Defend Against DDoS Attack With (D)DoS Deflate

I have write an article to prevent DDoS attack with mod_evasive in previous post. But with just mod_evasive is not enough. Because DDoS technique maybe vary in technique. DDoS (Distributed Denial of Service) basic is send or flood the the server with request. This will make the server busy and if it is overload it will down (service down). So basically it will send or flood request to your server from one or more ip.

You can check or count how many IP addresses connected to your server with netstat. Here is the command to check IP Addresses that connected to your server:

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

It will show something like this:


So if you have like more than 100 request connected from 1 IP address, it is unusual. You can block that IP with Iptables config. It’s not hard to do, but it will waste your time to look into your netstat everyday to look and ban some IP addresses. You can use (D)Dos Deflate to do that.

(D)DoS Deflate is a lightweight bash shell script designed to assist in the process of blocking a denial of service attack. With (D)DoS Deflate you can configure how long will the IP address will be blocked and how many connection considered as DDoS.

How to install it:

  1. Open your terminal and login as root
  2. Download (D)DoS Deflate:
  3. Give execute permission to the script:
    chmod 0700
  4. Install it:

To add your ip address as whitelist, edit this file:

vim /usr/local/ddos/ignore.ip.list

Configure (D)DoS Deflate:

vim /usr/local/ddos/ddos.conf

More details visit (D)DoS Deflate website.

Give me your feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.