Vddos
什么是Vddos保护?
vDDoS Protection是提供反向代理服务器HTTP(S)协议的免费软件。它充当第7层防火墙过滤器并缓解DOS,DDOS,SYN洪水或HTTP洪水攻击,以保护您的网站
特点
Reverse Proxy(反向代理)
DDoS Protection (DDoS保护)
Robot Mitigator(机器人攻击缓解器)
HTTP challenge/response (HTTP类型攻击防御)
reCaptcha Robot challenge (reCaptcha 机器人攻击)
HTTP Denial of Service tools (HTTP请求拦截工具)
Cookie challenge/response (Cookie 类型防御)
Block/Allow Country Code You Want (Status 403) (准许哪些国家可以访问,返回状态码403)
Limit the request connection coming from a single IP address (Status 503) (限制IP访问时间)
CDN Support (CloudFlare, Incapsula...) CDN支持(CloudFlare,Incapsula ......)
Whitelist for Botsearch (SEO Support, Allow Botsearch: Google, Alexa, Bing, Yahoo, Yandex, Facebook...) (SEO 搜索引擎白名单)
工作原理
vDDoS Protection is Nginx bundled with module HTTP/2; GeoIP; Limit Req, Testcookie; reCaptcha processor... Working like CloudFlare, but vDDoS is software help you build your own System Firewall.
If your site does not use protection service: (accept all queries)
If your site uses protection service: (challenge all queries)
- Human queries:
- Bad Bots queries:
vDDos 安装
vDDoS Protection only support CentOS Server 5/6/7 x86_64 (http://centos.org) & CloudLinux Server 5/6/7 x86_64 (http://cloudlinux.com)
Please go to Homepage and download vDDoS Protection version working on your system (https://github.com/duy13/vDDoS-Protection)
vDDoS Protection should be installed before installing other things (cPanel, VestaCP, LAMP, LEMP...)
yum -y install epel-release
yum -y install curl wget gc gcc gcc-c++ pcre-devel zlib-devel make wget openssl-devel libxml2-devel libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel gperftools gperftools-devel libatomic_ops-devel perl-ExtUtils-Embed gcc automake autoconf apr-util-devel gc gcc gcc-c++ pcre-devel zlib-devel make wget openssl-devel libxml2-devel libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel gperftools gperftools-devel libatomic_ops-devel perl-ExtUtils-Embed
Example: my system is CentOS 7 x86_64 install vDDoS 1.10.1 Version (only need wget a file vddos-1.10.1-centos7):
curl -L https://github.com/duy13/vDDoS-Protection/raw/master/vddos-1.10.1-centos7 -o /usr/bin/vddos
chmod 700 /usr/bin/vddos
/usr/bin/vddos help
/usr/bin/vddos setup
(This installation takes about 15 minutes or more)
vDDoS 使用介绍
Welcome to vDDoS, a HTTP(S) DDoS Protection Reverse Proxy. Thank you for using!
Command Line Usage:
vddos setup :installing vDDoS service for the first time into /vddos
vddos start :start vDDoS service
vddos stop :stop vDDoS service
vddos restart :restart vDDoS service
vddos autostart :auto-start vDDoS services on boot
vddos attack :create a DDoS attacks to HTTP target (in 30 min)
vddos stopattack :stop "vddos attack" command
vddos help :display this help
Please sure download vDDoS source from: vddos.voduy.com
如何加入自己的站点使用Vddos
Please edit your website.conf file in /vddos/conf.d
Example Edit my website.conf:
# vim /vddos/conf.d/website.conf
# Website Listen Backend Cache Security SSL-Prikey SSL-CRTkey
default http://0.0.0.0:80 http://127.0.0.1:8080 no 200 no no
your-domain.com http://0.0.0.0:80 http://127.0.0.1:8080 no 200 no no
default https://0.0.0.0:443 https://127.0.0.1:8443 no 307 /vddos/ssl/your-domain.com.pri /vddos/ssl/your-domain.com.crt
your-domain.com https://0.0.0.0:443 https://127.0.0.1:8443 no 307 /vddos/ssl/your-domain.com.pri /vddos/ssl/your-domain.com.crt
your-domain.com https://0.0.0.0:4343 https://103.28.249.200:443 yes click /vddos/ssl/your-domain.com.pri /vddos/ssl/your-domain.com.crt
"your-domain.com" is my site on my Apache backend http://127.0.0.1:8080 want to be Protection by vDDoS
"default" is option for All remaining sites
/vddos/ssl/your-domain.com.pri is SSL Private key my website
/vddos/ssl/your-domain.com.crt is SSL Public key my website
Cache:
variable: no, yes (Sets proxy cache website on vDDoS)
Security:
variable: no, 307, 200, click, 5s, high, captcha (Sets a valid for Security Level Protection)
Note Security Level: no < 307 < 200 < click < 5s < high < captcha
Restart vDDoS after saving:
# vddos restart
Set Real IP traffic from Proxy or CDN:
Please edit file cdn-ip.conf
# nano /vddos/conf.d/cdn-ip.conf
# Cloudflare
set_real_ip_from 103.21.244.0/22;
...
Deny Country or IP:
Please edit file blacklist-countrycode.conf
#nano /vddos/conf.d/blacklist-countrycode.conf
geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allowed_country {
default yes;
US yes;
CN no;
}
deny 1.1.1.1;
Allow your IP Address do not need protection & challenge:
Please edit file whitelist-botsearch.conf
# nano /vddos/conf.d/whitelist-botsearch.conf
#Alexa Bot IP Addresses
204.236.235.245; 75.101.186.145;
...
Use Mode reCaptcha:
Please edit file recaptcha-secretkey.conf & recaptcha-sitekey.conf
# nano /vddos/conf.d/recaptcha-sitekey.conf
# Website reCaptcha-sitekey (View KEY in https://www.google.com/recaptcha/admin#list)
your-domain.com 6Lcr6QkUAAAAAxxxxxxxxxxxxxxxxxxxxxxxxxxx
...
# nano /vddos/conf.d/recaptcha-secretkey.conf
DEBUG=False
RE_SECRETS = { 'your-domain.com': '6Lcr6QkUAAAAxxxxxxxxxxxxxxxxxxxxxxxxxxx',
'your-domain.org': '6LcKngoUAAAAxxxxxxxxxxxxxxxxxxxxxxxxxxx' }
(Go to https://www.google.com/recaptcha/admin#list and get your key for vDDoS)
Recommend?
-Recommend You use vDDoS with CloudFlare Free/Pro (hide your website real IP Address)
(CloudFlare is Mitigate Firewall Layer 3-4)
(vDDoS Protection is Mitigate Firewall Layer 7)
-Download vDDoS Protection packages from vDDoS HomePages
-Use this soft only for testing or demo attack!
vDDoS Protection is Simple like that!
原帖子