Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


[Help] Detect IP and block DDOS - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

[Help] Detect IP and block DDOS

2»

Comments

  • MunMun Member

    @ez2uk said:
    Monster looks nice...

    Mun ... Is there a chance that the dotdeb would add this to the extras

    I wouldn't know. PM dotdeb on twitter and ask.

  • messaged.. will update if they reply

  • Dotdeb nginx has ngx_http_limit_req_module.

    Add something like this to your http part:

    limit_req_zone $binary_remote_addr zone=limit:50m rate=5r/s;

    Then go to your site in sites-available and add this to one or all of the locations:

    limit_req zone=limit burst=5 nodelay;

    Thanked by 2thuvienvps kkrajk
  • Why not install DDoS Deflate to do this automatically for you? It blocks connections that exceed 150 by default, but you can adjust that in its config file. Here's how to install it:

    wget http://www.inetbase.com/scripts/ddos/install.sh
    chmod +x install.sh
    sh install.sh
    

    The configuration file is at: /usr/local/ddos/ddos.conf

    To see how many connections by which IP, run: ddos

    The root directory for the project is: http://www.inetbase.com/scripts/ddos/

    It contains the uninstall and install files as well as many others

  • @Verelox said:
    Why not install DDoS Deflate to do this automatically for you? It blocks connections that exceed 150 by default, but you can adjust that in its config file. Here's how to install it:

    > wget http://www.inetbase.com/scripts/ddos/install.sh
    > chmod +x install.sh
    > sh install.sh
    > 

    The configuration file is at: /usr/local/ddos/ddos.conf

    To see how many connections by which IP, run: ddos

    The root directory for the project is: http://www.inetbase.com/scripts/ddos/

    It contains the uninstall and install files as well as many others

    Many thanks for your help! It seems DDoS Deflate cant protect my site.
    Does anyone what what type of DDOS? Is it HTTP Flood?
    Access log here: http://pastebin.com/yrmVQiSA

  • linuxthefishlinuxthefish Member
    edited October 2014

    Try something like this to block HTTP 1.0 from browsers that should be using http 1.1.

    if ($server_protocol ~* "HTTP/1.0") {
    if ($http_user_agent ~* "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) ) {
    return 444;
    }
    }

    If that does not work you could just block all HTTP 1.0 requests.

    if ($server_protocol ~* "HTTP/1.0") {
    return 444;
    }

    Please don't tell me off for using if in nginx, I'm a lighttpd fan!

    Thanked by 1thuvienvps
This discussion has been closed.