[ANTIDDOS] for Hosting Panel by vDDoS Proxy Protection

duy13

New Member
ANTIDDOS for WHM/cPanel

vddos-whm-cpanel.png

STEP 1: Install WHM/cPanel
Code:
cd /home && curl -o latest -L https://securedownloads.cpanel.net/latest && sh latest
More documentation:
https://documentation.cpanel.net/display/68Docs/Installation+Guide



STEP 2: Install vDDoS Proxy Protection
vDDoS Proxy Protection is free software to provide a Reverse Proxy Server HTTP(S) protocols. It act as a Layer 7 Firewall Filter & Mitigate DOS, DDOS, SYN Floods, or HTTP Floods attack to protect your website.

Code:
curl -L https://github.com/duy13/vDDoS-Protection/raw/master/latest.sh -o latest.sh
chmod 700 latest.sh
bash latest.sh


STEP 3: Change the Apache SSL port and Apache non-SSL IP/port
Tweak settings >> Search: Apache SSL port and Apache non-SSL IP/port
More documentation:
https://documentation.cpanel.net/display/1144Docs/Tweak+Settings+-+System#TweakSettings-System-Apachenon-SSLIP/port

Apache non-SSL IP/port
0.0.0.0:80 default >> Change to: 0.0.0.0:8080

Apache SSL port
0.0.0.0:443 default >> Change to: 0.0.0.0:8443

Change-the-Apache-SSL-port-and-Apache-non-SSL-IPport-for-vDDoS-Proxy-Protection.png

Save and Re-Check Apache port:
Code:
[[email protected] ~]# netstat -lntup|grep httpd
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      993/httpd
tcp        0      0 0.0.0.0:8443            0.0.0.0:*               LISTEN      993/httpd
tcp6       0      0 :::8080                 :::*                    LISTEN      993/httpd
tcp6       0      0 :::8443                 :::*                    LISTEN      993/httpd

STEP 4: Config vDDoS Proxy Protection

For example, the IP Addr of your server is 1.2.3.4:

Code:
nano /vddos/conf.d/website.conf

# Website       Listen               Backend                  Cache Security SSL-Prikey   SSL-CRTkey
default         http://0.0.0.0:80    http://1.2.3.4:8080    no    no      no           no
default         https://0.0.0.0:443  https://1.2.3.4:8443   no    no      /vddos/ssl/your-domain.com.pri /vddos/ssl/your-domain.com.crt
Restart vDDoS service after you have configured:
Code:
/usr/bin/vddos restart
Auto-start vDDoS services on boot:
Code:
/usr/bin/vddos autostart



STEP 5: Config vDDoS Auto Add
vDDoS Auto Add is a addon support for vDDoS Proxy Protection - Monitor Domains/Aliasdomains/Subdomains in Panel Hosting, Web Server, List Domain, Virtual Host... and automatically add them into the website.conf file.

Code:
nano /vddos/auto-add/setting.conf

Default Setting for vddos-add command:

SSL        Auto
Cache        no
Security    no
HTTP_Listen    http://0.0.0.0:80
HTTPS_Listen    https://0.0.0.0:443
HTTP_Backend    http://1.2.3.4:8080
HTTPS_Backend    https://1.2.3.4:8443
Set Crontab:
Code:
echo '*/15 * * * * root /usr/bin/vddos-autoadd panel cpanel apache' >> /etc/crontab



STEP 5: Config vDDoS Auto Switch
vDDoS Auto Switch is a addon support for vDDoS Proxy Protection - Automatically identifies overloaded websites and changes their Security Mode.

Code:
echo '*/5 * * * * root /usr/bin/vddos-autoswitch checkalldomain high' >> /etc/crontab
echo '0 */3 * * * root /usr/bin/vddos-autoswitch flushalldomain /vddos/conf.d/website.conf no' >> /etc/crontab
More documentation:
http://vddos.voduy.com/
https://vpsboard.com/threads/install-vddos-proxy-protection-antiddos-dos-syn-floods-http-floods-attack.9620/
 

duy13

New Member
ANTIDDOS for Plesk Onyx

vddos-plesk.png


STEP 1: Install Plesk
Code:
wget https://autoinstall.plesk.com/plesk-installer
chmod +x ./plesk-installer
env PLESK_INSTALLER_SKIP_FIREWALLD=1
./plesk-installer --web-interface

More documentation:
https://docs.plesk.com/en-US/onyx/deployment-guide/plesk-installation-and-upgrade-on-single-server/installing-plesk-using-installer-gui/installing-plesk-for-linux-using-installer-gui.76446/

STEP 2: Install vDDoS Proxy Protection
vDDoS Proxy Protection is free software to provide a Reverse Proxy Server HTTP(S) protocols. It act as a Layer 7 Firewall Filter & Mitigate DOS, DDOS, SYN Floods, or HTTP Floods attack to protect your website.

Code:
curl -L https://github.com/duy13/vDDoS-Protection/raw/master/latest.sh -o latest.sh
chmod 700 latest.sh
bash latest.sh


STEP 3: Stop Nginx Proxy Server
Code:
service nginx stop
chkconfig nginx off
Re-Check Apache port:
Code:
[[email protected] ~]# netstat -lntup|grep httpd
tcp6       0      0 :::7080                 :::*                    LISTEN      7261/httpd
tcp6       0      0 :::7081                 :::*                    LISTEN      7261/httpd


STEP 4: Config vDDoS Proxy Protection

For example, the IP Addr of your server is 1.2.3.4:

Code:
nano /vddos/conf.d/website.conf

# Website       Listen               Backend                  Cache Security SSL-Prikey   SSL-CRTkey
default         http://0.0.0.0:80    http://1.2.3.4:7080    no    no      no           no
default         https://0.0.0.0:443  https://1.2.3.4:7081   no    no      /vddos/ssl/your-domain.com.pri /vddos/ssl/your-domain.com.crt
Restart vDDoS service after you have configured:
Code:
/usr/bin/vddos restart
Auto-start vDDoS services on boot:
Code:
/usr/bin/vddos autostart



STEP 5: Config vDDoS Auto Add
vDDoS Auto Add is a addon support for vDDoS Proxy Protection - Monitor Domains/Aliasdomains/Subdomains in Panel Hosting, Web Server, List Domain, Virtual Host... and automatically add them into the website.conf file.

Code:
nano /vddos/auto-add/setting.conf

Default Setting for vddos-add command:

SSL        Auto
Cache        no
Security    no
HTTP_Listen    http://0.0.0.0:80
HTTPS_Listen    https://0.0.0.0:443
HTTP_Backend    http://1.2.3.4:7080
HTTPS_Backend    https://1.2.3.4:7081
Set Crontab:
Code:
echo '*/15 * * * * root /usr/bin/vddos-autoadd panel plesk apache' >> /etc/crontab


STEP 5: Config vDDoS Auto Switch
vDDoS Auto Switch is a addon support for vDDoS Proxy Protection - Automatically identifies overloaded websites and changes their Security Mode.

Code:
echo '*/5 * * * * root /usr/bin/vddos-autoswitch checkalldomain high' >> /etc/crontab
echo '0 */3 * * * root /usr/bin/vddos-autoswitch flushalldomain /vddos/conf.d/website.conf no' >> /etc/crontab
 

duy13

New Member
ANTIDDOS for DirectAdmin

vddos-directadmin.png


STEP 1: Install DirectAdmin
Code:
wget http://www.directadmin.com/setup.sh
chmod 755 setup.sh
./setup.sh

More documentation:
https://www.directadmin.com/installguide.php

STEP 2: Install vDDoS Proxy Protection
vDDoS Proxy Protection is free software to provide a Reverse Proxy Server HTTP(S) protocols. It act as a Layer 7 Firewall Filter & Mitigate DOS, DDOS, SYN Floods, or HTTP Floods attack to protect your website.

Code:
curl -L https://github.com/duy13/vDDoS-Protection/raw/master/latest.sh -o latest.sh
chmod 700 latest.sh
bash latest.sh


STEP 3: Change Apache Default Port

Code:
echo 'port_80=8080' >> /usr/local/directadmin/data/templates/directadmin.conf
echo 'port_443=8443' >> /usr/local/directadmin/data/templates/directadmin.conf
echo 'port_80=8080' >> /usr/local/directadmin/conf/directadmin.conf
echo 'port_443=8443' >> /usr/local/directadmin/conf/directadmin.conf
To issue a rewrite of the configs, type:
Code:
cd /usr/local/directadmin/custombuild
./build rewrite_confs
More documentation:
https://www.directadmin.com/features.php?id=1238

Re-Check Apache port:
Code:
[[email protected] ~]# netstat -lntup|grep httpd
tcp6       0      0 :::8080                 :::*                    LISTEN      2404/httpd
tcp6       0      0 :::8443                 :::*                    LISTEN      2404/httpd


STEP 4: Config vDDoS Proxy Protection

For example, the IP Addr of your server is 1.2.3.4:

Code:
nano /vddos/conf.d/website.conf

# Website       Listen               Backend                  Cache Security SSL-Prikey   SSL-CRTkey
default         http://0.0.0.0:80    http://1.2.3.4:8080    no    no      no           no
default         https://0.0.0.0:443  https://1.2.3.4:8443   no    no      /vddos/ssl/your-domain.com.pri /vddos/ssl/your-domain.com.crt
Restart vDDoS service after you have configured:
Code:
/usr/bin/vddos restart
Auto-start vDDoS services on boot:
Code:
/usr/bin/vddos autostart



STEP 5: Config vDDoS Auto Add
vDDoS Auto Add is a addon support for vDDoS Proxy Protection - Monitor Domains/Aliasdomains/Subdomains in Panel Hosting, Web Server, List Domain, Virtual Host... and automatically add them into the website.conf file.

Code:
nano /vddos/auto-add/setting.conf

Default Setting for vddos-add command:

SSL        Auto
Cache        no
Security    no
HTTP_Listen    http://0.0.0.0:80
HTTPS_Listen    https://0.0.0.0:443
HTTP_Backend    http://1.2.3.4:8080
HTTPS_Backend    https://1.2.3.4:8443
Set Crontab:
Code:
echo '*/15 * * * * root /usr/bin/vddos-autoadd panel directadmin apache' >> /etc/crontab


STEP 5: Config vDDoS Auto Switch
vDDoS Auto Switch is a addon support for vDDoS Proxy Protection - Automatically identifies overloaded websites and changes their Security Mode.

Code:
echo '*/5 * * * * root /usr/bin/vddos-autoswitch checkalldomain high' >> /etc/crontab
echo '0 */3 * * * root /usr/bin/vddos-autoswitch flushalldomain /vddos/conf.d/website.conf no' >> /etc/crontab
 

duy13

New Member
ANTIDDOS for CWP Panel

vddos-cwpanel.png


STEP 1: Install CWP Panel
Code:
cd /usr/local/src
wget http://centos-webpanel.com/cwp-el7-latest
sh cwp-el7-latest
More documentation:
http://centos-webpanel.com/cwp-installation

STEP 2: Install vDDoS Proxy Protection
vDDoS Proxy Protection is free software to provide a Reverse Proxy Server HTTP(S) protocols. It act as a Filter & Mitigate DOS, DDOS, SYN Floods, or HTTP Floods attack to protect your website.

Code:
curl -L https://github.com/duy13/vDDoS-Protection/raw/master/latest.sh -o latest.sh
chmod 700 latest.sh
bash latest.sh


STEP 3: Change Apache Default Port

By default, CWP uses Apache alone and runs on port 80, 443. We can use the function: Setup default Web Servers at Apache Settings >> Select WebServer

vddos-CWP.png

Change it into: Apache & Varnish Cache & Nginx Reverse Proxy or Apache & Nginx Reverse Proxy, So Apache will be listened to at another port is 8181 and 8443; to facilitate our proxying.


Click Save and Re-check Apache port:

Code:
[[email protected] Panel ~]# netstat -lntup|grep httpd; netstat -lntup|grep nginx; netstat -lntup|grep varnishd
tcp6       0      0 :::8181         :::*                    LISTEN      1304/httpd
tcp6       0      0 :::8443         :::*                    LISTEN      1304/httpd
tcp        0      0 1.2.3.4:80      0.0.0.0:*               LISTEN      5481/nginx: master
tcp        0      0 1.2.3.4:443     0.0.0.0:*               LISTEN      5481/nginx: master
tcp        0      0 127.0.0.1:6082  0.0.0.0:*               LISTEN      1418/varnishd
tcp        0      0 0.0.0.0:82      0.0.0.0:*               LISTEN      1418/varnishd
tcp6       0      0 :::82           :::*                    LISTEN      1418/varnishd

It can be seen that Nginx listened at 80 and 443, then it proxyed to port 82 of Varnish cache server then Varnish continued forwarding traffic to Apache at port 8181.
So you can stop Nginx and replacing it with vDDoS, Reverse Proxy for vDDoS to any port of Apache or Varnish (With Varnish you will be cached and reach faster speeds)


Code:
service nginx stop
chkconfig nginx off
STEP 4: Config vDDoS Proxy Protection

The following example assumes the IP address of the server you are 1.2.3.4:

Code:
nano /vddos/conf.d/website.conf

# Website       Listen               Backend                  Cache Security SSL-Prikey   SSL-CRTkey
default         http://0.0.0.0:80    http://1.2.3.4:8181    no    no      no           no
default         https://0.0.0.0:443  http://1.2.3.4:8181   no    no      /vddos/ssl/your-domain.com.pri /vddos/ssl/your-domain.com.crt

Configuration like the above you will use directly from vDDoS reverse proxy to Apache port, If you want to use port of Varnish cache server then you can configure as follows:

Code:
nano /vddos/conf.d/website.conf

# Website       Listen               Backend                  Cache Security SSL-Prikey   SSL-CRTkey
default         http://0.0.0.0:80    http://1.2.3.4:82    no    no      no           no
default         https://0.0.0.0:443  http://1.2.3.4:82   no    no      /vddos/ssl/your-domain.com.pri /vddos/ssl/your-domain.com.crt

Restart vDDoS service after you have configured:
Code:
/usr/bin/vddos restart
Auto-start vDDoS services on boot:
Code:
/usr/bin/vddos autostart



STEP 5: Config vDDoS Auto Add
vDDoS Auto Add is a addon support for vDDoS Proxy Protection - Monitor Domains/Aliasdomains/Subdomains in Panel Hosting, Web Server, List Domain, Virtual Host... and automatically add them into the website.conf file.

Code:
nano /vddos/auto-add/setting.conf

Default Setting for vddos-add command:

SSL        Auto
Cache        no
Security    no
HTTP_Listen    http://0.0.0.0:80
HTTPS_Listen    https://0.0.0.0:443
HTTP_Backend    http://1.2.3.4:82
HTTPS_Backend    http://1.2.3.4:82
Crontab CWP Panel:
Code:
echo '*/25 * * * * root /usr/bin/vddos-autoadd panel cwp apache' >> /etc/crontab


STEP 6: Config vDDoS Auto Switch
vDDoS Auto Switch is a addon support for vDDoS Proxy Protection - Automatically identifies overloaded websites and changes their Security Mode.

Code:
echo '*/6 * * * * root /usr/bin/vddos-autoswitch checkalldomain high' >> /etc/crontab
echo '0 */3 * * * root /usr/bin/vddos-autoswitch flushalldomain /vddos/conf.d/website.conf no' >> /etc/crontab
 

duy13

New Member
ANTIDDOS for VestaCP

vestasrologo.png

STEP 1: Install VestaCP
Code:
curl -O http://vestacp.com/pub/vst-install.sh
bash vst-install.sh
More documentation:
https://vestacp.com/install/


STEP 2: Install vDDoS Proxy Protection
vDDoS Proxy Protection is free software to provide a Reverse Proxy Server HTTP(S) protocols. It act as a Filter & Mitigate DOS, DDOS, SYN Floods, or HTTP Floods attack to protect your website.

Code:
curl -L https://github.com/duy13/vDDoS-Protection/raw/master/latest.sh -o latest.sh
chmod 700 latest.sh
bash latest.sh


STEP 3: Change Apache Default Port

By default, VestaCP uses Apache or Nginx running on port 80, 443 (or "Nginx Proxy Apache" will be the same). We can reconfigure these Web servers to listen on a different port so that vDDoS can reverse proxy to them.

More documentation:
https://vestacp.com/docs/#how-to-remove-nginx-rhel-centos

For example, we changed Apache to port 8080 and 8443:

Code:
cp /usr/local/vesta/conf/vesta.conf /usr/local/vesta/conf/vesta.conf.bak
nano /usr/local/vesta/conf/vesta.conf

WEB_SYSTEM='httpd'
WEB_RGROUPS='apache'
WEB_PORT='8080'
WEB_SSL_PORT='8443'
WEB_SSL='mod_ssl'
STATS_SYSTEM='webalizer,awstats'
FTP_SYSTEM='vsftpd'
DNS_SYSTEM='named'
MAIL_SYSTEM='exim'
IMAP_SYSTEM='dovecot'
CRON_SYSTEM='crond'
FIREWALL_SYSTEM='iptables'
DISK_QUOTA='yes'
BACKUP_SYSTEM='local'
LANGUAGE='en'
VERSION='0.9.8'
DB_SYSTEM='mysql'
SOFTACULOUS='yes'
Save & Rebuild vhost configs:

Code:
for user in $(v-list-sys-users plain); do v-rebuild-web-domains $user; done
Re-check Apache port:

Code:
[[email protected] ~]# netstat -lntup|grep httpd
tcp        0      0 1.2.3.4:8443      0.0.0.0:*               LISTEN      879/httpd
tcp        0      0 1.2.3.4:8080      0.0.0.0:*               LISTEN      879/httpd
STEP 4: Config vDDoS Proxy Protection

The following example assumes the IP address of the server you are 1.2.3.4:

Code:
nano /vddos/conf.d/website.conf

# Website       Listen               Backend                  Cache Security SSL-Prikey   SSL-CRTkey
default         http://0.0.0.0:80    http://1.2.3.4:8080    no    no      no           no
default         https://0.0.0.0:443  https://1.2.3.4:8443   no    no      /vddos/ssl/your-domain.com.pri /vddos/ssl/your-domain.com.crt
Restart vDDoS service after you have configured:
Code:
/usr/bin/vddos restart
Auto-start vDDoS services on boot:
Code:
/usr/bin/vddos autostart



STEP 5: Config vDDoS Auto Add
vDDoS Auto Add is a addon support for vDDoS Proxy Protection - Monitor Domains/Aliasdomains/Subdomains in Panel Hosting, Web Server, List Domain, Virtual Host... and automatically add them into the website.conf file.

Code:
nano /vddos/auto-add/setting.conf

Default Setting for vddos-add command:

SSL        Auto
Cache        no
Security    no
HTTP_Listen    http://0.0.0.0:80
HTTPS_Listen    https://0.0.0.0:443
HTTP_Backend    http://1.2.3.4:8080
HTTPS_Backend    https://1.2.3.4:8443
Crontab VestaCP:
Code:
echo '*/25 * * * * root /usr/bin/vddos-autoadd panel vestacp apache' >> /etc/crontab


STEP 6: Config vDDoS Auto Switch
vDDoS Auto Switch is a addon support for vDDoS Proxy Protection - Automatically identifies overloaded websites and changes their Security Mode.

Code:
echo '*/6 * * * * root /usr/bin/vddos-autoswitch checkalldomain high' >> /etc/crontab
echo '0 */3 * * * root /usr/bin/vddos-autoswitch flushalldomain /vddos/conf.d/website.conf no' >> /etc/crontab
 

duy13

New Member
ANTIDDOS for CyberPanel

vddos-cyberpanel.png

STEP 1: Install CyberPanel

CyberPanel is a very fast Hosting Panel you should try using if you have a Wordpress Site

Code:
sh <(curl https://cyberpanel.net/install.sh || wget -O - https://cyberpanel.net/install.sh)

More documentation:
https://docs.cyberpanel.net/doku.php?id=installation

STEP 2: Install vDDoS Proxy Protection
vDDoS Proxy Protection is free software to provide a Reverse Proxy Server HTTP(S) protocols. It act as a Filter & Mitigate DOS, DDOS, SYN Floods, or HTTP Floods attack to protect your website.

Code:
curl -L https://github.com/duy13/vDDoS-Protection/raw/master/latest.sh -o latest.sh
chmod 700 latest.sh
bash latest.sh


STEP 3: Change OpenLiteSpeed Default Port

By default, CyberPanel uses OpenLiteSpeed run on port 80 and 443, We can reconfigure this Webserver to listen on a different port, so that vDDoS can reverse proxy to it.
For example, we switched OpenLiteSpeed to port 8080 and 8443:

Code:
cp /usr/local/lsws/conf/httpd_config.conf.vddosbak
nano /usr/local/lsws/conf/httpd_config.conf

Port 80 running HTTP:

Code:
listener Default {
  address                 *:80
  secure                  0
  map                     voduy.com voduy.com
}
Edit *:80 to 127.0.0.1:8080:

Code:
listener Default {
  address                 127.0.0.1:8080
  secure                  0
  map                     voduy.com voduy.com
}
Port 443 running HTTPS:

Code:
listener SSL {
  address                 *:443
  secure                  1
  keyFile                 /usr/local/lsws/admin/conf/webadmin.key
  certFile                /usr/local/lsws/admin/conf/webadmin.crt
  map                     voduy.com voduy.com
}
Edit *:443 to 127.0.0.1:8443:

Code:
listener SSL {
  address                 127.0.0.1:8443
  secure                  1
  keyFile                 /usr/local/lsws/admin/conf/webadmin.key
  certFile                /usr/local/lsws/admin/conf/webadmin.crt
  map                     voduy.com voduy.com
}
If you do not see an item: listener SSL {...} like above, You can manually add the same frame at the end of the file httpd_config.conf:

Code:
listener SSL {
  address                 127.0.0.1:8443
  secure                  1
  keyFile                 /usr/local/lsws/admin/conf/webadmin.key
  certFile                /usr/local/lsws/admin/conf/webadmin.crt
}
In the future, When you create a Site running SSL, CyberPanel will automatically add a "map" domain entry to it. Something like this:
Code:
map                     voduy.com voduy.com
Save & Restart OpenLiteSpeed:

Code:
service lsws restart
Re-check OpenLiteSpeed port:

Code:
[[email protected] ~]# netstat -lntup|grep openlitespeed
tcp        0      0 0.0.0.0:7080            0.0.0.0:*               LISTEN      11507/openlitespeed
tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN      11507/openlitespeed
tcp        0      0 127.0.0.1:8443          0.0.0.0:*               LISTEN      11507/openlitespeed
udp        0      0 0.0.0.0:32772           0.0.0.0:*                           11576/openlitespeed
STEP 4: Config vDDoS Proxy Protection

The following example, because OpenLiteSpeed listened at Port 8080 and 8443 at IP 127.0.0.1, so I will Proxy vDDOS into 127.0.0.1 as follows:

Code:
nano /vddos/conf.d/website.conf

# Website       Listen               Backend                  Cache Security SSL-Prikey   SSL-CRTkey
default         http://0.0.0.0:80    http://127.0.0.1:8080    no    no      no           no
default         https://0.0.0.0:443  https://127.0.0.1:8443   no    no      /vddos/ssl/your-domain.com.pri /vddos/ssl/your-domain.com.crt
Restart vDDoS service after you have configured:
Code:
/usr/bin/vddos restart
Auto-start vDDoS services on boot:
Code:
/usr/bin/vddos autostart



STEP 5: Config vDDoS Auto Add
vDDoS Auto Add is a addon support for vDDoS Proxy Protection - Monitor Domains/Aliasdomains/Subdomains in Panel Hosting, Web Server, List Domain, Virtual Host... and automatically add them into the website.conf file.

Code:
nano /vddos/auto-add/setting.conf

Default Setting for vddos-add command:

SSL        Auto
Cache        no
Security    no
HTTP_Listen    http://0.0.0.0:80
HTTPS_Listen    https://0.0.0.0:443
HTTP_Backend    http://127.0.0.1:8080
HTTPS_Backend    https://127.0.0.1:8443
Crontab CyberPanel:
Code:
echo '*/25 * * * * root /usr/bin/vddos-autoadd panel cyberpanel openlitespeed' >> /etc/crontab


STEP 6: Config vDDoS Auto Switch
vDDoS Auto Switch is a addon support for vDDoS Proxy Protection - Automatically identifies overloaded websites and changes their Security Mode.

Code:
echo '*/6 * * * * root /usr/bin/vddos-autoswitch checkalldomain high' >> /etc/crontab
echo '0 */3 * * * root /usr/bin/vddos-autoswitch flushalldomain /vddos/conf.d/website.conf no' >> /etc/crontab
 
Top