-
2026 staff recruitment is open! Check it out and consider applying!
ANTI-DDOS
- Thread starter Sigoles
- Start date
HalfAway
Thanatos
I've been using OVH for a very long time, both for OTs and not OTs.
Works perfect for me, never had any problems with them.
Try HosTeam or something if you're not satisfied with OVH.
Works perfect for me, never had any problems with them.
Try HosTeam or something if you're not satisfied with OVH.
HalfAway
Thanatos
I've been DDoS'd alot of times when I hosted servers for others, never had any problems.
Are you sure you got DDoS'd or did you just run with poorly written scripts that was eating CPU?
OP
OP
Sigoles
Discord: @sigoles
- Joined
- Nov 20, 2015
- Messages
- 1,209
- Solutions
- 2
- Reaction score
- 154
Iptables does not help , but anyway , could send me your script to test ? Please!
Look mine:
Code:
#!/bin/bash
cat > /etc/iptables.rules <<EOF
*filter
:INPUT ACCEPT [194:9380]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [149073:322554493]
:FINFLOOD - [0:0]
:ICMPFLOOD - [0:0]
:INVALIDFLOOD - [0:0]
:RSTFLOOD - [0:0]
:SYNFLOOD - [0:0]
:UDPFLOOD - [0:0]
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# Local addresses
-A INPUT -d 127.0.0.1/32 -p tcp -j ACCEPT
# Monitoring
-A INPUT -s 50.116.17.17/32 -d 173.193.171.178/32 -p udp -m udp --dport 161 -j ACCEPT
-A INPUT -s 50.116.17.17/32 -d 173.193.171.178/32 -p tcp -m tcp -j ACCEPT
# Frag packages are dropped
-A INPUT -i eth0 -f -j DROP
# Connection limit on http port 80
-A INPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 45 --connlimit-mask 32 -j DROP
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# Connection limit on http port 8080
-A INPUT -p tcp -m tcp --dport 8080 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 45 --connlimit-mask 32 -j DROP
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
# Flood control
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j SYNFLOOD
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j INVALIDFLOOD
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -j RSTFLOOD
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK FIN -j FINFLOOD
-A INPUT -p udp -j UDPFLOOD
--A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -s 191.248.94.187 -j DROP
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 7171 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 7172 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 7173 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 7575 -j ACCEPT
-A INPUT -p tcp -j DROP
-A FINFLOOD -m limit --limit 20/sec --limit-burst 25 -j RETURN
-A FINFLOOD -m limit --limit 10/min -j LOG --log-prefix "Firewall: *FIN Blocked* "
-A FINFLOOD -j DROP
-A ICMPFLOOD -p icmp -m limit --limit 10/sec -j RETURN
-A ICMPFLOOD -m limit --limit 10/min -j LOG --log-prefix "Firewall: *ICMP Blocked* "
-A ICMPFLOOD -j DROP
-A INVALIDFLOOD -m limit --limit 3/sec --limit-burst 6 -j RETURN
-A INVALIDFLOOD -m limit --limit 10/min -j LOG --log-prefix "Firewall: *INV Blocked* "
-A INVALIDFLOOD -j DROP
-A RSTFLOOD -m limit --limit 10/sec --limit-burst 15 -j RETURN
-A RSTFLOOD -m limit --limit 10/min -j LOG --log-prefix "Firewall: *RST Blocked* "
-A RSTFLOOD -j DROP
-A SYNFLOOD -m limit --limit 180/sec --limit-burst 200 -j RETURN
-A SYNFLOOD -m limit --limit 10/min -j LOG --log-prefix "Firewall: *SYN Blocked* "
-A SYNFLOOD -j DROP
-A UDPFLOOD -m limit --limit 10/sec --limit-burst 20 -j RETURN
-A UDPFLOOD -m limit --limit 10/min -j LOG --log-prefix "Firewall: *UDP Blocked* "
-A UDPFLOOD -j DROP
COMMIT
EOF
cat > /etc/rsyslog.d/my_iptables.conf <<EOF
:msg, contains, "Firewall: " -/var/log/iptables.log
EOF
service rsyslog restart
echo "Installing logs, read on /var/log/iptables.log"
cat > /etc/network/if-pre-up.d/iptablesload <<EOF
#!/bin/sh
iptables-restore < /etc/iptables.rules
exit 0
EOF
chmod +x /etc/network/if-pre-up.d/iptablesload
echo "Installing auto start"
iptables -F
iptables -X
iptables-restore < /etc/iptables.rules
echo "Firewall up and running..."
exit 0
