{"id":3499,"date":"2009-02-27T18:01:20","date_gmt":"2009-02-27T23:01:20","guid":{"rendered":"http:\/\/underhost.com\/blog\/?p=3499"},"modified":"2025-03-07T08:14:32","modified_gmt":"2025-03-07T13:14:32","slug":"installing-basic-automatic-protection-from-dos-and-ddos-attacks-to-your-server","status":"publish","type":"post","link":"https:\/\/underhost.com\/blog\/installing-basic-automatic-protection-from-dos-and-ddos-attacks-to-your-server\/","title":{"rendered":"Updated MARCH 2025: Ultimate Guide to Installing and Configuring DDoS-Deflate for Server Protection"},"content":{"rendered":"

What is DDoS-Deflate?<\/strong><\/h2>\n

\nDDoS-Deflate is a lightweight bash script designed to mitigate DDoS attacks by monitoring active connections to your server. It identifies and temporarily blacklists IP addresses exceeding a specified connection limit, using either iptables<\/strong> or APF (Advanced Policy Firewall)<\/strong>.\n<\/p>\n

\nThis script is simple to set up and works efficiently in minimizing the impact of malicious traffic spikes<\/strong>, keeping your server stable and secure.\n<\/p>\n

How to Install DDoS-Deflate<\/strong><\/h2>\n

\nFollow these steps to install DDoS-Deflate on your server:\n<\/p>\n

\r\ncd \/usr\/local\r\nmkdir mytmp\r\nwget https:\/\/underhost.com\/pub\/install.sh<\/a>\r\nchmod 0700 install.sh\r\n.\/install.sh\r\n<\/pre>\n
\nOnce the script runs successfully, you\u2019re ready to configure DDoS-Deflate for optimal performance.\n<\/p>\n
Configuring DDoS-Deflate for Maximum Protection<\/strong><\/h2>\n
\nDDoS-Deflate allows flexible configuration to match your server’s security needs. Open the configuration file using:\n<\/p>\n
\r\ncd \/usr\/local\/ddos\r\nnano ddos.conf\r\n<\/pre>\n
\nHere\u2019s a breakdown of key settings:\n<\/p>\n
Software Paths (No Need to Modify)<\/strong><\/h3>\n
\nPROGDIR=”\/usr\/local\/ddos”
\nPROG=”\/usr\/local\/ddos\/ddos.sh”
\nIGNORE_IP_LIST=”\/usr\/local\/ddos\/ignore.ip.list”
\nCRON=”\/etc\/cron.d\/ddos.cron”
\nAPF=”\/etc\/apf\/apf”
\nIPT=”\/sbin\/iptables”\n<\/p><\/blockquote>\n
\nThese paths indicate where the script files are stored. Unless you have a custom setup, leave them as they are.\n<\/p>\n
Frequency of Execution<\/strong><\/h3>\n
\nFREQ=1\n<\/p><\/blockquote>\n
\nDefines how often (in minutes) the script runs. Adjust based on your server’s load. After modifying, run:\n<\/p>\n
\r\nddos --cron\r\n<\/pre>\n
Connection Limit<\/strong><\/h3>\n
\nNO_OF_CONNECTIONS=100\n<\/p><\/blockquote>\n
\nThis sets the maximum connections an IP can have before getting blacklisted. A typical range is 40-100<\/strong>, depending on your traffic.\n<\/p>\n
Enabling APF or IPTables<\/strong><\/h3>\n
\nAPF_BAN=1\n<\/p><\/blockquote>\n
\nSet to 1<\/strong> if you have APF installed<\/strong>. Otherwise, iptables will be used by default. To check if APF is installed, run:\n<\/p>\n
\r\napf\r\n<\/pre>\n
\nIf using iptables, ensure the service is running:\n<\/p>\n
\r\nservice iptables start\r\nchkconfig iptables on\r\n<\/pre>\n
Testing Mode<\/strong><\/h3>\n
\nKILL=1\n<\/p><\/blockquote>\n
\nSet to 0<\/strong> if you want to test the script without blocking IPs. Change to 1<\/strong> for real-time protection.\n<\/p>\n
Email Alerts<\/strong><\/h3>\n
\nEMAIL_TO=”admin@example.com”\n<\/p><\/blockquote>\n
\nReplace admin@example.com<\/code> with your email to receive notifications about blocked IPs. Set to root<\/code> to disable alerts.\n<\/p>\n
Ban Duration<\/strong><\/h3>\n
\nBAN_PERIOD=1800\n<\/p><\/blockquote>\n
\nDefines how long an IP stays blocked (in seconds). Recommended values are between 1800-3600<\/strong> seconds (30-60 minutes).\n<\/p>\n
Whitelist Trusted IPs<\/strong><\/h3>\n
\nTo prevent accidental blocking of your own IPs, add them to the ignore list:\n<\/p>\n
\r\nnano \/usr\/local\/ddos\/ignore.ip.list\r\n<\/pre>\n
\nAdd one IP per line and save the file.\n<\/p>\n
How to Uninstall DDoS-Deflate<\/strong><\/h2>\n
\nIf you need to remove DDoS-Deflate, run the following commands:\n<\/p>\n
\r\ncd \/usr\/local\/mytmp\r\nwget https:\/\/underhost.com\/pub\/uninstall.ddos<\/a>\r\nchmod 0700 uninstall.ddos\r\n.\/uninstall.ddos\r\n<\/pre>\n
Final Tips for Enhancing DDoS Protection<\/strong><\/h2>\n