Run Dos Deflate :: Anti DDOS
Jul 9, 2009
it seems people tell Dos Deflate is the best basic antiddos script and tons of webhosts use it.
I think its ratter old and it doesnt work for anything these days. Why do hosts still run it? And why isnt there a better alternative?
I used Deflate some years ago and I got problems. And tried then after some years again and nothing changed, the same basic old script which counts connections and ban IPs.
The think with Deflate is that if you have a high limit, lets say ban with 150 connections per IPs, its absolutely worthless for attacks, since you are letting already 150 connections per IP.
And if you lower it at least me got with tons of problems banning real visitors. Even over 150 I had complaints about real visitors on a server telling the server blocks him. Dont ask me how someone has 150 connections to a servers but I got complaints from multiples people over the world the 1 month i had it running over a 2 years ago.
I also see a really big problem with it. Allot of ISP share IPs between users. So its really possible you get 200 connections from the same IP and they are different users. Banning an IP based on the connections you can probably shutdown a full IPS and their visitors. I wish there was a better solution but using a high value like 300 or 500 doesnt make sense in a Dos attack. And if you use a low value you start to get into problems.
We agree it will not work with distributed attacks but I dont think it can even work with single attacks since besides connection count it doesnt seem to be any more analisys behaviour.
The way I would make a script like that. Is to check all traffic and IPS all the time. And mark IPs that always access a server ass good ones. The newer the IP the more suspicious. On a attack this way real visitors would still pass but attackers will not as they are new ips. You can also match then the number of times its connecting, how long, etc.
View 2 Replies
ADVERTISEMENT
Oct 24, 2009
i opened up my email only to get spamming with over 600 email's from my server. I dont think my server is being DDOS'd but this is strange. And there seems to be a bug.. its saying BANNED NUMBER of Number and not, "ip here with X numbers f connections: The emails consist of:
Quote:
Banned the following ip addresses on Fri Oct 23 14:35:01 CDT 2009
250 with 250 connections
Quote:
Banned the following ip addresses on Fri Oct 23 12:58:01 CDT 2009
363 with 363 connections
Quote:
Banned the following ip addresses on Fri Oct 23 12:38:01 CDT 2009
253 with 253 connections
Quote:
Banned the following ip addresses on Fri Oct 23 09:12:01 CDT 2009
162 with 162 connections
Anyone else had this problem before? It seems my server is trying to ban itself since 162 is what i believe to be my server ip with that amount of connections. It started @ 9am and still going on now. I checked my CSF log and its showing my server is trying to PING some outside ip address @ 224.0.0.251
View 4 Replies
View Related
Jan 17, 2008
A couple of days ago I was having load issues and and my host looked at my issue and added apf 0.9.6 rev2 with ddos deflate, and the load has gone down. I have a question though, when APF_BAN=1 and ban period is minutes BAN_PERIOD=1800 why does my deny.hosts have 2 day old bans?
View 2 Replies
View Related
Feb 28, 2008
Just wondering if anyone is running both of these applications. Am I wrong in thinking that running them both would be redundant?
View 11 Replies
View Related
May 12, 2009
I'm having a problem with mails on my server. I configured csf and ddos deflate to send a mail to "root" when some ip is blocked. I made .forward in /root dir with my mail but I still don't recieve an email when an ip is blocked by csf or ddos deflate
P.S Mails with webmail clients are working fine
View 1 Replies
View Related
Aug 1, 2008
I found this ddos deflate like script but made and optimized for csf i used it and it seems to work great, any one else there useing it,? its called csfprotect, anyone else using this script and its working good at blocking ips,
View 4 Replies
View Related
Aug 4, 2009
i have problem when using ddos deflate for ddos protection in my server,
i get this message,
Quote:
Banned the following ip addresses on Tue Aug 4 13:12:37 WIT 2009
67.21.44.60 with 4011 connections
ddos deflate is blocking my server ip, what's wrong?
: 67.21.44.60 not real my server ip just for sample
View 8 Replies
View Related
May 26, 2008
I use deflate to prevent ddos attack.
But after I start deflate, I still keep seeing a lot of connection from certain IP.
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
87 218.86.252.158
363 219.150.191.62
501 60.216.238.212
I want to block those IPs permanently.
How can I do that.
View 7 Replies
View Related
Mar 6, 2008
I am using DDOS Deflate
[url]
I have a problem with NO_OF_CONNECTIONS.
The default is 150
For example, if a website has 200 thumbnails in one page, then the user will get banned.
But in my case, each time a user have only 1 connection(He only access 1 flv file each time).
So, is that safe for me to decrease the number to 20.
I can see a lot of IP having more than 80 connections, which I think they are ddos attack.
View 1 Replies
View Related
Jun 12, 2007
One of my potential client is getting DDOS occassionally. According to the DCs-PCCW and Singtel, the attacks come from China mainly and the DDOS used up all the available bandwidth.
I have asked many DC in Hong Kong. Most of them said they will only null route their IPs and wait the DDOS gone. It seems that none of the DC in HK offer any sort of Anti-DDOS solution.
My client don't want their site completely offline every time they got attacked. So, could any professional suggest what we can do?
What I am thinking of is:
1. Getting 2 connection from different bandwidth providers
2. Using Geo DNS: [url]
Then, I can separate all China users by forcing them to use 1 connection. Will this work? Is there any potential problem here?
Also, I am also thinking of using BGP. Will that make us partially visible as well?
View 0 Replies
View Related
Mar 8, 2008
Can you recommend any anti DDOS provider that can help My servers are being attacked by low bandwidth, botnet attack.
View 14 Replies
View Related
Nov 3, 2008
Best Dedicated Hosting for Anti DDOS - Please Help!
Our website has been coming under attack for the last 6 months. Usually every weekend for 3 days. We are currently hosting at ThePlanet and they do nothing more than turn on Cysco Guard which blocks the bad traffic and the good traffic as well. They don't do anything on their level to block the ddos attack.
I contacted the guys at ProxyShield and they want $1244 a month to route the traffic for us. That's a bit high for someone with a small business not making more than $500 a week online. EDIT: Just got back in touch with them and the $1244 is only for 20mb if you need 100mb it's $2400! that's just insane for a small business.
My question to you guys is who can host us or what services can I use to get rid of these ddos attacks? The Planet has horrible support and I'm not sure where to go or look. Unless we sit at the computer and block every inbound attack all day we simply can't beat it.
Any suggestions?? Currently they are sending SYN_FLOODs in the amount of 93MBit/s and our hosting only includes 100MBit/s, so you can guess how difficult it is to maintain reach ability.
View 10 Replies
View Related
Apr 10, 2009
I am trying to purchase either a anti-ddos or firewall machine. My main objective is to prevent from ddos attack.
Do i purchase a anti-ddos hardware (please recommend), or firewall hardware (please recommend)?
anti-ddos and firewall is the same right? is about ip analyse and filter right?
After using the ddoss/firewall , i may also want to subscribe to those third party doss prevention which has big bandwidth, if i have a good hardware anti-ddos/firewall already, do i still need to have subscribe to these services?
View 12 Replies
View Related
Jan 29, 2008
how can i know the list of IP that is block by APF and anti-dos?
View 2 Replies
View Related
Jun 3, 2008
i would like to have reliable web host who can provide
1- anti ddos
2- fully managed dedicated server
3- server location - traffic mostly come from asia regions for 60% and usa for 25% - pls suggest the best location
4- bandwidth req 2500 gb
5- hard space - 1000 gb
6- daily backup req
7 - cost ?
View 11 Replies
View Related
May 27, 2013
It is possible to have anti-virus and anti-spam enabled by default when we go to "CREATE E-MAIL ADRESS" -> "SPAM FILTER" / "ANTI-VIRUS" is always disabled.
View 13 Replies
View Related
Feb 7, 2007
Seems like I'm having considerable problems with APF's antidos feature. I keep getting legit users banned from my site, and don't know how to stop it (other than disabling antidos altogether, but I guess there should be another way).
I've already set:
TRIG="100"
SF_TRIG="100"
...in the antidos configuration file but I'm still seeing more and more legit IPs getting added to ad.rules. I've read that raising or lowering LN="100" is the other tweak I should try, but there simply is no such value defined in my conf.antidos file.
Another thing I noticed that, although I only got two notification mails telling me about "attackers" blocked by antidos, there are roughly 40 entries in ad.rules. As a matter of fact, I don't understand what antidos is doing there in the first place. Seems like iptables doesn't log to var/log/messages anyway, at least not on my machine - so where is antidos getting those ips from?
View 2 Replies
View Related
Jun 5, 2007
I have a few questions regarding (D)Dos Deflate:
How many " Connections " should I set it at before (D)Dos Deflate starts blacklisting and banning IP Addresses? It is set at 150. Should I make it 10?
Should APF Firewall be installed for this to be more effecfive? ( Note, I'm don't know much about Linux and this isn't installed. )
Number of seconds the banned ip should remain in blacklist? It is a at 600 by default. Shouldn't this be infinite?
Quote:
##### frequency in minutes for running the script
##### Caution: Every time this setting is changed, run the script with --cron
##### option so that the new frequency takes effect
FREQ=1
View 9 Replies
View Related
Oct 11, 2009
1-i have CSF installed and thinking to install DOS-Deflate 0.6 but not sure if any Conflect between CSF and DOS-Deflate 0.6. Any Idea..
2- How Safe to use Kloxo for one Domain for personal use ..
View 7 Replies
View Related
Jul 21, 2007
I made a thread about this in programming as I was trying to figure it out but I ended up tweaking dos deflate a lil and got it working. Tried and tested as well during low bandwidth syn flood. Keep in mind if you are having massive syn attacks then most of it will have to be filtered on the network level. I have filtering from staminus on my server, this is just for the low bandwidth stuff that gets through.
Syn-deflate is just a name I came up with as it is based on dos-deflate, only a few changed features. I dont know how medialayer would feel about me modifying their script this way I know they got lisence and copywrite on it. Guess I will talk to them about that before any official release.
especially about the csf version.
So I always have used some dos deflate features to monitor dos in my servers, just the netstat command. This one:
Code:
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
Today, got a syn flood coming through, low bandwidth, etc. Each ip connecting under the tracking limit for csf. So I tweaked the netstat command a lil bit and I was able to see what ips were sending syn and how many times.
Like this:
Code:
netstat -ntu | grep SYN_RECV | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr
So I figured it would be very handy to ban ips sending over so many SYN_RECV connections at once. So I took dos deflate and tweaked it a lil. Made this to work with csf. Only problem on csf is there is no unban command, only whitelist so I just had it do csf -d again on the unban command, This would give an error and would not unban the ip but you really dont need to unban it so soon.
With apf it works perfectly on unbanning. Works just like dos deflate but bans syn flooders not connection flooders. You could even use this along with dos deflate. I am using it along side of csf and the connection tracking feature no problem.
I plan on releasing some what of an official version too along with some other tools to monitor and stop dos. So whoever is interested or can offer some advice let me know.
For those who wanna give it a try:
For the CSF version:
To install:
Code:
wget[url]
To uninstall
Code:
wget [url]
For the Apf and Generic Iptables version:
To install
Code:
wget [url]
To uninstall
Code:
wget [url]
uninstall.synd ; ./uninstall.synd
I didnt get to try the apf version out much but have used the csf version all day with no issues
Note to makers of dos-deflate: Im not too keen on all this licensing stuff or what I am supposed to do when I modify someone else script so let me know what I need to do to keep from making anyone mad.
View 6 Replies
View Related
Feb 5, 2015
Whatever i try to modify configuration there is no way i can get file delivered by apache or NGINX to be deflate/gzip compressed.
OS: Debian 7.7
Plesk version: 12.0.18 Update #33
I've tried to add these lines to Nginx (Vhost directives) but it change nothing :
# Gzip Settings
gzip on;
gzip_buffers 16 8k;
gzip_comp_level 4;
gzip_http_version 1.1;
gzip_min_length 1100;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/x-javascr$ application/xml application/xhtml+xml application/xml+rss;
gzip_vary on;
gzip_static on;
gzip_proxied any;
gzip_disable "MSIE [1-6].";
I also tried to disable Nginx and configure deflate in apache with following lines (Vhost directives then in a file in apache2/conf.d) but it is the same ...
<IfModule mod_deflate.c>
# Force deflate for mangled headers developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping/
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)s*,?s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
[code]....
View 5 Replies
View Related
Aug 19, 2012
I have been trying to enable server-wide compression using deflate.My server is running a fresh install of plesk panel 11 installed over a fresh centos 6 64. The configs and settings (aside from files I mention) have not been changed at all from default.
I have created a new file in /etc/httpf/conf.d/deflate.conf This file is being included when Apache is restarted, so that's definitely working and the html doc compresses. But not matter what I do (I have tried every combination Google would find) css and js files will not compress. At my previous workplace we also used a Plesk server and nobody could ever get compression working there either.
View 4 Replies
View Related
Nov 7, 2008
it's come under my attention that dragonara.net has been ddosing me today since morning from the ip:
194.8.75.229
What's so ironic about it is that the ip is from a UK DDOS protection site so i'm expecting some email with their services in the next hour or so. Stay clear of them they are fakes and e-terrorists.
View 14 Replies
View Related
Apr 13, 2009
We have 2 servers, one running Windows 2003 Enterprise that hosts a ColdFusion app, and one running Windows 2003 Standard that hosts our SQL database that is used by the CF app. Nothing else runs on them.
Does anyone have any suggestions for anti-virus products that we could use on these? I don't want one of those elaborate and expensive "suite" programs. I just need to protect the boxes.
I use Kaspersky on our individual machines, and I really don't care much for Norton anymore.
View 5 Replies
View Related
Sep 30, 2009
Over the past number of years there has been an obvious increase in credit card fraud and identity theft.
Our policies have always tried to stay a step ahead but it seems no matter what is done the occasional fraudster manages to squeeze through, costing us a lot of money. At one some point in early 2009, it got as bad as 60% of the orders we received. It ended up eating a LOT of our time just to go through each order and verify them as best we could.
What methods do you use to fight fraud?
I'll start with some of the things we do.
- Require CVV code on the credit card
- We call the customer's telephone number and verify with them. - Verify the telephone number matches the region of the address they provide
- Require the CC issuing Bank's name and number
- We often require the customer to fax a signed credit card authorization form
- GeoIP matches location of the address in the order
Obviously the big challenge is proving that the person placing the order is the actual owner of the card. I've received the correct CVV, spoken with the customer on the phone number, had the phone number match the region... non-US so I wasn't able to verify their telephone details with the issuing bank. Had the GeoIP match and still found out it was fraud.
On a side note: Am I the only one that feels banks and those issuing credit cards need to take more responsibility for a system that's clearly broken? Even after going through the process above, it can still be fraud with a chargeback issued. In those cases, the company loses the money they made, pay a fee to the payment provider, lost time for Sales Reps and Tech Reps, and of course they lose money on hardware, electricity and bandwidth.
View 14 Replies
View Related
Feb 15, 2008
Is there any anti proxy script which can detect any proxy sites on my server and kill it?
View 4 Replies
View Related
Jun 21, 2008
I am running Win2003 server with Plesk 8.3. Antivirus running is F-Prot. Me and my clients have been getting a lot of spam emails and I am looking for suggestions on how to stop them. Plesk seems to provide some options for checking blacklisted spam servers but I was not too satisfied with the result. Maybe I was not looking up the right urls?
So, any suggestions on blocking the spam would be welcome. I am ready to pay for it too...but I am on a very tight budget. A free solution would be the best for me at the moment.
I also used SpamAssasin for a time being but it did not work out to any of my client's satisfaction even after a month's "training" of SpamAssasin.
View 8 Replies
View Related
Jun 14, 2008
I am interested in ASSP as a anti-spam tool and have heard good things, but I have 1 question I can't seem to find an answer too.
With ASSP is there a way to screen image spam like you can with FuzzyOCR? With ASSP do you even need to scan images at all? Because it waits for the sending server to respond for authentication?
I was running MailScanner / SpamAssasin / FuzzyOCR combo with a couple of chron jobs (to sweep fake bounce email out of the mail que for example) with very effective results, but it took forever to tweak all three to reduce server load. MailScanner was breaking webmail randomly so I have it disabled currently so I get a lot more spam.
View 0 Replies
View Related
Oct 4, 2007
We recently had a problem with a mail spammer. He sent over 90,000 emails and had 20,000 in the queue. Is there anyway to possibly stop this as it was really lagging the server bad. So bad the softlayer took it offline for a while...
View 4 Replies
View Related
Jul 22, 2007
where i can buy some cheap spam protection appliance. Right now, we are buying from mailfoundry, but it is a little bit expensive. I send an email to can spam, but i was quoted 18 K anually, to protect 25K emails. Anyone, have a way to buy some cheap anti-spam appliances.
View 14 Replies
View Related
Mar 2, 2007
Is this just for mail antivirus? where do I see the report of the anti virus?
View 2 Replies
View Related
