I want to build a background task that can detect and block any devices that are either participating in a ddos attack or simply spamming my apache web server running on a Debian VPS. Any one have any idea how I can get started on this?
Built a website recently on the VPS mainly to learn some new things, I have to pay a fee if my server gets too many requests. Now I want to learn how to protect from VPS from fags who might not like me and fees. Any thoughts?
>Any thoughts?
Get another provider
Here is a simple step by step plan.
1. Is a certain IP doing lots of requests in a short timeframe
2. Ban IP for a short amount of time (5 minutes or so)
3. Is IP still flooding me?
4. Ban permanently
However, the issue is it could be legit traffic, and you would be banning a legitimate user, but that is the crux of the issue with DDoS that is communicating over the expected protocol, how do you tell legit traffic from bot traffic?
just check if a file is requesting too much traffic and block it.
I want to do this for fun though user, provider has nothing to do with it
Yea this is the real question. I'm wondering how to scale with network traffic. Maybe build a normal distribution of requests and ban any IP addresses that fall outside a 99% confidence interval? Maybe this would only work if I was getting a lot of requests, also could be too heavy to run in the background
>I have to pay a fee if my server gets too many requests
Sounds like some BS.
I guess you can install fail2ban and put some rules on port 80 and 443.
Iptables, block tcp connections for individual IPs consuming too much bandwidth.
obviously but what definies too much traffic? The metric needs to scale with network usage? Also over what timeframe? If its requesting too much in a minute? hour? day?
The point is to build something for fun
>I have to pay a fee if my server gets too many requests.
> provider has nothing to do with it
Stop getting cucked with this shit, find a non jew provider, there are plenty out there.
fail2ban is for ssh login attempts
I'l never get enough requests on my shitty website to actually pay a fee you elitist cloud fucks. I just wanna dick around for fun
I believe you can set rules for any port you want, but that is the most common use of fail2ban.
Alright, go for it then. Never told you to not have fun.
Join the (((Cloudflare))) botnet
fail2ban, CDN, ddos deflate
dicking around costs the same on a non-jew provider you brainlet faggot. you're never going to make it.
Idgaf about a few extra dollars a month. Yes I can shop around more but I’d rather spend my time doing cool shit and just eat any fees I get in exchange for setting up a vps in 2 minutes
>blocking at the endpoint
Absolutely retarded. This only protects you from shit like holding connections open or giving your server shitloads of difficult queries, which is shit your WAF should cover. DDoS is just a straight up flood. You can't block it by denying connections, the packets have already used up bandwidth getting to you. Solving DDoS requires blocking several hops away from your server, where the capacity is high enough to eat the traffic and still maintain okay service. Then if the attack is persistent you need to work with backbone operators to drop the packets as close to the sources as possible. You can't do any of this. You have to get your host involved. Any decent host has a solid DDoS policy to protect you from small attacks, and a lot of them will put some serious effort into defending you.
Great response, thanks for this user. Makes perfect sense. Only way I could protect myself is if I blocked the requests at previous hops. Duh, obviously I can’t just block someone at my port because I still need to check the requesting address to be able to deny it.
syn cookies. limit number of maximum half-open tcp connections. --conn-limit in iptables blah blah.
Put something in front of it like cloudflare. Or you could run a pass through to it from AWS utilizing thier virtual infrastructure/network. They will protect from DDOS.