Want to subscribe to topics you're interested in?
Become a Member

Sysadmin Script to enable/disable CloudFlare DDoS protection automatically

Discussion in 'System Administration' started by RoldanLT, Nov 14, 2016.

  1. RoldanLT

    RoldanLT Well-Known Member

    3,830
    929
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,258
    Local Time:
    9:50 AM
    1.11
    10.2
  2. RoldanLT

    RoldanLT Well-Known Member

    3,830
    929
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,258
    Local Time:
    9:50 AM
    1.11
    10.2
  3. RoldanLT

    RoldanLT Well-Known Member

    3,830
    929
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,258
    Local Time:
    9:50 AM
    1.11
    10.2
    My script is much simpler now:
    Code:
    #!/bin/bash
    trigger=6.00
    
    load=`cat /proc/loadavg | awk '{print $1}'`
    response=`echo | awk -v T=$trigger -v L=$load 'BEGIN{if ( L > T){ print "greater"}}'`
    if [[ $response = "greater" ]]
    then
    sar -q | mail -s"High load on server - [ $load ]" me@gmail.com
    /usr/bin/sh /etc/ddos/attack.sh
    else
    /usr/bin/sh /etc/ddos/noattack.sh
    fi
     
    • Like Like x 2
  4. eva2000

    eva2000 Administrator Staff Member

    29,031
    6,589
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,782
    Local Time:
    11:50 AM
    Nginx 1.13.x
    MariaDB 5.5
    nice stuff :)

    though high cpu load doesn't necessarily mean DDOS attack, you could be doing normal system admin tasks like recompiling nginx/php-fpm in centmin mod which is multi threaded and written to use all cpu threads available so you could be at 100% cpu load or if you have multi threaded compression and/or backups which use all cpu threads.
     
  5. RoldanLT

    RoldanLT Well-Known Member

    3,830
    929
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,258
    Local Time:
    9:50 AM
    1.11
    10.2
    Your backup script and centminmod nginx/php recompile only consume 100-200% of my total Intel i7 8 core /800% Server :).
     
    • Informative Informative x 1
  6. RoldanLT

    RoldanLT Well-Known Member

    3,830
    929
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,258
    Local Time:
    9:50 AM
    1.11
    10.2
    This is so true:
    I experienced it the last 2 days.
    Even if I'm on Cloudflare Pro plan.

    Luckily OVH can combat Layer 7 attacks also.
    Which is really great.
     
    • Informative Informative x 1
  7. eva2000

    eva2000 Administrator Staff Member

    29,031
    6,589
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,782
    Local Time:
    11:50 AM
    Nginx 1.13.x
    MariaDB 5.5
    interesting it should take up all cpu threads heh
    ouch
     
  8. pamamolf

    pamamolf Well-Known Member

    2,529
    231
    63
    May 31, 2014
    Ratings:
    +394
    Local Time:
    4:50 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    What's the content that you use for attack.sh and noattack.sh ?
     
  9. RoldanLT

    RoldanLT Well-Known Member

    3,830
    929
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,258
    Local Time:
    9:50 AM
    1.11
    10.2
    • Like Like x 2