{"id":13539550,"url":"https://github.com/jgmdev/ddos-deflate","last_synced_at":"2025-04-12T18:43:29.562Z","repository":{"id":25511425,"uuid":"28943005","full_name":"jgmdev/ddos-deflate","owner":"jgmdev","description":"Fork of DDoS Deflate with fixes, improvements and new features.","archived":false,"fork":false,"pushed_at":"2021-10-14T18:59:01.000Z","size":170,"stargazers_count":799,"open_issues_count":19,"forks_count":265,"subscribers_count":69,"default_branch":"master","last_synced_at":"2025-04-03T21:11:39.470Z","etag":null,"topics":["attacks","blocking","daemon","ddos","dos","ipv4","ipv6","shell"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jgmdev.png","metadata":{"files":{"readme":"README.md","changelog":"ChangeLog","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-01-08T01:36:10.000Z","updated_at":"2025-04-02T16:01:29.000Z","dependencies_parsed_at":"2022-07-26T09:45:04.739Z","dependency_job_id":null,"html_url":"https://github.com/jgmdev/ddos-deflate","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jgmdev%2Fddos-deflate","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jgmdev%2Fddos-deflate/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jgmdev%2Fddos-deflate/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jgmdev%2Fddos-deflate/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jgmdev","download_url":"https://codeload.github.com/jgmdev/ddos-deflate/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248617130,"owners_count":21134190,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["attacks","blocking","daemon","ddos","dos","ipv4","ipv6","shell"],"created_at":"2024-08-01T09:01:27.717Z","updated_at":"2025-04-12T18:43:29.515Z","avatar_url":"https://github.com/jgmdev.png","language":"Shell","funding_links":[],"categories":["Shell","\u003ca id=\"1233584261c0cd5224b6e90a98cc9a94\"\u003e\u003c/a\u003e渗透\u0026\u0026offensive\u0026\u0026渗透框架\u0026\u0026后渗透框架","\u003ca id=\"5dd93fbc2f2ebc8d98672b2d95782af3\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"a0897294e74a0863ea8b83d11994fad6\"\u003e\u003c/a\u003eDDOS"],"readme":"# DDoS Deflate\nFork of DDoS Deflate on now inexistent http://deflate.medialayer.com/\n([MediaLayer went out of business](http://www.webhostingtalk.com/showthread.php?t=1494121\u0026highlight=medialayer))\nwith fixes, improvements and new features.\n\n**Original Author:** Zaf \u003czaf@vsnl.com\u003e (Copyright (C) 2005)\n\n**Maintainer:** Jefferson González \u003cjgmdev@gmail.com\u003e\n\n**Contributor (BSD support):** Marc S. Brooks \u003cdevel@mbrooks.info\u003e\n\n## About\n\n(D)DoS Deflate is a lightweight bash shell script designed to assist in\nthe process of blocking a denial of service attack. It utilizes the\ncommand below to create a list of IP addresses connected to the server,\nalong with their total number of connections. It is one of the simplest\nand easiest to install solutions at the software level.\n\nss -Hntu | awk '{print $6}' | sort | uniq -c | sort -nr\n\nIP addresses with over a pre-configured number of connections are\nautomatically blocked in the server's firewall, which can be direct\nipfw, iptables, or Advanced Policy Firewall (APF).\n\n### Notable Features\n\n* IPv6 support.\n* It is possible to whitelist IP addresses, via /etc/ddos/ignore.ip.list.\n* It is possible to whitelist hostnames, via /etc/ddos/ignore.host.list.\n* IP ranges and CIDR syntax is supported on /etc/ddos/ignore.ip.list\n* Simple configuration file: /etc/ddos/ddos.conf\n* IP addresses are automatically unblocked after a preconfigured time limit (default: 600 seconds)\n* The script can run as a cron job at chosen frequency via the configuration file (default: 1 minute)\n* The script can run as a daemon at chosen frequency via the configuration file (default: 5 seconds)\n* You can receive email alerts when IP addresses are blocked.\n* Control blocking by connection state (see man ss or man nestat).\n* Auto-detection of firewall.\n* Support for APF, CSF, ipfw, and iptables.\n* Logs events to /var/log/ddos.log\n* Can ban only incoming connections or by specific port rules.\n* Option to reduce transfer speed for IP addresses that reach certain limit using iftop and tc.\n* Uses tcpkill to reduce the amount of processes opened by attackers.\n* Cloudflare support by using tcpdump to get the real user ip and using iptables string matching to drop connections.\n\n## Dependencies\n\nThe installation script has some support to automatically install the required dependencies but, it may fail to install some or all of them. You may want to manually install the required dependencies before proceeding to installation as listed below on the subsection of your linux distro.\n\n## Ubuntu/Debian\n```shell\nsudo apt install dnsutils\nsudo apt-get install net-tools\nsudo apt-get install tcpdump\nsudo apt-get install dsniff -y\nsudo apt install grepcidr\n```\n## Installation\n\nAs root user execute the following commands:\n\n```shell\nwget https://github.com/jgmdev/ddos-deflate/archive/master.zip -O ddos.zip\nunzip ddos.zip\ncd ddos-deflate-master\n./install.sh\n```\n\n## Uninstallation\n\nAs root user execute the following commands:\n\n```shell\ncd ddos-deflate-master\n./uninstall.sh\n```\n\n## Usage\n\nThe installer will automatically detect if your system supports\ninit.d scripts, systemd services or cron jobs. If one of them is found\nit will install apropiate files and start the ddos script. In the\ncase of init.d and systemd the ddos script is started as a daemon,\nwhich monitoring interval is set at 5 seconds by default. The daemon\nis much faster detecting attacks than the cron job since cron's are\ncapped at 1 minute intervals.\n\nOnce you hava (D)Dos deflate installed proceed to modify the config\nfiles to fit your needs.\n\n**/etc/ddos/ignore.host.list**\n\nOn this file you can add a list of host names to be whitelisted, for\nexample:\n\n\u003e googlebot.com \u003cbr /\u003e\n\u003e my-dynamic-ip.somehost.com\n\n**/etc/ddos/ignore.ip.list**\n\nOn this file you can add a list of ip addresses to be whitelisted, for\nexample:\n\n\u003e 12.43.63.13 \u003cbr /\u003e\n\u003e 165.123.34.43-165.123.34.100 \u003cbr /\u003e\n\u003e 192.168.1.0/24 \u003cbr /\u003e\n\u003e 129.134.131.2\n\n**/etc/ddos/ddos.conf**\n\nThe behaviour of the ddos script is modified by this configuration file.\nFor more details see **man ddos** which has documentation of the\ndifferent configuration options.\n\nAfter you modify the config files you will need to restart the daemon.\nIf running on systemd:\n\n\u003e systemctl restart ddos\n\nIf running as classical init.d script:\n\n\u003e /etc/init.d/ddos restart \u003cbr /\u003e\n\u003e or \u003cbr /\u003e\n\u003e service ddos restart\n\nWhen running the script as a cronjob no restarting is required.\n\n## CLI Usage\n\n**ddos** [OPTIONS] [N]\n\n*N : number of tcp/udp  connections (default 150)*\n\n#### OPTIONS\n\n**-h | --help:**\n\n   Show the help screen.\n\n**-c | --cron:**\n\n   Create cron job to run the script regularly (default 1 mins).\n\n**-i | --ignore-list:**\n\n   List whitelisted ip addresses.\n\n**-b | --bans-list:**\n\n   List currently banned ip addresses.\n\n**-u | --unban:**\n\n   Unbans a given ip address.\n\n**-d | --start:**\n\n   Initialize a daemon to monitor connections.\n\n**-s | --stop:**\n\n   Stop the daemon.\n\n**-t | --status:**\n\n   Show status of daemon and pid if currently running.\n\n**-v[4|6] | --view [4|6]:**\n\n   Display active connections to the server.\n\n**-y[4|6] | --view-port [4|6]:**\n\n   Display active connections to the server including the port.\n\n**-k | --kill:**\n\n   Block all ip addresses making more than N connections.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjgmdev%2Fddos-deflate","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjgmdev%2Fddos-deflate","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjgmdev%2Fddos-deflate/lists"}