Join the community today
Register Now

Sysadmin Script to enable/disable CloudFlare DDoS protection automatically

Discussion in 'System Administration' started by RoldanLT, Nov 14, 2016.

  1. RoldanLT

    RoldanLT Well-Known Member

    3,979
    965
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,329
    Local Time:
    1:17 PM
    1.11
    10.2
  2. RoldanLT

    RoldanLT Well-Known Member

    3,979
    965
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,329
    Local Time:
    1:17 PM
    1.11
    10.2
  3. RoldanLT

    RoldanLT Well-Known Member

    3,979
    965
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,329
    Local Time:
    1:17 PM
    1.11
    10.2
    My script is much simpler now:
    Code:
    #!/bin/bash
    trigger=6.00
    
    load=`cat /proc/loadavg | awk '{print $1}'`
    response=`echo | awk -v T=$trigger -v L=$load 'BEGIN{if ( L > T){ print "greater"}}'`
    if [[ $response = "greater" ]]
    then
    sar -q | mail -s"High load on server - [ $load ]" me@gmail.com
    /usr/bin/sh /etc/ddos/attack.sh
    else
    /usr/bin/sh /etc/ddos/noattack.sh
    fi
     
    • Like Like x 2
  4. eva2000

    eva2000 Administrator Staff Member

    30,956
    6,917
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,418
    Local Time:
    3:17 PM
    Nginx 1.13.x
    MariaDB 5.5
    nice stuff :)

    though high cpu load doesn't necessarily mean DDOS attack, you could be doing normal system admin tasks like recompiling nginx/php-fpm in centmin mod which is multi threaded and written to use all cpu threads available so you could be at 100% cpu load or if you have multi threaded compression and/or backups which use all cpu threads.
     
  5. RoldanLT

    RoldanLT Well-Known Member

    3,979
    965
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,329
    Local Time:
    1:17 PM
    1.11
    10.2
    Your backup script and centminmod nginx/php recompile only consume 100-200% of my total Intel i7 8 core /800% Server :).
     
    • Informative Informative x 1
  6. RoldanLT

    RoldanLT Well-Known Member

    3,979
    965
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,329
    Local Time:
    1:17 PM
    1.11
    10.2
    This is so true:
    I experienced it the last 2 days.
    Even if I'm on Cloudflare Pro plan.

    Luckily OVH can combat Layer 7 attacks also.
    Which is really great.
     
    • Informative Informative x 1
  7. eva2000

    eva2000 Administrator Staff Member

    30,956
    6,917
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,418
    Local Time:
    3:17 PM
    Nginx 1.13.x
    MariaDB 5.5
    interesting it should take up all cpu threads heh
    ouch
     
  8. pamamolf

    pamamolf Well-Known Member

    2,821
    253
    83
    May 31, 2014
    Ratings:
    +447
    Local Time:
    7:17 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    What's the content that you use for attack.sh and noattack.sh ?
     
  9. RoldanLT

    RoldanLT Well-Known Member

    3,979
    965
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,329
    Local Time:
    1:17 PM
    1.11
    10.2
    • Like Like x 2