I want to build a background task that can detect and block any devices that are either participating in a ddos attack or simply spamming my apache web server running on a Debian VPS. Any one have any idea how I can get started on this?
Built a website recently on the VPS mainly to learn some new things, I have to pay a fee if my server gets too many requests. Now I want to learn how to protect from VPS from fags who might not like me and fees. Any thoughts?
>Any thoughts?
Get another provider
Here is a simple step by step plan.
1. Is a certain IP doing lots of requests in a short timeframe
2. Ban IP for a short amount of time (5 minutes or so)
3. Is IP still flooding me?
4. Ban permanently
However, the issue is it could be legit traffic, and you would be banning a legitimate user, but that is the crux of the issue with DDoS that is communicating over the expected protocol, how do you tell legit traffic from bot traffic?
just check if a file is requesting too much traffic and block it.
I want to do this for fun though user, provider has nothing to do with it
Yea this is the real question. I'm wondering how to scale with network traffic. Maybe build a normal distribution of requests and ban any IP addresses that fall outside a 99% confidence interval? Maybe this would only work if I was getting a lot of requests, also could be too heavy to run in the background
>I have to pay a fee if my server gets too many requests
Sounds like some BS.
I guess you can install fail2ban and put some rules on port 80 and 443.
Iptables, block tcp connections for individual IPs consuming too much bandwidth.
obviously but what definies too much traffic? The metric needs to scale with network usage? Also over what timeframe? If its requesting too much in a minute? hour? day?
The point is to build something for fun