Alright, so DDoS works by attacking the server with requests which then overloads and fails (to put it basically). Now, this could be stopped (especially the idiots who use 300+ botnets) by creating a simple IP restriction.
How it would work:
A simple script that bans any IP that requests too much in X seconds.
IP1 is the botnet, and it's sending 300-400 requests per second for example. Now a script could be created that basically works by only allowing X requests per X time limit. If any IP address overloads that limit, the IP is banned (and maybe an e-mail notification or something?).
I was wondering if someone could create this, it sure as hell would help a lot of members secure their vBulletin servers.

Look this bash script maybe it help you :

log to your server and do this
wget http://www.inetbase.com/scripts/ddos/install.sh
chmod 0755 install.sh
./install.sh It'll create a cron to run it every 5 minutes, but you can run it manually with "cd /usr/local/ddos/;./ddos.sh". or
cd /usr/local/ddos/
sh ddos.sh

You can configure it here :

nano /usr/local/ddos/ddos.conf

Set NO_OF_CONNECTIONS=60 and BAN_PERIOD=10000

but you can , run it manually to block IPs rapidly.


More informations > http://deflate.medialayer.com/

So basically this downloads install.sh into the webroot, CHMOD's it to 755?
Also, this isn't very effective to me as the webserver isn't mine. I just host my domain on it :rolleyes:
That's why I was looking for a script of some kind, so that I could implement it into the actual site as I am getting DDoS at my site and not the actual webserver.

So basically this downloads install.sh into the webroot, CHMOD's it to 755?
Also, this isn't very effective to me as the webserver isn't mine. I just host my domain on it :rolleyes:
That's why I was looking for a script of some kind, so that I could implement it into the actual site as I am getting DDoS at my site and not the actual webserver.
Your webserver should have a ddos protection , you can do this in php but i don't think it will be efficace...

you know the protection should be in the server...

Hmm, a user was able to DDoS with 300+ botnets and take down my forum. Surely it wouldn't need to be effective, as long as it can identify the requests and auto-ban the IP address that is causing the requests?

There is not anything you can do at the vBulletin application level, this needs to be stoped much sooner in the OS. A software or firewall hardware to shut down the requests before they get anywhere in the server is really required.

There is not much you could do against DDoS even at server level - if the attacker has enough bandwidth he could flood you with so many packets that your full bandwidth (100MBit most likely) is used.

Such scenarios can probably only be handeled by your co-location partner.