Results 1 to 16 of 16
-
01-23-2012, 11:41 PM #1Junior Guru Wannabe
- Join Date
- Feb 2011
- Posts
- 36
Howto using Nginx anti ddos proxy? Help me!
My servers are being ddos attacks by proxy, proxy flood much to my server. I need people to a detailed guide to use nginx to solve this problem. I use nginx as reverse. Thank you very much.
-
01-23-2012, 11:45 PM #2Web Hosting Master
- Join Date
- May 2011
- Location
- New York, USA
- Posts
- 4,019
Do you have any sort of firewall setup?
- Nexus Bytes LLC- Ryzen powered NVME VPS and web hosting, packed with perks and love!
- Entry Bytes - Affordable VPS ≠ Cheap quality
- USA (NYC | Miami | LA) | Europe (London, UK | Naaldwijk, NL) | Asia Pacific (Singapore | Japan | Australia)
-
01-24-2012, 03:34 AM #3Junior Guru Wannabe
- Join Date
- Feb 2011
- Posts
- 36
-
01-24-2012, 03:38 AM #4Web Hosting Master
- Join Date
- May 2011
- Location
- New York, USA
- Posts
- 4,019
Without firewall I do not think nginx alone can do simething cause you need a way to block the attack not just pushing it back.
-
01-24-2012, 03:44 AM #5Junior Guru Wannabe
- Join Date
- Feb 2011
- Posts
- 36
-
01-24-2012, 08:02 AM #6Aspiring Evangelist
- Join Date
- Aug 2010
- Location
- Prague, Czech Republic
- Posts
- 404
Do you know what kind of DDoS you have?
█ Supportex.Net server management, full range of services. EU-based outsourced company. Since 1998.
█ Outstanding quality for high performance projects; clustering and high-availability solutions, DDoS protection.
█ Cisco/Juniper network management & deployment assistance. Network design and monitoring.
-
01-24-2012, 08:12 AM #7Junior Guru Wannabe
- Join Date
- Feb 2011
- Posts
- 36
-
01-24-2012, 08:20 AM #8Aspiring Evangelist
- Join Date
- Aug 2010
- Location
- Prague, Czech Republic
- Posts
- 404
What about bandwidth?
█ Supportex.Net server management, full range of services. EU-based outsourced company. Since 1998.
█ Outstanding quality for high performance projects; clustering and high-availability solutions, DDoS protection.
█ Cisco/Juniper network management & deployment assistance. Network design and monitoring.
-
01-24-2012, 08:23 AM #9Junior Guru Wannabe
- Join Date
- Feb 2011
- Posts
- 36
-
01-24-2012, 08:45 AM #10Aspiring Evangelist
- Join Date
- Aug 2010
- Location
- Prague, Czech Republic
- Posts
- 404
Do you have any numbers related to the current bandwidth?
█ Supportex.Net server management, full range of services. EU-based outsourced company. Since 1998.
█ Outstanding quality for high performance projects; clustering and high-availability solutions, DDoS protection.
█ Cisco/Juniper network management & deployment assistance. Network design and monitoring.
-
01-24-2012, 08:47 AM #11Junior Guru Wannabe
- Join Date
- Feb 2011
- Posts
- 36
-
01-24-2012, 11:38 AM #12Digital Marketing Strategist
- Join Date
- Dec 2011
- Location
- Germany
- Posts
- 1,180
You won't be able to block 600+Mbit with NGINX. If you've got good hardware and an uplink of at least 1Gbit, it would be possible to block this with LiteSpeed and a proper configuration.
➤ Inbound Marketing & real SEO for web hosting providers
✎ Get in touch with me: co<at>infinitnet.de
-
01-24-2012, 12:16 PM #13Junior Guru Wannabe
- Join Date
- Feb 2011
- Posts
- 36
Sorry for the confusion above, I come from VietNam language do you misunderstood my idea. My servers are not subject to 600Mbit simultaneously at the same time.Latest features observed from my visit to that, the packet size 1000B and from many different ip. At the end of my attacks of loss of 600M bandwidth. 600M not take the same time. Can you guide me more to use LiteSpeed solve this problem?
Thank you very much!
-
01-24-2012, 01:27 PM #14Digital Marketing Strategist
- Join Date
- Dec 2011
- Location
- Germany
- Posts
- 1,180
Okay, if it's only a small bandwidth attacks, it might work with an NGINX Reverse Proxy. On the server running NGINX, save the following script as ddos.rb and run it with "ruby ddos.rb":
Code:#!/usr/bin/env ruby # Attack v1 (xd-mod) - A Threaded (D)aemonisied (D)DoS-Deflate alternative written in Ruby for IPtables require 'logger' class Attack CONNECTION_LIMIT = 25 FREQUENCY = 20 FIREWALL = "/usr/bin/iptables" LOG_FILE = "ddos.log" WHITELIST = %w{ 127.0.0.1 } def initialize @connections = `netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n` @log = Logger.new(LOG_FILE) daemonize loop do run sleep(FREQUENCY) end end def check(connections) connections.each { |connection| conn, ip = connection.split if conn.to_i > CONNECTION_LIMIT and not WHITELIST.include? ip `#{FIREWALL} -I INPUT -s #{ip} -j DROP` @log.info "[IPT] Dropped -> #{ip} with -> #{conn} connections .." end } end def run Thread.new { check @connections @log.info "[IPT] Checked connections at -> #{Time.now} .." }.join end protected def daemonize exit if fork Process.setsid exit if fork Dir.chdir "/" File.umask 0000 STDIN.reopen "/dev/null" STDOUT.reopen "/dev/null", "a" STDERR.reopen STDOUT trap("TERM") { exit } end end Attack.new
Add the following kernel settings to your /etc/sysctl.conf and execute "sysctl -p":
Code:net.ipv4.tcp_syncookies = 1 net.core.somaxconn = 1024 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_synack_retries = 1 net.ipv4.tcp_keepalive_intvl = 5 net.ipv4.tcp_keepalive_probes = 1 net.ipv4.tcp_keepalive_time = 30 net.ipv4.tcp_fin_timeout = 20 net.ipv4.tcp_timestamps = 0
➤ Inbound Marketing & real SEO for web hosting providers
✎ Get in touch with me: co<at>infinitnet.de
-
01-24-2012, 01:41 PM #15Junior Guru Wannabe
- Join Date
- Feb 2011
- Posts
- 36
The first, thank you very very much.
The attack I'm having to make apache dow after a few minutes.I just found out about nginx should not really understand it, the reason why I mention nginx because the advice from my friends. I installed nginx admin but when testing, I see the status: Down.I do not know how to start it. If you have free time, I will send you information about my server for you, hope you help.
-
01-24-2012, 03:18 PM #16Digital Marketing Strategist
- Join Date
- Dec 2011
- Location
- Germany
- Posts
- 1,180
I thought you had an NGINX reverse proxy up and running already with your current setup, sorry. I've sent you a PM.
➤ Inbound Marketing & real SEO for web hosting providers
✎ Get in touch with me: co<at>infinitnet.de
Similar Threads
-
NiX API - A powerful Anti-Proxy/Anti-Fraud and IP Reputation Lookup API
By GameFrame in forum Other Hosting OffersReplies: 0Last Post: 10-17-2011, 04:42 AM -
NiX API - Total ANTI-FRAUD/ANTI-PROXY API solution for webmasters.
By GameFrame in forum Other Hosting OffersReplies: 0Last Post: 06-06-2011, 01:41 PM -
NiX Private Proxy Lists & ANTI-FRAUD/ANTI-SPAM and brute force prevention
By GameFrame in forum Other Hosting OffersReplies: 0Last Post: 12-03-2010, 12:18 PM -
Howto: WANPMMF (Nginx+FastCGI+Memcached+MySQLi+PHP+APC)
By renter007 in forum VPS HostingReplies: 2Last Post: 05-25-2010, 09:08 AM -
Anti-proxy solution: Maxmind vs zero-proxy
By joboy84 in forum Hosting Software and Control PanelsReplies: 0Last Post: 07-22-2008, 01:45 PM