Anti Dos & Anti Local Attack

Discussion in 'Security' started by Archimonde, Nov 24, 2009.

0
  1. #1
    I think this tutorial can help you protect your site.
    Please remember : There are no way can anti-ddos. Facebook,whitehouse,... were died.
    1 - Dos :
    There are a lot of methods, example : Flood, Slowloris,...
    1.1 - Flood :
    If you use share hosting,to protect your site from Flood Attack, you can use .htaccess to set password for your site or use firewall ( Google : enhack firewall ).
    If you use dedicated server, to protect your site from Flood Attack, please do tutorial below.
    1.1.1 - Anti Dos Script
    #cd download
#wget http://www.inetbase.com/scripts/ddos/install.sh
#chmod 0700 install.sh
#./install.sh
#nano /user/local/ddos/ddos.conf
    Code (markup):
    1.1.2 - Anti Dos Mod : mod_dosevasive
    Edit httpd.conf then change some value
    LoadModule dosevasive20_module modules/mod_dosevasive20.so
<ifmodule mod_dosevasive20.c>
    DOSHashTableSize    3097
    DOSPageCount        2
    DOSSiteCount        50
    DOSPageInterval     1
    DOSSiteInterval     1
    DOSBlockingPeriod   10
# Optional Directives - /usr/share/doc/mod_dosevasive/README for more info
    DOSEmailNotify      admin@domain.be
    DOSWhitelist        192.168.1.*
    DOSSystemCommand    "sudo /sbin/iptables -A INPUT -s %s -j DROP"
</ifmodule>
    Code (markup):
    nano /etc/sudoers
    Code (markup):
    And add :
    apache ALL=(ALL) NOPASSWD: /sbin/iptables -A INPUT -s [0-9.]* -j DROP
    Code (markup):
    1.1.3 - Iptables 
    # Limit the number of incoming tcp connections
# Interface 0 incoming syn-flood protection
iptables -N syn_flood
iptables -A INPUT -p tcp --syn -j syn_flood
iptables -A syn_flood -m limit --limit 1/s --limit-burst 3 -j RETURN
iptables -A syn_flood -j DROP
    Code (markup):

    To be continues...
     
    Archimonde, Nov 24, 2009 IP
  2. Archimonde

    Archimonde Peon

    Messages:
    72
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #2
    1.2 - Slowloris
    mod_antiloris limits the number of simultaneous connections per IP address
    that are in the "reading request" state

        wget ftp://ftp.monshouwer.eu/pub/linux/mod_antiloris/mod_antiloris-0.3.tar.bz2
    tar -jxvf mod_antiloris-0.3.tar.bz2
    cd mod_antiloris-0.3
    sudo /wwwroot/apache2/bin/apxs -a -i -c mod_antiloris.c
    sudo /etc/inid.d/http restart
    Code (markup):
    Or you can use nginx for protect. I will talk about that tomorrow
     
    Archimonde, Nov 25, 2009 IP
  3. Kwaku

    Kwaku Well-Known Member

    Messages:
    1,217
    Likes Received:
    45
    Best Answers:
    0
    Trophy Points:
    140
    #3
    You can also put your Timeout to very low; helped me many times against this for of attack.

     
    Kwaku, Dec 6, 2009 IP
  4. Archimonde

    Archimonde Peon

    Messages:
    72
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #4
    I'm really sorry , i'm too busy so i'll post tutorials when i can.
     
    Archimonde, Dec 7, 2009 IP
  5. Archimonde

    Archimonde Peon

    Messages:
    72
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Anti Local Attack :

    1- If you have root access, disable command "ln", "cat" and disable sql query "load data local infile".
    Install mod_security for your server.
    2- If you are using share hosting, chmod your config file 710 or 701. It will help you prevent from local attack.

    To be continues..
     
    Archimonde, Dec 10, 2009 IP