Learn about Centmin Mod LEMP Stack today
Register Now

Sysadmin Script to enable/disable CloudFlare DDoS protection automatically

Discussion in 'System Administration' started by rdan, Nov 14, 2016.

  1. rdan

    rdan Well-Known Member

    5,451
    1,412
    113
    May 25, 2014
    Ratings:
    +2,206
    Local Time:
    11:05 PM
    Mainline
    10.2
  2. rdan

    rdan Well-Known Member

    5,451
    1,412
    113
    May 25, 2014
    Ratings:
    +2,206
    Local Time:
    11:05 PM
    Mainline
    10.2
  3. rdan

    rdan Well-Known Member

    5,451
    1,412
    113
    May 25, 2014
    Ratings:
    +2,206
    Local Time:
    11:05 PM
    Mainline
    10.2
    My script is much simpler now:
    Code:
    #!/bin/bash
    trigger=6.00
    
    load=`cat /proc/loadavg | awk '{print $1}'`
    response=`echo | awk -v T=$trigger -v L=$load 'BEGIN{if ( L > T){ print "greater"}}'`
    if [[ $response = "greater" ]]
    then
    sar -q | mail -s"High load on server - [ $load ]" me@gmail.com
    /usr/bin/sh /etc/ddos/attack.sh
    else
    /usr/bin/sh /etc/ddos/noattack.sh
    fi
     
  4. eva2000

    eva2000 Administrator Staff Member

    55,811
    12,272
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,858
    Local Time:
    1:05 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    nice stuff :)

    though high cpu load doesn't necessarily mean DDOS attack, you could be doing normal system admin tasks like recompiling nginx/php-fpm in centmin mod which is multi threaded and written to use all cpu threads available so you could be at 100% cpu load or if you have multi threaded compression and/or backups which use all cpu threads.
     
  5. rdan

    rdan Well-Known Member

    5,451
    1,412
    113
    May 25, 2014
    Ratings:
    +2,206
    Local Time:
    11:05 PM
    Mainline
    10.2
    Your backup script and centminmod nginx/php recompile only consume 100-200% of my total Intel i7 8 core /800% Server :).
     
  6. rdan

    rdan Well-Known Member

    5,451
    1,412
    113
    May 25, 2014
    Ratings:
    +2,206
    Local Time:
    11:05 PM
    Mainline
    10.2
    This is so true:
    I experienced it the last 2 days.
    Even if I'm on Cloudflare Pro plan.

    Luckily OVH can combat Layer 7 attacks also.
    Which is really great.
     
  7. eva2000

    eva2000 Administrator Staff Member

    55,811
    12,272
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,858
    Local Time:
    1:05 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    interesting it should take up all cpu threads heh
    ouch
     
  8. pamamolf

    pamamolf Well-Known Member

    4,101
    428
    83
    May 31, 2014
    Ratings:
    +838
    Local Time:
    6:05 PM
    Nginx-1.26.x
    MariaDB 10.6.x
    What's the content that you use for attack.sh and noattack.sh ?
     
  9. rdan

    rdan Well-Known Member

    5,451
    1,412
    113
    May 25, 2014
    Ratings:
    +2,206
    Local Time:
    11:05 PM
    Mainline
    10.2