Updated MARCH 2025: Ultimate Guide to Installing and Configuring DDoS-Deflate for Server Protection

What is DDoS-Deflate?

DDoS-Deflate is a lightweight bash script designed to mitigate DDoS attacks by monitoring active connections to your server. It identifies and temporarily blacklists IP addresses exceeding a specified connection limit, using either iptables or APF (Advanced Policy Firewall).

This script is simple to set up and works efficiently in minimizing the impact of malicious traffic spikes, keeping your server stable and secure.

How to Install DDoS-Deflate

Follow these steps to install DDoS-Deflate on your server:

cd /usr/local
mkdir mytmp
wget https://underhost.com/pub/install.sh
chmod 0700 install.sh
./install.sh

Once the script runs successfully, you’re ready to configure DDoS-Deflate for optimal performance.

Configuring DDoS-Deflate for Maximum Protection

DDoS-Deflate allows flexible configuration to match your server’s security needs. Open the configuration file using:

cd /usr/local/ddos
nano ddos.conf

Here’s a breakdown of key settings:

Software Paths (No Need to Modify)

PROGDIR=”/usr/local/ddos”
PROG=”/usr/local/ddos/ddos.sh”
IGNORE_IP_LIST=”/usr/local/ddos/ignore.ip.list”
CRON=”/etc/cron.d/ddos.cron”
APF=”/etc/apf/apf”
IPT=”/sbin/iptables”

These paths indicate where the script files are stored. Unless you have a custom setup, leave them as they are.

Frequency of Execution

FREQ=1

Defines how often (in minutes) the script runs. Adjust based on your server’s load. After modifying, run:

ddos --cron

Connection Limit

NO_OF_CONNECTIONS=100

This sets the maximum connections an IP can have before getting blacklisted. A typical range is 40-100, depending on your traffic.

Enabling APF or IPTables

APF_BAN=1

Set to 1 if you have APF installed. Otherwise, iptables will be used by default. To check if APF is installed, run:

apf

If using iptables, ensure the service is running:

service iptables start
chkconfig iptables on

Testing Mode

KILL=1

Set to 0 if you want to test the script without blocking IPs. Change to 1 for real-time protection.

Email Alerts

EMAIL_TO=”admin@example.com”

Replace admin@example.com with your email to receive notifications about blocked IPs. Set to root to disable alerts.

Ban Duration

BAN_PERIOD=1800

Defines how long an IP stays blocked (in seconds). Recommended values are between 1800-3600 seconds (30-60 minutes).

Whitelist Trusted IPs

To prevent accidental blocking of your own IPs, add them to the ignore list:

nano /usr/local/ddos/ignore.ip.list

Add one IP per line and save the file.

How to Uninstall DDoS-Deflate

If you need to remove DDoS-Deflate, run the following commands:

cd /usr/local/mytmp
wget https://underhost.com/pub/uninstall.ddos
chmod 0700 uninstall.ddos
./uninstall.ddos

Final Tips for Enhancing DDoS Protection

• Use a Web Application Firewall (WAF) to filter traffic before it reaches your server.
• Enable rate limiting in your web server configuration.
• Consider Cloud VPS hosting with built-in DDoS protection.
• Upgrade to 10Gbps Dedicated Servers for high-bandwidth attacks.

Need help? Reach out to UnderHost Customer Support for expert assistance.