Login styles may vary upon the tool you are using whether it's a third-party SSH client such as Putty, cPanel, HyperVM, etc.

    Alright, once logged in, put in the following command:
    Code: 
    netstat -atun | awk '{print $5}' | cut -d: -f1 | sed -e '/^$/d' |sort | uniq -c | sort -n
    You should get a whole list with a number infront of an ipaddress.

    Example list:
    1 1.3.3.7
    4 69.0.0.69
    13 55.55.55.55
    88 41.99.0.0

    The 1 1.3.3.7 means, 1 connection, ip: 1.3.3.7
    Same goes for the rest, number connections, then IP address.

    Please note: It will only show connections within the last minute I believe. Not within the past few minutes. But most attackers attack for as long as possible so you can hopefully catch them.

    You see the 88 connections on 41.99.0.0 so that would be our attacker.
    Now, to ban the IP, type in the following command into SSH

    Code: 
    iptables -A INPUT -s 41.99.0.0 -j DROP
    Obviously, replace 41.99.0.0 with whatever IP Address is that attack.

    Now, I'd suggest you save the this into iptables by doing the following command:
    Code: 
    service iptables save
    and then restart the iptables service:
    Code: 
    service iptables restart
    =================================
    What if you ban the wrong IP?

    You can unban an IP by logging into your SSH. Now, let's say we banned 41.99.0.0 on accident.

    Type in the following 2 commands in SSH (one, submit, then the other).
    Code: 
    iptables -D INPUT -p all -s 41.99.0.0 -j DROP
    Code: 
    iptables -D OUTPUT -p all -s 41.99.0.0 -j DROP
    Of course, replace 41.99.0.0 with the IP you want to unban.

    Then again, save and restart the iptables service with the 2 commands below:
    Code: 
    service iptables save
    Code: 
    service iptables restart
    =============================

    I hope this helps anyone that would need this to stop DoS/DDoS attacks the easy way.

    =============================
    =============================
    EDIT: I forgot to add how to ban by port.

    To ban an IP by a specific port number, like for instance, you don't want to let 41.99.0.0 on port 80 (by default it's http then put in the following command:
    Code: 
    iptables -A INPUT -p tcp -s 41.99.0.0 --dport 80 -j DROP
    Of course, replace 41.99.0.0 with the IP you want blocked.

    Save and restart service.

    To unban, it's the same way as the unban method above.

    To ban on a different port, replace 80 with the port number.
    DXS Reviewed by DXS on . Block DoS/DDoS attacks using IPTables in SSH Alright. For starts, 1 to 14 connections is a basic connection for most users. 15 to 29 is asking for it but with the whole firefox max.connections tweat, users put 20 or 25 to load pages faster, which really makes the site slower on a small server. So, 1 to 29 connections you can keep unless you know it's a DoS/DDoS attack. Alrighty. Before you being, you must login your SSH. Personally, I use terminal via Ubuntu. Login styles may vary upon the tool you are using whether it's a third-party Rating: 5
    "People that walk, need to learn how to sound like a book from the age of movies that has routers, then you can change the wall color, if you truly believe in food."
    - el_jentel1 (Link to quote)
    I love esotorisk and st0ne <3
    http://www.formspring.me/iamgodhimself - Ask me anything!

  2.   Sponsored Links

  3.     
    #2
    Member
    nice share
    Not Allowed

  4.     
    #3
    Member
    Website's:
    ttrtt.com
    thanks

    The message you have entered is too short. Please lengthen your message to at least 8 characters.

  5.     
    #4
    Member
    You can just install ddosdeflate to do it for you

    PHP Code: 
    wget http://www.inetbase.com/scripts/ddos/install.sh
    chmod 0700 install.sh
    ./install.sh 

  6.     
    #5
    mmm mmm!
    thanks for sharing
    HATERS GONNA probably bring up some valid points considering I am an ignorant little twat so far up my own ass that i blame my problems on everyone and if you criticize me you're automatically wrong.

  7.     
    #6
    Member
    Website's:
    awfuck.it
    I forgot how to add the ban by port. Added at the end of the post.

    And thanks everyone for the replies.
    "People that walk, need to learn how to sound like a book from the age of movies that has routers, then you can change the wall color, if you truly believe in food."
    - el_jentel1 (Link to quote)
    I love esotorisk and st0ne <3
    http://www.formspring.me/iamgodhimself - Ask me anything!

  8.     
    #7
    Member
    Website's:
    CodeSociety.net
    nice post



  9.     
    #8
    Member
    Website's:
    awfuck.it
    Thanks.
    "People that walk, need to learn how to sound like a book from the age of movies that has routers, then you can change the wall color, if you truly believe in food."
    - el_jentel1 (Link to quote)
    I love esotorisk and st0ne <3
    http://www.formspring.me/iamgodhimself - Ask me anything!

  10.     
    #9
    Member
    Nice share.

    Works preety well. You can also add all those ips on the cpanel csf if you have it installed.

    Thanks & regards


  11.     
    #10
    Member
    Very helpful, thanks.

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Block ddos ip ? iptables dont works ?
    By devNULL in forum Technical and Security Tutorials
    Replies: 0
    Last Post: 3rd Apr 2012, 08:27 AM
  2. Howto Block common DDOS Attacks
    By robert420 in forum Tutorials and Guides
    Replies: 0
    Last Post: 14th Oct 2010, 06:34 PM
  3. What else can one do [to block attacks]
    By Zombie in forum Webmaster Discussion
    Replies: 0
    Last Post: 13th Mar 2009, 02:52 PM
  4. DDoS Attacks - Need help!
    By Saurav in forum Technical Help Desk Support
    Replies: 19
    Last Post: 24th Jan 2009, 08:56 PM

Tags for this Thread

BE SOCIAL