Learn about Centmin Mod LEMP Stack today
Register Now

Sysadmin Script to enable/disable CloudFlare DDoS protection automatically

Discussion in 'System Administration' started by rdan, Nov 14, 2016.

  1. rdan

    rdan Premium Member Premium Member

    4,312
    1,046
    113
    May 25, 2014
    Ratings:
    +1,507
    Local Time:
    2:28 PM
    Mainline
    10.2
  2. rdan

    rdan Premium Member Premium Member

    4,312
    1,046
    113
    May 25, 2014
    Ratings:
    +1,507
    Local Time:
    2:28 PM
    Mainline
    10.2
  3. rdan

    rdan Premium Member Premium Member

    4,312
    1,046
    113
    May 25, 2014
    Ratings:
    +1,507
    Local Time:
    2:28 PM
    Mainline
    10.2
    My script is much simpler now:
    Code:
    #!/bin/bash
    trigger=6.00
    
    load=`cat /proc/loadavg | awk '{print $1}'`
    response=`echo | awk -v T=$trigger -v L=$load 'BEGIN{if ( L > T){ print "greater"}}'`
    if [[ $response = "greater" ]]
    then
    sar -q | mail -s"High load on server - [ $load ]" [email protected]
    /usr/bin/sh /etc/ddos/attack.sh
    else
    /usr/bin/sh /etc/ddos/noattack.sh
    fi
     
    • Like Like x 2
  4. eva2000

    eva2000 Administrator Staff Member

    36,455
    7,998
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,322
    Local Time:
    4:28 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    nice stuff :)

    though high cpu load doesn't necessarily mean DDOS attack, you could be doing normal system admin tasks like recompiling nginx/php-fpm in centmin mod which is multi threaded and written to use all cpu threads available so you could be at 100% cpu load or if you have multi threaded compression and/or backups which use all cpu threads.
     
  5. rdan

    rdan Premium Member Premium Member

    4,312
    1,046
    113
    May 25, 2014
    Ratings:
    +1,507
    Local Time:
    2:28 PM
    Mainline
    10.2
    Your backup script and centminmod nginx/php recompile only consume 100-200% of my total Intel i7 8 core /800% Server :).
     
    • Informative Informative x 1
  6. rdan

    rdan Premium Member Premium Member

    4,312
    1,046
    113
    May 25, 2014
    Ratings:
    +1,507
    Local Time:
    2:28 PM
    Mainline
    10.2
    This is so true:
    I experienced it the last 2 days.
    Even if I'm on Cloudflare Pro plan.

    Luckily OVH can combat Layer 7 attacks also.
    Which is really great.
     
    • Informative Informative x 1
  7. eva2000

    eva2000 Administrator Staff Member

    36,455
    7,998
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,322
    Local Time:
    4:28 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    interesting it should take up all cpu threads heh
    ouch
     
  8. pamamolf

    pamamolf Well-Known Member

    3,117
    295
    83
    May 31, 2014
    Ratings:
    +530
    Local Time:
    9:28 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    What's the content that you use for attack.sh and noattack.sh ?
     
  9. rdan

    rdan Premium Member Premium Member

    4,312
    1,046
    113
    May 25, 2014
    Ratings:
    +1,507
    Local Time:
    2:28 PM
    Mainline
    10.2
    • Like Like x 2
..