Debian / Ubuntu / CentOs – Block DDOS attacks with No More DDOS (formerly : DDoS Deflate)
If you arrive on this page, is that you have already received a DDoS attack on your server or you want to protect it before this attack happens on your server.
In this tutorial, we will install « No More DDoS » (replacing DDoS Deflate that is no longer maintained by its author) that lets you easily protect you against small DDoS attacks.
This script is available in 2 versions :
- the Debian version, compatible with : Debian 6/7/8, Ubuntu Server 13.10, Ubuntu Server 14.04, Linux Mint 17 and distributions based on Debian.
- the CentOs version, compatible with : CentOs 6/7, RHEL 6/7 (à venir dans la version 2.0), Fedora 20 (coming in version 2.0), and distributions based on CentOs.
1. Install No More DDoS
To install « No More DDoS for Debian« , use the following command :
wget -O- https://raw.githubusercontent.com/stylersnico/nmd/master/debian/install.sh | sh
To install »No More DDoS for CentOS 7 » use the following command :
wget -O- https://raw.githubusercontent.com/stylersnico/nmd/master/centos/install.sh | sh
2. Configurer No More DDoS
To configure No More DDoS, edit the « /usr/local/nmd/conf.d/agent.conf » file :
vim /usr/local/nmd/conf.d/agent.conf
In this file, you can edit the following information :
FREQ
: Interval time between 2 launches of the script. By default, this script is run once per minute.NO_OF_CONNECTIONS
: Corresponds to the maximum number of established connections to an IP address. If an IP address has more than 500 connections established on your server, this IP will be banned.APF_BAN
: By default, the script blocks IP addresses in the firewall with iptables (APF_BAN=0). To use « APF », specify 1 (APF_BAN=1).EMAIL_TO
: If you wish to be notified when blocking a DDoS attack, enter your email address at this line. If you leave this empty, then, no e-mail will be sent.BAN_PERIOD
: Period during an IP address is blocked. Default : 3600 seconds = 1 hour.