DDoS-Deflate Revisited

I recently had the task at work of setting up a simple DoS protection for our public web server. After poking around some bit, I settled on using DDoS-Deflate. We use Ubuntu 10.04 on our server and unfortunately, the script seems to have been last updated over 5 years ago and I needed some modifications to make it work in our environment. I also didn’t like the idea of the install script needing to download files from some web server and have packaged it up all in one (linked at the end of this post).

Some highlights of the changes made:

  • Changed hash-bang from sh to bash shell (Ubuntu now points sh to dash, not bash)
  • Added a few command line options
    – remove-cron – Remove the CRON job
    – dry-run – Run the script but don’t actually ban or log anything (helpful for testing what it would ban)
  • Changed the logic of the KILL option (setting KILL = 0 in the conf file is now the same thing as setting dry-run at the command line)
  • Install and Uninstall scripts have been updated to move files locally instead of downloading. Uninstall uses the remove-cron command line option to remove the cron file.
  • Emails can now come from a specified email address
  • Updated netstat call to include a grep filter to only capture IP addresses and not the header lines of the netstat call.

Install and Uninstall is still pretty simple…

[code]wget http://www.mattzuba.com/wordpress/wp-content/uploads/2011/02/ddos_deflate-0.7.tar.gz
tar -xf ddos_deflate-0.7.tar.gz
cd ddos_deflate-0.7
sudo ./install.sh[/code]

And to uninstall, just run this

[code]sudo ./uninstall.sh[/code]

In accordance with the license this was originally released, all modifications may be considered public domain.

Download: DDoS-Deflate

  • http://Website JB

    Thanks for doing this, as I need to run DDoS Deflate under Ubuntu.

    I am getting a 404 error when trying to wget the file. Is it still available?

    • Matt

      Sorry about that, I moved wordpress into it’s own directory and forgot to update some links. It should be okay now.

  • http://ad.com yiatsi

    Good job , very substantial post for deflate and its usage nowdays in 2011.

    tip: if u move out CAPTCHA code u will have more comments…

  • http://triggerlab.ru Trigger

    thank you very much, and then version 0.6 does not work = (

  • kunz

    thank you very much. saved me lots of time modifying the out dated original version to run on my ubuntu box :)

  • http://www.iclanwebsites.com James

    This is great, thanks a lot. However the mail feature doesn’t work. How would we get this to work with sendmail? I’m using Ubuntu 10.04.

  • Justin

    Is it working in Ubuntu Server 12.04?

  • http://nabolister.com/ envis

    not working under ubuntu 12.04 :(

  • Miki

    Hey. Someone a solution would not be able to work well on ubuntu 12.04?

  • Nick

    That “grep ^[0-9]” line is a good idea. I do it with “grep -Ev “servers|Address”” which also works.

  • hrishi

    On Debian 7, not working. Getting error:
    sh /usr/local/ddos/ddos.sh -c
    /usr/local/ddos/ddos.sh: 18: [: /usr/local/ddos/ddos.conf: unexpected operator
    DDoS-Deflate version 0.7
    Copyright (C) 2005, Zaf
    Copyright (C) 2011, Matt Zuba
    $CONF not found.
    Please help…..

  • Yudi


    James:

    This is great, thanks a lot. However the mail feature doesn’t work. How would we get this to work with sendmail? I’m using Ubuntu 10.04.

    Same problem here. I will wait for the response :)

  • Pingback: mortgagecrow.com()