Install vDDoS Proxy Protection - AntiDDoS, DOS, SYN Floods, HTTP Floods attack...

Discussion in 'Tutorials and Guides' started by duy13, Dec 23, 2016.

  1. duy13

    duy13 New Member

    2
    0
    Dec 18, 2016
    How to install vDDoS Protection - Reverse Proxy Layer 7 Firewall Filter Mitigate DOS, DDOS, SYN Floods, or HTTP Floods attack


    What is vDDoS Protection?
    vDDoS Protection is free software to provide a Reverse Proxy Server HTTP(S) protocols. It act as a Layer 7 Firewall Filter & Mitigate DOS, DDOS, SYN Floods, or HTTP Floods attack to protect your website.


    Features:


    -Reverse Proxy
    -DDoS Protection
    -Robot Mitigator
    -HTTP challenge/response
    -reCaptcha Robot challenge
    -HTTP Denial of Service tools
    -Cookie challenge/response
    -Block/Allow Country Code You Want (Status 403)
    -Limit the request connection coming from a single IP address (Status 503)
    -CDN Support (CloudFlare, Incapsula...)
    -Whitelist for Botsearch (SEO Support, Allow Botsearch: Google, Alexa, Bing, Yahoo, Yandex, Facebook...)



    How it work?
    vDDoS Protection is Nginx bundled with module HTTP/2; GeoIP; Limit Req, Testcookie; reCaptcha processor... Working like CloudFlare, but vDDoS is software help you build your own System Firewall.


    If your site does not use protection service: (accept all queries)


    vDDoS-HTTP-S-DDoS-Protection-Reverse-Proxy5.png
     


    If your site uses protection service: (challenge all queries)
    -Human queries:


    vDDoS-HTTP-S-DDoS-Protection-Reverse-Proxy1.png


    vDDoS-HTTP-S-DDoS-Protection-Reverse-Proxy2.png


    -Bad Bots queries:


    vDDoS-HTTP-S-DDoS-Protection-Reverse-Proxy3.png


    vDDoS-HTTP-S-DDoS-Protection-Reverse-Proxy4.png


    How to install vDDoS?
    -vDDoS Protection only support CentOS Server 5/6/7 x86_64 (http://centos.org) & CloudLinux Server 5/6/7 x86_64 (http://cloudlinux.com)
    -Please go to Homepage and download vDDoS Protection version working on your system (https://github.com/duy13/vDDoS-Protection)
    -vDDoS Protection should be installed before installing other things (cPanel, VestaCP, LAMP, LEMP...)


    yum -y install epel-release 
    yum -y install curl wget gc gcc gcc-c++ pcre-devel zlib-devel make wget openssl-devel libxml2-devel libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel gperftools gperftools-devel libatomic_ops-devel perl-ExtUtils-Embed gcc automake autoconf apr-util-devel gc gcc gcc-c++ pcre-devel zlib-devel make wget openssl-devel libxml2-devel libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel gperftools gperftools-devel libatomic_ops-devel perl-ExtUtils-Embed 


    Example: my system is CentOS 7 x86_64 install vDDoS 1.10.1 Version (only need wget a file vddos-1.10.1-centos7):


    curl -L https://github.com/duy13/vDDoS-Protection/raw/master/vddos-1.10.1-centos7 -o /usr/bin/vddos
    chmod 700 /usr/bin/vddos
    /usr/bin/vddos help

    /usr/bin/vddos setup


    (This installation takes about 15 minutes or more)
    vDDoS Command Line?


       Welcome to vDDoS, a HTTP(S) DDoS Protection Reverse Proxy. Thank you for using!

                    Command Line Usage:
            vddos setup             :installing vDDoS service for the first time into /vddos
            vddos start             :start vDDoS service
            vddos stop              :stop vDDoS service
            vddos restart           :restart vDDoS service
            vddos autostart         :auto-start vDDoS services on boot
            vddos attack            :create a DDoS attacks to HTTP target (in 30 min)
            vddos stopattack        :stop "vddos attack" command
            vddos help              :display this help

                                            Please sure download vDDoS source from: vddos.voduy.com


    How to use vDDoS protect your website?
    Please edit your website.conf file in /vddos/conf.d
    Example Edit my website.conf:


    # nano /vddos/conf.d/website.conf

    # Website       Listen               Backend                  Cache Security SSL-Prikey   SSL-CRTkey
    default         http://0.0.0.0:80    http://127.0.0.1:8080    no    200      no           no
    your-domain.com http://0.0.0.0:80    http://127.0.0.1:8080    no    200      no           no
    default         https://0.0.0.0:443  https://127.0.0.1:8443   no    307      /vddos/ssl/your-domain.com.pri /vddos/ssl/your-domain.com.crt
    your-domain.com https://0.0.0.0:443  https://127.0.0.1:8443   no    307      /vddos/ssl/your-domain.com.pri /vddos/ssl/your-domain.com.crt
    your-domain.com https://0.0.0.0:4343 https://103.28.249.200:443 yes click    /vddos/ssl/your-domain.com.pri /vddos/ssl/your-domain.com.crt



    "your-domain.com" is my site on my Apache backend http://127.0.0.1:8080 want to be Protection by vDDoS
    "default" is option for All remaining sites
    /vddos/ssl/your-domain.com.pri is SSL Private key my website
    /vddos/ssl/your-domain.com.crt is SSL Public key my website



    Cache:
    variable: no, yes (Sets proxy cache website on vDDoS)
    Security:
    variable: no, 307, 200, click, 5s, high, captcha (Sets a valid for Security Level Protection)
    Note Security Level: no < 307 < 200 < click < 5s < high < captcha



    Restart vDDoS after saving:


    vddos restart



    Set Real IP traffic from Proxy or CDN:
    Please edit file cdn-ip.conf


    # nano /vddos/conf.d/cdn-ip.conf

    # Cloudflare
    set_real_ip_from 103.21.244.0/22;
    ...


    Deny Country or IP:
    Please edit file blacklist-countrycode.conf


    # nano /vddos/conf.d/blacklist-countrycode.conf

    geoip_country /usr/share/GeoIP/GeoIP.dat;
    map $geoip_country_code $allowed_country {
        default yes;
        US yes;
        CN no;
        
    }
    deny 1.1.1.1;


    Allow your IP Address do not need protection & challenge:
    Please edit file whitelist-botsearch.conf


    # nano /vddos/conf.d/whitelist-botsearch.conf

    #Alexa Bot IP Addresses
    204.236.235.245; 75.101.186.145;
    ...


    Use Mode reCaptcha:
    Please edit file recaptcha-secretkey.conf & recaptcha-sitekey.conf


    # nano /vddos/conf.d/recaptcha-sitekey.conf
    # Website        reCaptcha-sitekey (View KEY in https://www.google.com/recaptcha/admin#list)
    your-domain.com        6Lcr6QkUAAAAAxxxxxxxxxxxxxxxxxxxxxxxxxxx
    your-domain.org        6Lcr6FFFAAAAAxxxxxxxxxxxxxxxxxxxxxxxxxxx
    ...

    Code:
    # nano /vddos/conf.d/recaptcha-secretkey.conf
    DEBUG=False
    RE_SECRETS = { 'your-domain.com': '6Lcr6QkUAAAAxxxxxxxxxxxxxxxxxxxxxxxxxxx',
                   'your-domain.org': '6LcKngoUAAAAxxxxxxxxxxxxxxxxxxxxxxxxxxx' }
    

    (Go to https://www.google.com/recaptcha/admin#list and get your key for vDDoS)


    Recommend?
    -Recommend You use vDDoS with CloudFlare Free/Pro (hide your website real IP Address)
    (CloudFlare is Mitigate Firewall Layer 3-4)
    (vDDoS Protection is Mitigate Firewall Layer 7)



    -Download vDDoS Protection packages from vDDoS HomePages
    -Use this soft only for testing or demo attack!


    vDDoS Protection is Simple like that!
     
    Last edited by a moderator: Dec 23, 2016
  2. switsys

    switsys Active Member

    204
    60
    Jul 18, 2013
    Nice. Thanks!