1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Anti Dos & Anti Local Attack

Discussion in 'Security' started by Archimonde, Nov 24, 2009.

  1. #1
    I think this tutorial can help you protect your site.
    Please remember : There are no way can anti-ddos. Facebook,whitehouse,... were died.
    1 - Dos :
    There are a lot of methods, example : Flood, Slowloris,...
    1.1 - Flood :
    If you use share hosting,to protect your site from Flood Attack, you can use .htaccess to set password for your site or use firewall ( Google : enhack firewall ).
    If you use dedicated server, to protect your site from Flood Attack, please do tutorial below.
    1.1.1 - Anti Dos Script
    #cd download
    #wget http://www.inetbase.com/scripts/ddos/install.sh
    #chmod 0700 install.sh
    #./install.sh
    #nano /user/local/ddos/ddos.conf
    
    Code (markup):
    1.1.2 - Anti Dos Mod : mod_dosevasive
    Edit httpd.conf then change some value
    LoadModule dosevasive20_module modules/mod_dosevasive20.so
    <ifmodule mod_dosevasive20.c>
        DOSHashTableSize    3097
        DOSPageCount        2
        DOSSiteCount        50
        DOSPageInterval     1
        DOSSiteInterval     1
        DOSBlockingPeriod   10
    # Optional Directives - /usr/share/doc/mod_dosevasive/README for more info
        DOSEmailNotify      admin@domain.be
        DOSWhitelist        192.168.1.*
        DOSSystemCommand    "sudo /sbin/iptables -A INPUT -s %s -j DROP"
    </ifmodule>
    Code (markup):
    nano /etc/sudoers
    Code (markup):
    And add :
    apache ALL=(ALL) NOPASSWD: /sbin/iptables -A INPUT -s [0-9.]* -j DROP
    Code (markup):
    1.1.3 - Iptables
    # Limit the number of incoming tcp connections
    # Interface 0 incoming syn-flood protection
    iptables -N syn_flood
    iptables -A INPUT -p tcp --syn -j syn_flood
    iptables -A syn_flood -m limit --limit 1/s --limit-burst 3 -j RETURN
    iptables -A syn_flood -j DROP
    Code (markup):

    To be continues...
     
    Archimonde, Nov 24, 2009 IP
  2. Archimonde

    Archimonde Peon

    Messages:
    72
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #2
    1.2 - Slowloris
    mod_antiloris limits the number of simultaneous connections per IP address
    that are in the "reading request" state

        wget ftp://ftp.monshouwer.eu/pub/linux/mod_antiloris/mod_antiloris-0.3.tar.bz2
        tar -jxvf mod_antiloris-0.3.tar.bz2
        cd mod_antiloris-0.3
        sudo /wwwroot/apache2/bin/apxs -a -i -c mod_antiloris.c
        sudo /etc/inid.d/http restart
    Code (markup):
    Or you can use nginx for protect. I will talk about that tomorrow
     
    Archimonde, Nov 25, 2009 IP
  3. Kwaku

    Kwaku Well-Known Member

    Messages:
    1,217
    Likes Received:
    45
    Best Answers:
    0
    Trophy Points:
    140
    #3
    You can also put your Timeout to very low; helped me many times against this for of attack.

     
    Kwaku, Dec 6, 2009 IP
  4. Archimonde

    Archimonde Peon

    Messages:
    72
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #4
    I'm really sorry , i'm too busy so i'll post tutorials when i can.
     
    Archimonde, Dec 7, 2009 IP
  5. Archimonde

    Archimonde Peon

    Messages:
    72
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Anti Local Attack :

    1- If you have root access, disable command "ln", "cat" and disable sql query "load data local infile".
    Install mod_security for your server.
    2- If you are using share hosting, chmod your config file 710 or 701. It will help you prevent from local attack.

    To be continues..
     
    Archimonde, Dec 10, 2009 IP