Discover Centmin Mod today
Register Now

Sysadmin Script to enable/disable CloudFlare DDoS protection automatically

Discussion in 'System Administration' started by rdan, Nov 14, 2016.

  1. rdan

    rdan Well-Known Member

    4,672
    1,122
    113
    May 25, 2014
    Ratings:
    +1,664
    Local Time:
    6:44 AM
    Mainline
    10.2
  2. rdan

    rdan Well-Known Member

    4,672
    1,122
    113
    May 25, 2014
    Ratings:
    +1,664
    Local Time:
    6:44 AM
    Mainline
    10.2
  3. rdan

    rdan Well-Known Member

    4,672
    1,122
    113
    May 25, 2014
    Ratings:
    +1,664
    Local Time:
    6:44 AM
    Mainline
    10.2
    My script is much simpler now:
    Code:
    #!/bin/bash
    trigger=6.00
    
    load=`cat /proc/loadavg | awk '{print $1}'`
    response=`echo | awk -v T=$trigger -v L=$load 'BEGIN{if ( L > T){ print "greater"}}'`
    if [[ $response = "greater" ]]
    then
    sar -q | mail -s"High load on server - [ $load ]" [email protected]
    /usr/bin/sh /etc/ddos/attack.sh
    else
    /usr/bin/sh /etc/ddos/noattack.sh
    fi
     
    • Like Like x 2
  4. eva2000

    eva2000 Administrator Staff Member

    41,755
    9,401
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,446
    Local Time:
    8:44 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    nice stuff :)

    though high cpu load doesn't necessarily mean DDOS attack, you could be doing normal system admin tasks like recompiling nginx/php-fpm in centmin mod which is multi threaded and written to use all cpu threads available so you could be at 100% cpu load or if you have multi threaded compression and/or backups which use all cpu threads.
     
  5. rdan

    rdan Well-Known Member

    4,672
    1,122
    113
    May 25, 2014
    Ratings:
    +1,664
    Local Time:
    6:44 AM
    Mainline
    10.2
    Your backup script and centminmod nginx/php recompile only consume 100-200% of my total Intel i7 8 core /800% Server :).
     
    • Informative Informative x 1
  6. rdan

    rdan Well-Known Member

    4,672
    1,122
    113
    May 25, 2014
    Ratings:
    +1,664
    Local Time:
    6:44 AM
    Mainline
    10.2
    This is so true:
    I experienced it the last 2 days.
    Even if I'm on Cloudflare Pro plan.

    Luckily OVH can combat Layer 7 attacks also.
    Which is really great.
     
    • Informative Informative x 1
  7. eva2000

    eva2000 Administrator Staff Member

    41,755
    9,401
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,446
    Local Time:
    8:44 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    interesting it should take up all cpu threads heh
    ouch
     
  8. pamamolf

    pamamolf Premium Member Premium Member

    3,481
    335
    83
    May 31, 2014
    Ratings:
    +642
    Local Time:
    1:44 AM
    Nginx-1.17.x
    MariaDB 10.3.x
    What's the content that you use for attack.sh and noattack.sh ?
     
  9. rdan

    rdan Well-Known Member

    4,672
    1,122
    113
    May 25, 2014
    Ratings:
    +1,664
    Local Time:
    6:44 AM
    Mainline
    10.2
    • Like Like x 2