https://github.com/m1chtv/mich-ddos-defense
secure your Ubuntu server against DDoS attacks
https://github.com/m1chtv/mich-ddos-defense
bash bash-script ddos ddos-defense ddos-protection
Last synced: about 1 month ago
JSON representation
secure your Ubuntu server against DDoS attacks
- Host: GitHub
- URL: https://github.com/m1chtv/mich-ddos-defense
- Owner: m1chtv
- License: gpl-3.0
- Created: 2025-08-09T00:58:23.000Z (2 months ago)
- Default Branch: main
- Last Pushed: 2025-08-09T00:59:58.000Z (2 months ago)
- Last Synced: 2025-08-09T02:39:35.610Z (2 months ago)
- Topics: bash, bash-script, ddos, ddos-defense, ddos-protection
- Language: Shell
- Homepage: https://m1ch.ir/
- Size: 17.6 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# ๐ก๏ธ Advanced DDoS Defense Script
A production-grade, systemd-compatible, error-handled Bash script to secure your Ubuntu server against DDoS attacks using multiple hardened layers: `iptables`, `ufw`, `nginx`, and `fail2ban`.
---
## โ๏ธ Features
- ๐ TCP/UDP port protection via `iptables`
- ๐ HTTP rate-limiting via `nginx` with `limit_req_zone`
- ๐ SSH & HTTP brute-force protection via `fail2ban`
- ๐ Fully restart-safe: persistent firewall rules via `iptables-persistent`
- ๐ง Intelligent error handling with full output tracing
- ๐ซ Built-in `reset` command to remove all protections
- โก Systemd-ready: no TTY dependencies or interactive blocking
---
## ๐ฆ What It Does
| Layer | Protection Type |
|---------------|---------------------------------------|
| iptables | SYN flood, UDP spam, connection limit |
| ufw | Global firewall rule hardening |
| nginx | HTTP request rate throttling (1 r/s) |
| fail2ban | Auto-ban on failed logins / flooding |
| persistent | All iptables rules survive reboots |
---
## ๐งช Usage Menu
When run, the script prompts you to choose:
1. Apply iptables Protection
2. Apply UFW Firewall Hardening
3. Enable Nginx HTTP Rate Limiting
4. Setup fail2ban
5. Apply ALL protections
6. Reset everything
---
## ๐ง Notes
- Compatible with Ubuntu 18.04+
- Assumes Nginx is installed and active
- `iptables-persistent` is installed automatically
- Port is prompted only for actions 1โ5
- Reset fully cleans up all firewall and rate-limiting rules
---
## ๐งฏ Reset Option
Option 6 allows a clean rollback:
- Flushes all iptables rules
- Disables and resets UFW
- Removes Nginx rate-limit config
- Stops `fail2ban`