FernandoMarcelo.com

I really like DDos-Deflate and have it installed on almost all servers that i run. The issue, is that sometimes it bans your clients, even when they don’t have a high number of connections or are not doing something wrong.

So, i am going to show how i install and do a simple modification to avoid this problem.

1. Download and install:

wget http://www.inetbase.com/scripts/ddos/install.sh

chmod 0700 install.sh

/install.sh

2. Configuring

Change your settings by editing file /usr/local/ddos/ddos.conf. I usually only change my email and the number of connections.

Because of the changes that we are going to make on step 3, a good number of connections is between 40 and 50, and not 150.

3. Changing a few things

Now, edit file /usr/local/ddos/ddos.sh and find this line:

netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -nr > $BAD_IP_LIST

Change it to:

netstat -ntu | grep ESTAB | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -nr > $BAD_IP_LIST

And save the file.

4. Conclusion

The issue with ddos deflate banning your client’s IP is because it gets all connections on netstat and sometimes, if your client is accessing different services like web, mail and ftp server within a short period of time, it will ban his IP because of TIME_WAIT connections.

By applying the change that i mentioned, you are only checking for established connections.

From my experience, a user will rarely have more than 10 established connections to the server. So if an IP is getting more than 40 connections, he is probably doing something wrong

FATAL: Could not load /lib/modules/2.6.26-2-openvz-amd64/modules.dep: No such file or directory
I had this problem when running Debian on a OpenVZ VE, more exactly when trying to start APF. This problem also happens with other firewalls that use iptables.

The fix is pretty simple. On your HN, edit file /etc/vz/conf/{$VEID}.conf ( or /etc/vz/vz.conf if you want for all VE ) and add the following line:

IPTABLES=”ip_tables iptable_filter iptable_mangle ip_conntrack ip_conntrack_irc ip_conntrack_ftp ipt_state ipt_multiport ipt_limit  ipt_LOG ipt_REJECT ipt_length ipt_multiport ipt_owner ipt_state ipt_ttl ipt_TOS ipt_TCPMSS”

This should be on one line, you shouldn’t have line breaks on it. Save the file and restart the VE.

Now, enter on the VE and run:

depmod -a

If you get problems about directory /lib/modules/2.6.26-2-openvz-amd64/ missing, just create it with:

mkdir /lib/modules/2.6.26-2-openvz-amd64/

And run depmod -a again.

Done, you should not get more iptables problems.

Sorry about the low quality picture. I used my IPhone, so the camera is just 2 megapixels.

That’s where i stay most of my time during work and non-work hours. It is a good place to work and using 3 monitors improves my productivity.

I have two 19″ widescreen monitor with  one of them used in vertical position. That’s were my favorite editor ( Kate ) always stand.

And, at the middle, there is a 22″ widescreen monitor.

Hardware

There is a Dell PowerEdge SC440 and a custom built computer ( C2D E8500, 4GB of RAM and 750GB of Harddisk ). Oh yes, i almost forgot. You can also see my Macbook on the right.

Operational System

My Server and PC runs Debian GNU/Linux and my Macbook is running Mac Os X - Leopard.

That’s it! I have been working for quite a while as a freelance programmer and thought it was time to set up a website where i can show my work  ( and hopefully get more ).

I own fernandomarcelo.com for 2 years but never had a website on it, just using for email. I will try to keep this updated as much as i can.