{"id":26943807,"url":"https://github.com/malwarebo/deter","last_synced_at":"2025-04-02T17:17:29.198Z","repository":{"id":285542365,"uuid":"958400767","full_name":"malwarebo/deter","owner":"malwarebo","description":"Cloudflare DDoS Mitigation Automation","archived":false,"fork":false,"pushed_at":"2025-04-01T09:54:31.000Z","size":5790,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-01T10:32:52.371Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/malwarebo.png","metadata":{"files":{"readme":"README.MD","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-04-01T06:21:30.000Z","updated_at":"2025-04-01T09:53:32.000Z","dependencies_parsed_at":"2025-04-01T10:43:05.058Z","dependency_job_id":null,"html_url":"https://github.com/malwarebo/deter","commit_stats":null,"previous_names":["malwarebo/deter"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/malwarebo%2Fdeter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/malwarebo%2Fdeter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/malwarebo%2Fdeter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/malwarebo%2Fdeter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/malwarebo","download_url":"https://codeload.github.com/malwarebo/deter/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246856621,"owners_count":20844974,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-04-02T17:17:28.796Z","updated_at":"2025-04-02T17:17:29.192Z","avatar_url":"https://github.com/malwarebo.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Deter - Cloudflare DDoS Mitigation Automation\n\n[![Go Build](https://github.com/malwarebo/deter/actions/workflows/go-build.yml/badge.svg)](https://github.com/malwarebo/deter/actions/workflows/go-build.yml)\n\nDeter is a Go-based service that automatically responds to Cloudflare DDoS attack alerts by applying preconfigured mitigation strategies.\n\n## Overview\n\nDeter consists of two main components:\n\n1. **Deter Server**: A Go application that receives Cloudflare webhook notifications about DDoS attacks and triggers appropriate security responses.\n2. **Deter Worker**: A Cloudflare Worker that implements client-side challenges (e.g., proof-of-work) during active attacks.\n\nTogether, these components create a defense system that can:\n\n- Automatically detect DDoS attacks via Cloudflare webhooks\n- Apply appropriate security measures when attacks begin\n- Scale back security measures when attacks end\n- Apply client-side challenges to suspected malicious users\n\n## Architecture\n\n```\n┌───────────────┐    Webhook    ┌─────────────────┐    API     ┌───────────────┐\n│   Cloudflare  │ ────────────\u003e │  Deter Server   │ ─────────\u003e │   Cloudflare  │\n│               │ \u003c───────────  │                 │ \u003c───────── │   API         │\n└───────────────┘  HTTP 200 OK  └─────────────────┘            └───────────────┘\n                                        │\n                                        │ KV Write\n                                        ▼\n                                ┌─────────────────┐\n                                │  KV Namespace   │\n                                └─────────────────┘\n                                        │\n                                        │ KV Read\n                                        ▼\n┌───────────────┐     HTTP      ┌─────────────────┐\n│    Browser    │ \u003c────────────\u003e│  Deter Worker   │\n└───────────────┘                └─────────────────┘\n```\n\n## Features\n\n- Webhook signature verification for security\n- Automatic \"Under Attack Mode\" activation during attacks\n- KV-based signaling between server and worker\n- Configurable security levels and mitigations\n- Client-side proof-of-work challenges via Workers\n- Graceful shutdown for the server\n\n## Setup and Configuration\n\n### Server Requirements\n\n- Go 1.18 or higher\n- Cloudflare API Token with appropriate permissions\n- Cloudflare Webhook endpoint configured\n\n### Configuration (Environment Variables)\n\n| Variable | Description | Required |\n|----------|-------------|----------|\n| `CF_WEBHOOK_SECRET` | Secret for verifying webhook signatures | Yes |\n| `CF_API_TOKEN` | Cloudflare API token | Yes |\n| `CF_ACCOUNT_ID` | Cloudflare account ID | Yes |\n| `TARGET_ZONE_ID` | Zone ID to protect | Yes |\n| `KV_NAMESPACE_ID` | KV namespace for state sharing | Yes |\n| `LISTEN_ADDR` | Server listen address (default: `:8080`) | No |\n| `DEFAULT_SEC_LEVEL` | Default security level (default: `medium`) | No |\n| `KV_KEY_PREFIX` | Prefix for KV keys (default: `attack_status_zone_`) | No |\n| `WEBHOOK_TIMEOUT_SECONDS` | Webhook processing timeout (default: `30`) | No |\n\n### Worker Setup\n\n1. Copy the worker code to your Cloudflare Worker\n2. Configure `wrangler.toml` with your account/zone details\n3. Create a KV namespace and update your worker configuration\n\n## Running the Server\n\n```bash\n# Build the server\ngo build -o deter-server ./cmd/deter-server\n\n# Run with environment variables set\nexport CF_WEBHOOK_SECRET=\"your-webhook-secret\"\nexport CF_API_TOKEN=\"your-cf-api-token\" \nexport CF_ACCOUNT_ID=\"your-account-id\"\nexport TARGET_ZONE_ID=\"your-zone-id\"\nexport KV_NAMESPACE_ID=\"your-kv-namespace-id\"\n./deter-server\n```\n\n## API Reference\n\n### Webhook Endpoint\n\n**POST** `/cloudflare-webhook`\n\nThis endpoint receives DDoS event notifications from Cloudflare. Headers must include a valid `Cf-Webhook-Signature` for verification.\n\n## Security Considerations\n\n- Always use webhook signature verification in production\n- Configure appropriate Cloudflare API token permissions\n- Consider implementing timestamp validation to prevent replay attacks\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmalwarebo%2Fdeter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmalwarebo%2Fdeter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmalwarebo%2Fdeter/lists"}