Add Scroogle to your search area in Firefox 2.0 Install the 'Scroogle Scraper' search plugin.

March 2011

Monthly Archive

Thu 31 Mar 2011

DDOS Attack Mitigation/Prevention on the Cheap

Posted by me under Uncategorized
1 Comment 

Maybe your website is getting DDOSd and you’d like it to stop. There are companies out there who advertise DDOS proxy services. Setup fee around $1k and about $1k/mo. Companies that do this are: blacklotus, rivalhost, gigenet, serverorigin, rivalhost and rack911.

But what do these companies *actually* do? They filter your traffic and then forward the cleaned traffic your way.

You can do the same, if you’d like, with the following:

Step 1: get a linux server somewhere, preferably in the cloud, like Rackspace.
Step 2: setup iptables to filter and forward your traffic.

*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [928:102908]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p esp -j ACCEPT
-A INPUT -p ah -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
# BEGIN FILTERING
-A INPUT -s [BADIPADDRESSRANGE] -p tcp -m state --state NEW -m tcp -j REJECT --reject-with icmp-port-unreachable
# END FILTERING
-A FORWARD -d [TARGETIP]/32 -p tcp -m tcp --dport 443 -j ACCEPT
-A FORWARD -d [TARGETIP]/32 -p tcp -m tcp --dport 80 -j ACCEPT
COMMIT
*nat
:<nobr>PREROUTING ACCEPT [2:388]
:OUTPUT ACCEPT [352:24092]
:<nobr>POSTROUTING ACCEPT [352:24092]
-A PREROUTING ! -s [TARGETIP]/32 -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination [TARGETIP]
-A PREROUTING ! -s [TARGETIP]/32 -i eth0 -p tcp -m tcp --dport 443 -j DNAT --to-destination [TARGETIP]
-A POSTROUTING -d [TARGETIP]/32 -o eth0 -p tcp -m tcp --dport 80 -j SNAT --to-source [IPOFPROXY]
-A POSTROUTING -d [TARGETIP]/32 -o eth0 -p tcp -m tcp --dport 443 -j SNAT --to-source [IPOFPROXY]
COMMIT
*mangle
:<nobr>PREROUTING ACCEPT [932:88951]
:<nobr>INPUT ACCEPT [876:85719]
:<nobr>FORWARD ACCEPT [55:2892]
:<nobr>OUTPUT ACCEPT [930:106792]
:<nobr>POSTROUTING ACCEPT [985:109684]
COMMIT

Don’t forget to disable SE Linux

echo 0 >/selinux/enforce

and don’t forget to enable ip routing:

echo 1 > /proc/sys/net/ipv4/ip_forward

or permanently:

/etc/sysctl.conf:
net.ipv4.ip_forward = 1

For reference, here’s an IP list of countries which have historically sent bad traffic: 

Bosnia and Herzegovina http://www.nirsoft.net/countryip/ba_total.html
       92.36.128.0/17
       94.250.0.0/17
       91.191.0.0/18
       89.146.128.0/18
       95.156.128.0/18
       78.28.128.0/18
       77.77.192.0/18
       213.91.64.0/18
       213.196.64.0/18
       89.111.192.0/18
       77.78.192.0/18
Bulgaria http://www.nirsoft.net/countryip/bg_total.html
       95.42.0.0/16
       87.120.0.0/16
       77.85.0.0/17
       92.247.0.0/17
       78.83.0.0/17
       94.155.0.0/17
       79.100.0.0/17
       78.90.0.0/17
       94.156.0.0/17
Croatia http://www.nirsoft.net/countryip/hr_total.html
       93.136.0.0/13
       78.0.0.0/14
       83.131.0.0/16
       193.198.0.0/16
       89.172.0.0/16
       161.53.0.0/16
       89.201.128.0/17
       89.164.128.0/17
       88.207.0.0/17
       195.29.128.0/17
       89.164.0.0/17
Egypt http://www.nirsoft.net/countryip/eg_total.html
       41.232.0.0/13
       217.52.0.0/14
       41.128.0.0/14
       41.152.0.0/15
       196.218.0.0/15
       196.204.0.0/16
       84.36.0.0/16
       163.121.0.0/16
       62.139.0.0/16
Ghana http://www.nirsoft.net/countryip/gh_total.html
       41.210.0.0/18
       41.218.192.0/18
       41.139.0.0/18
       196.44.96.0/19
       193.194.160.0/19
       196.29.96.0/19
       196.201.160.0/19
Indonesia http://www.nirsoft.net/countryip/id_total.html
       120.160.0.0/11
       114.0.0.0/12
       114.120.0.0/13
       125.160.0.0/14
       110.136.0.0/14
       114.56.0.0/14
       125.166.0.0/15
       118.136.0.0/15
       111.94.0.0/15
       118.96.0.0/15
Lithuania http://www.nirsoft.net/countryip/lt_total.html
       78.56.0.0/13
       89.116.0.0/15
       88.118.0.0/15
       88.222.0.0/15
       86.38.0.0/16
       86.100.0.0/16
       85.206.0.0/16
Malaysia http://www.nirsoft.net/countryip/my_total.html
       180.72.0.0/14
       60.48.0.0/14
       115.132.0.0/14
       121.120.0.0/13
       219.92.0.0/15
       121.122.0.0/15
       113.210.0.0/15
       118.100.0.0/15
       120.140.0.0/15
       60.52.0.0/15
       202.186.0.0/15
       202.184.0.0/15
Mauritius http://www.nirsoft.net/countryip/mu_total.html
       196.222.0.0/16
       41.136.0.0/16
       196.20.128.0/17
       41.212.128.0/17
Morocco http://www.nirsoft.net/countryip/ma_total.html
       41.140.0.0/14
       41.248.0.0/14
       81.192.0.0/16
       196.217.0.0/16
       196.206.0.0/16
       41.137.0.0/16
       212.217.0.0/17
       62.251.128.0/17
       41.214.128.0/17
Nigeria http://www.nirsoft.net/countryip/ng_total.html
       41.184.0.0/16
       82.128.0.0/17
       41.217.0.0/17
       41.155.0.0/17
       41.219.128.0/18
       41.219.192.0/18
       41.211.192.0/18
Pakistan http://www.nirsoft.net/countryip/pk_total.html
       119.152.0.0/13
       110.36.0.0/14
       59.103.0.0/16
       111.88.0.0/16
       116.71.0.0/16
       119.160.0.0/17
Romania http://www.nirsoft.net/countryip/ro_total.html
       89.32.0.0/12
       86.120.0.0/13
       79.112.0.0/13
       92.80.0.0/13
       188.208.0.0/13
Russian Federation http://www.nirsoft.net/countryip/ru_total.html
       95.24.0.0/13
       95.188.0.0/14
       85.172.0.0/14
       91.76.0.0/14
       95.52.0.0/14
       188.16.0.0/14
       94.50.0.0/15
Serbia http://www.nirsoft.net/countryip/rs_total.html
       95.180.0.0/17
       79.175.64.0/18
       91.148.64.0/18
       195.252.64.0/18
       77.105.0.0/18
       188.120.96.0/19
       95.168.64.0/19
Slovenia http://www.nirsoft.net/countryip/si_total.html
       89.142.0.0/15
       194.249.0.0/16
       93.103.0.0/16
       89.212.0.0/16
       193.2.0.0/16
       193.77.0.0/16
       88.200.0.0/17
       86.58.0.0/17
Turkey http://www.nirsoft.net/countryip/tr_total.html
       88.224.0.0/11
       78.160.0.0/11
       95.0.0.0/12
       85.96.0.0/12
       94.120.0.0/14
       81.212.0.0/14
       188.56.0.0/14
Ukraine http://www.nirsoft.net/countryip/ua_total.html
       93.72.0.0/13
       95.132.0.0/14
       77.120.0.0/14
       95.216.0.0/15
       109.86.0.0/15
       94.130.0.0/15
       94.178.0.0/15
       92.112.0.0/15
       88.154.0.0/15
 
most of Africa:
41.0.0.0/8
196.0.0.0/8

 

Tue 29 Mar 2011

hard link a directory in linux

Posted by me under Uncategorized
Add Your Comments 

linux doesn’t let you hard link a directory. you can use ln -s to symlink it though.

i had problems with vsftp with that (throwing a 550 error), so I did the functional equivalent of a hard link:

mkdir mymountpoint 
mount --bind /var/www/targetdirectory mymountpoint

 

Mon 14 Mar 2011

Check to see if apache is running, if not start it

Posted by me under Uncategorized
Add Your Comments 
[root@server~]# service httpd stop
Stopping httpd:                                            [  OK  ]
[root@server ~]# ./checkapache.sh
httpd is NOT running. starting
Starting httpd:                                            [  OK  ]
[root@server ~]# ./checkapache.sh
httpd is running
[root@server~]# cat checkapache.sh
#!/bin/bash
 
if [ -z "$(pgrep httpd)" ]
  then
     echo "httpd is NOT running. starting"
     /sbin/service httpd start
  else
     echo "httpd is running"
fi
[root@server ~]#

 

Send to a friend * Print this page * Join the club * Talk with my robot * Advertise here * Search this Site * Donate * Link to me


Web hosting by Utah Hub *  Powered by CreativeTap *  In association with Segomo
Unless otherwise noted, Copyright 2004-2013, Ryan Byrd. All Rights Reserved.
Ryan Byrd dot net -- probably the coolest site in Utah