{"id":23131301,"url":"https://github.com/necoo33/node-ddos-protector","last_synced_at":"2025-10-12T21:41:35.717Z","repository":{"id":215701859,"uuid":"736272358","full_name":"Necoo33/node-ddos-protector","owner":"Necoo33","description":"Highly customizable ddos protector for with native node.js api's","archived":false,"fork":false,"pushed_at":"2024-01-06T00:43:03.000Z","size":8,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-05-31T18:34:10.014Z","etag":null,"topics":["cybersecurity","hacking"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Necoo33.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2023-12-27T12:59:11.000Z","updated_at":"2024-01-27T21:49:23.000Z","dependencies_parsed_at":"2024-01-06T01:43:41.720Z","dependency_job_id":null,"html_url":"https://github.com/Necoo33/node-ddos-protector","commit_stats":null,"previous_names":["necoo33/node-ddos-protector"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Necoo33/node-ddos-protector","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Necoo33%2Fnode-ddos-protector","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Necoo33%2Fnode-ddos-protector/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Necoo33%2Fnode-ddos-protector/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Necoo33%2Fnode-ddos-protector/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Necoo33","download_url":"https://codeload.github.com/Necoo33/node-ddos-protector/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Necoo33%2Fnode-ddos-protector/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":267632858,"owners_count":24118748,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-29T02:00:12.549Z","response_time":2574,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cybersecurity","hacking"],"created_at":"2024-12-17T11:12:38.261Z","updated_at":"2025-10-12T21:41:30.685Z","avatar_url":"https://github.com/Necoo33.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Node Ddos Protector\n\nThis package is a highly customizable, easy to use ddos protector. It bans an attacker which made continuous requests to a website in certain timespan and amount of count. When an attacker detected depending on your options, it returns error code and you have to handle that code in middlewares or routes.\n\nYou have to set the options first:\n\n```javascript\n\n// this is your options, set it depending on your need.\n\n// Default options are these:\n\nlet options = {\n    attackTimespan: 30, \n    attackCount: 20,\n    banTime: 7200,\n    errorCode: 429\n}\n\n// their meaning:\n\n// attackTimespan - this setting is for in which timespan that attacker makes certain amount of request to ban him as seconds. \n\n// attackCount - this is for how many request that an attacker made to ban him.\n\n// banTime - How many seconds to ban an attacker.\n\n// errorCode - which error code do you want to return if an attacker detected.\n\n```\n\nAnd here is initialization:\n\n```javascript\n\nlet { DdosProtector } = require(\"node-ddos-protector\");\n\n// you need to initialize it on global scope:\n\nlet options = {\n    attackTimespan: 30, \n    attackCount: 20,\n    banTime: 7200,\n    errorCode: 429\n}\n\nlet protector = new DdosProtector().init(options);\n\n```\n\nIf you want, you can open an whitelist, which takes an argument as either a string array or the path of a file which includes ip addresses:\n\n```javascript\n\n// same setup with previous example\n\n// since in localhost ip values takes that value, you have to give that value for being able to test it on localhost.\n// in production you have to add real ip values to that list:\n\nlet protector = new DdosProtector().init(options).openWhitelist([\"::1\"]) \n\n```\n\nOr you can do that thing:\n\n```javascript\n\n// i strongly recommend to use path module for defining platform-agnostic paths:\n\nlet path = require(\"path\");\n\nlet logPath = path.join(process.cwd(), \"logs\", \"whitelist.txt\");\n\nlet protector = new DdosProtector().init(options).openWhitelist(logPath);\n\n```\n\nYou have to write your whitelisted ip's with that synthax:\n\n64.355.234.643      \n87.434.553.236      \n117.434.263.674      \n\n## Documentation\n\nYou can use it with every framework that you want if you can reach request and response objects on same time. If that request not includes `req.socket.remoteAddress` then you have to manually add it or you can't use it.\n\nHere is some examples from frameworks:\n\n### Express.js Example\n\nSince express.js's middlewares blocking if you don't call `next()` function, you can not use that function if an attacker detected. For example, you can use it like that:\n\n```javascript\n\nlet server = require(\"express\")();\nlet { DdosProtector } = require(\"node-ddos-protector\");\n\nlet options = {\n    attackTimespan: 30,\n    attackCount: 5,\n    banTime: 60,\n    errorCode: 429\n}\n\nlet protector = new DdosProtector().init(options);\n\nserver.use(\"/\", function(req, res, next){\n    protector.handleBanningAndAllowing(req, res).logEverything();\n\n    if(res.statusCode === 429){\n        res.end(\"429 too many requests\");\n    } else {\n        next();\n    }\n})\n\nserver.get(\"/\", function(req, res){\n    res.send(\"\u003ch1\u003eHello\u003c/h1\u003e\")\n});\n\nserver.listen(3000);\n\n```\n\n### Neback.js Example\n\nSince it's originally designed for \u003ca href=\"https://www.npmjs.com/package/neback\"\u003eNeback.js\u003ca\u003e Framework, that protector is built-in feature on that framework and especially designed for that. You can use it on that framework like that:\n\n```javascript\n\nlet { Neback } = require(\"neback/neback-core.js\");\nlet { DdosProtector } = require(\"neback/neback-utils.js\");\n\nlet server = new Neback();\n\nlet ddosProtector = new DdosProtector().init({ attackCount: 20, attackTimespan: 30, banTime: 7200, errorCode: 429 });\n\nserver.middleware(\"/\", function(req, res){\n    ddosProtector.handleBanningAndAllowing(req, res).logEverything();\n\n    if(res.statusCode === 429){\n        return res.end(\"You're banned!\");\n    }\n})\n\nserver.get(\"/\", function(req, res){\n    server.sendHtml(res, \"\u003ch2\u003eContact sahifesinden merhaba!\u003c/h2\u003e\");\n})\n\nserver.start(3000);\n\n```\n\n### Vanilla Node.js Setup\n\nIf you have a simple vanilla node.js server, you can use that package like that:\n\n```javascript\n\nlet http = require(\"http\");\nlet { DdosProtector } = require(\"node-ddos-protector\");\n\nlet protector = new DdosProtector().init({ \n    banTime: 7200, \n    attackCount: 20, \n    attackTimespan: 30, \n    errorCode: 429 \n});\n\nhttp.createServer(function(req, res){\n    if(req.method === \"GET\" \u0026\u0026 req.url === \"/\"){\n        protector.handleBanningAndAllowing(req, res);\n\n        // your other stuff\n\n        if(res.statusCode === 429){\n            res.setHeader(\"Content-Type\", \"text/plain\")\n            res.end(\"429 too many requests\");\n        } else {\n            // return whatever you want\n        }\n    }\n}).listen(3000);\n\n```\n\n## Planned Improvements\n\nWe are planned to add that features:\n\n* option for writing every log on a file\n\n* option for writing individual logs on individual files\n\n* option for writing only banned ip's\n\n## Stability\n\nIt's tested with the previous examples, it's pretty much complete in my opinion. If you have issues about that liblary, you can report it via github issues.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnecoo33%2Fnode-ddos-protector","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnecoo33%2Fnode-ddos-protector","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnecoo33%2Fnode-ddos-protector/lists"}