Blog Hosting, Server, Linux, Jaringan Komputer dan Internet 

Home Tutorial Cara mendeteksi dan mencegah serangan DDOS di server cPanel WHM
formats

Cara mendeteksi dan mencegah serangan DDOS di server cPanel WHM

Published on May 22, 2019, by in Tutorial.

Untuk mencegah serangan ddos di server cpanel WHM kita gunakan tools DDOS-Deflate.

Sebelumnya kita cek koneksi ke server dengan menggunakan :

netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

Kita install melalui terminal root akses.

Download terlebih dahulu

wget http://www.inetbase.com/scripts/ddos/install.sh
–2019-05-22 09:46:51– http://www.inetbase.com/scripts/ddos/install.sh
Resolving www.inetbase.com (www.inetbase.com)… 184.173.190.146
Connecting to www.inetbase.com (www.inetbase.com)|184.173.190.146|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 1067 (1.0K) [application/x-sh]
Saving to: ‘install.sh’

100%[======================================>] 1,067 –.-K/s in 0s

2019-05-22 09:46:51 (77.1 MB/s) – ‘install.sh’ saved [1067/1067]

Ubah chmod menjadi 0700

chmod 0700 install.sh

Kemudian lakukan installasi dengan perintah

sh ./install.sh

Installing DOS-Deflate 0.6

Downloading source files………done

Creating cron to run script every minute…..(Default setting)…..done

Installation has completed.
Config file is at /usr/local/ddos/ddos.conf
Please send in your comments and/or suggestions to zaf@vsnl.com

Setelah selesai install whitelist ip yang akan digunakan

nano /usr/local/ddos/ignore.ip.list

dan konfigurasi utama ada pada file berikut

nano /usr/local/ddos/ddos.conf

##### Paths of the script and other files
PROGDIR=”/usr/local/ddos”
PROG=”/usr/local/ddos/ddos.sh”
IGNORE_IP_LIST=”/usr/local/ddos/ignore.ip.list”
CRON=”/etc/cron.d/ddos.cron”
APF=”/etc/apf/apf”
IPT=”/sbin/iptables”

##### frequency in minutes for running the script
##### Caution: Every time this setting is changed, run the script with –cron
##### option so that the new frequency takes effect
FREQ=1

##### How many connections define a bad IP? Indicate that below.
NO_OF_CONNECTIONS=150

##### APF_BAN=1 (Make sure your APF version is atleast 0.96)
##### APF_BAN=0 (Uses iptables for banning ips instead of APF)
APF_BAN=1

##### KILL=0 (Bad IPs are’nt banned, good for interactive execution of script)
##### KILL=1 (Recommended setting)
KILL=1

##### An email is sent to the following address when an IP is banned.
##### Blank would suppress sending of mails
EMAIL_TO=”root”

Number of seconds the banned ip should remain in blacklist.
BAN_PERIOD=600

Perintah yang bisa digunakan

To show the help screen
# ddos –help

Create cron job to run the script regularly
# ddos –cron

Display whitelisted IP addresses
#ddos -I | –ignore-list

Display currently banned IP addresses.
# ddos -b | –bans-list

To initialize a daemon to monitor connections.
# ddos -d | –start:

To Stop the daemon.
# ddos -s | –stop

To show status of daemon and pid currently running.
# ddos -t | –status

To display active connections to the server.
# ddos -v | –view

To block all IP addresses making more than N connections.
# ddos -k | –kill:

Demikian, semoga bermanfaat.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.