Sysadmin Script to enable/disable CloudFlare DDoS protection automatically

rdan · Nov 14, 2016

I just follow this guide: Script to enable/disable CloudFlare DDoS protection automatically – VPSAddicted

/etc/ddos/attack.sh files works as expected, but:
Script
/etc/ddos/ddos.sh doesn't work.

What's wrong with the code?
I even change this line:
grep -w "[0.00-0.05]" $FILE >/dev/null
To be sure I capture the average load.

But it does nothing.
Please bash scripting guru .
@eva2000

rdan · Nov 14, 2016

I found much better implementation now
Create server load monitoring bash script - InMotion Hosting

rdan · Nov 14, 2016

My script is much simpler now:

Code:

#!/bin/bash
trigger=6.00

load=`cat /proc/loadavg | awk '{print $1}'`
response=`echo | awk -v T=$trigger -v L=$load 'BEGIN{if ( L > T){ print "greater"}}'`
if [[ $response = "greater" ]]
then
sar -q | mail -s"High load on server - [ $load ]" me@gmail.com
/usr/bin/sh /etc/ddos/attack.sh
else
/usr/bin/sh /etc/ddos/noattack.sh
fi

eva2000 · Nov 14, 2016

nice stuff

though high cpu load doesn't necessarily mean DDOS attack, you could be doing normal system admin tasks like recompiling nginx/php-fpm in centmin mod which is multi threaded and written to use all cpu threads available so you could be at 100% cpu load or if you have multi threaded compression and/or backups which use all cpu threads.

rdan · Nov 14, 2016

Your backup script and centminmod nginx/php recompile only consume 100-200% of my total Intel i7 8 core /800% Server .

rdan · Nov 14, 2016

This is so true:

It gets even worse: If the attack runs for a long time without you taking any action, CloudFlare will temporarily route all traffic directly to the origin IP (exposing it to the attacker). You’d have to watch your sites for attacks constantly to not risk getting temporarily routed directly to your origin IP.
Click to expand...

I experienced it the last 2 days.
Even if I'm on Cloudflare Pro plan.

Luckily OVH can combat Layer 7 attacks also.
Which is really great.

eva2000 · Nov 14, 2016

RoldanLT said: ↑

Your backup script and centminmod nginx/php recompile only consume 100-200% of my total Intel i7 8 core /800% Server .
Click to expand...

interesting it should take up all cpu threads heh

RoldanLT said: ↑

I experienced it the last 2 days.
Even if I'm on Cloudflare Pro plan.
Click to expand...

ouch

pamamolf · Nov 15, 2016

What's the content that you use for attack.sh and noattack.sh ?

rdan · Nov 15, 2016

RoldanLT said: ↑

I just follow this guide: Script to enable/disable CloudFlare DDoS protection automatically – VPSAddicted
Click to expand...

Log in / Register

Forums

Learn about Centmin Mod LEMP Stack today

Sysadmin Script to enable/disable CloudFlare DDoS protection automatically

rdan Well-Known Member

rdan Well-Known Member

rdan Well-Known Member

eva2000 Administrator Staff Member

rdan Well-Known Member

rdan Well-Known Member

eva2000 Administrator Staff Member

pamamolf Premium Member Premium Member

rdan Well-Known Member

.

Log in / Register

Useful Searches

Learn about Centmin Mod LEMP Stack today

Sysadmin Script to enable/disable CloudFlare DDoS protection automatically

rdan Well-Known Member

rdan Well-Known Member

rdan Well-Known Member

eva2000 Administrator Staff Member

rdan Well-Known Member

rdan Well-Known Member

eva2000 Administrator Staff Member

pamamolf Premium Member Premium Member

rdan Well-Known Member

.