what to about this scripts is not just to copy and paste, but you MUST learning again, is the inside scripts contains backdoor or else, if you know this scripts was right, safe and there's no problem to import in server, start to using it.
In general, being aware of such things is good, but if this script was a bad one, I would have been deleted along with it years ago Use with a smile, its a safe one. PS> assuming you know how to chmod and start bash scripts of course.
Yes, i can see this is safe to put in server. Sometimes most of layman people doesn't know about script, like me. I was install new plugin to website, replace themes with free premium themes. Most of premium themes have encrypted script on footer. That cause make some script danger, they're create backdoor and finally they're deface my site It was terrible. So be aware if someone get some program, script, plugin, themes, or any interest digital on ads fly in internet
Like nimhost said, I would recommend a firewall like CSF to protect again ddos and not some shady script like this.
I think the best possible script with ddos protection is CSF using the connection tracking feature. That and a good web server setup/system tuning and some testing/babysitting you can mitigate as much as your resources can handle.
I think the script is very helpful, thanks! I have a question that, after having implemented this script in initializing process(rc.local), /etc/sysconfig/iptables is no longer works anymore right? I mean I can empty /etc/sysconfig/iptables, right? thanks!
So, can I just simply remove following 2 lines? $MODPROBE ip_conntrack_ftp $MODPROBE ip_conntrack_irc
That won't help much. Any iptables rule with "--state" in it automatically loads the nf_conntrack module. Also this looks like a useful script, thank you for sharing. It misses a couple of important rules though that you can find here (maybe extend the script provided by the OP): https://javapipe.com/iptables-ddos-protection
Would like to give a try with this script as CSF firewall is unable to stop the attacks. Is the script CentOS specific ? Can it work on Redhat ?
Well, script-ddos defence is not much better than script-hackers I believe It's not a DDoS protection, it just iptables configuring script and I can't say if it good for anyone else to be honest. I hope so. It may help you of course, but will not save you from any real DDoS attack.
I believe it is a web application firewall, not a network firewall that AdWorkMedia is referring to? Try Cloudbric or Cloudflare.