The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DDOS Defence (i use this, and you?)

Discussion in 'General Discussion' started by Arsenico, Jan 26, 2007.

  1. Arsenico

    Arsenico Member

    Apr 27, 2006
    Likes Received:
    Trophy Points:
    i was getting attack with DDOS. Trying to flood all my ports so the services get flooded.

    i found a little solution now. and how all my questions was in here, i want to give something too.

    a lot of people know how to protect his servers, but a lot of people dont.

    1º apache protection:
    I use mod_evasive to stop the HTTP DDOS.
    and now im using mod_security

    2º Change the SSH port to another (if the SSH get flooded you will never can login also you prevent the Brute Force)

    Edit: /etc/ssh/sshd_config
    and change the port.

    3º Good rules (in this case im using FREEBSD with ipfw):

    ipfw add allow tcp from any to any dst-port PORT in limit src-addr LIMIT

    Using it, you will can limit the number of connections per ip. so u put a rule per command.

    add the rules for the limit inside:

    Now for Linux:
    i was using on my ex dedicated server:
    APF ( )
    and a ddos protection: (this will ban ip address when they get more than X connections, you can set the max connections)

    This is too easy to install, if not... on DA forum you have the information

    i never found a way to ban ips when they GET more than X connections on FREEBSD (the script doesnt exists). but i made it on PHP, (cant be used with cron, and i think is bettor, because if not, you can ban normal users) if u need it, send me a PM.

    Ok. for IPFW and APF i do not put more because those FIREWALLS are very ease to configurate. but this is a way..

    maybe you can give more solutions, so togethers we can fight with people who has nothing to do, and they attacks ours servers.

    and i know its not much, but anyways you will always need an script who bans the ip address.

    I made with this

    #ROOT: pico


    netstat -na | awk '{print $5}' | cut -d. -f1-4 | sort -n | uniq -c | sort -n

    save and exit

    #ROOT: chmod 777

    Then when you put ./ (it will return
    Connections IP )

    So you will know what ips are flooding you.

    I made it, because if not you have to type or copy past the same command once and once when you get attack.

    Best Regards
    #1 Arsenico, Jan 26, 2007
    Last edited: Jan 27, 2007

Share This Page