I recently had the task at work of setting up a simple DoS protection for our public web server.  After poking around some bit, I settled on using DDoS-Deflate.  We use Ubuntu 10.04 on our server and unfortunately, the script seems to have been last updated over 5 years ago and I needed some modifications to make it work in our environment.  I also didn’t like the idea of the install script needing to download files from some web server and have packaged it up all in one (linked at the end of this post).

Some highlights of the changes made:

  • Changed hash-bang from sh to bash shell (Ubuntu now points sh to dash, not bash)
  • Added a few command line options
    - remove-cron – Remove the CRON job
    - dry-run – Run the script but don’t actually ban or log anything (helpful for testing what it would ban)
  • Changed the logic of the KILL option (setting KILL = 0 in the conf file is now the same thing as setting dry-run at the command line)
  • Install and Uninstall scripts have been updated to move files locally instead of downloading.  Uninstall uses the remove-cron command line option to remove the cron file.
  • Emails can now come from a specified email address
  • Updated netstat call to include a grep filter to only capture IP addresses and not the header lines of the netstat call.

Install and Uninstall is still pretty simple…

wget http://www.mattzuba.com/wordpress/wp-content/uploads/2011/02/ddos_deflate-0.7.tar.gz
tar -xf ddos_deflate-0.7.tar.gz
cd ddos_deflate-0.7
sudo ./install.sh

And to uninstall, just run this

sudo ./uninstall.sh

In accordance with the license this was originally released, all modifications may be considered public domain.

Download: DDoS-Deflate