icecubes: ip yg kena ban = iptables -L

icecubes: then ko yum install camfrogserver-5.0-327.noarch.rpm

icecubes: then ko set config cf tu
icecubes: then ko start cf
comand off kan ICMP
[root@X3440-26466 ~]# iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
icecubes: haha
icecubes: ni command ko simpan
icecubes: netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
icecubes: tu tul liat berapa byk ip yg ada connection
icecubes: yg paling byk adalah tuk ip bot dan ip cf dan ip server ko
icecubes: selain itu
icecubes: user guna byk id kt 1 ip
icecubes: kalo ip user ada lebih 20 koneksi
Rbw: ooo
icecubes: tu dh lain macam kena jaga
icecubes: mn ip byk yg kawan
icecubes: di ignore list kt ddos
icecubes: supaya tk kena ban
Rbw: ye
Rbw: yum install anti ddos?
icecubes: bkn lh
Rbw: esok sambung comand2 yg lain
icecubes: oo ok
icecubes: jgn lupa pro
Rbw: ye
icecubes: aku nk advertise rent room nih
Rbw: ape comand ni install anti ddos?
icecubes: aku rasa
icecubes: dh memang ada
icecubes: so tk usah donlot agi
icecubes: try install je
Rbw: ye
Rbw: ok
icecubes: chmod 0700 install.sh
icecubes: ./install.sh
Rbw: [root@X3440-26466 ~]# chmod 0700 install.sh
chmod: cannot access `install.sh': No such file or directory
[root@X3440-26466 ~]#
icecubes: satu2
Rbw: ?
icecubes: ok tkper donlot aja
Rbw: k
icecubes: wget http://www.inetbase.com/scripts/ddos/install.sh
Rbw: dah
icecubes: chmod 0700 install.sh
icecubes: ./install.sh
Rbw: [root@X3440-26466 ~]# chmod 0700 install.sh
[root@X3440-26466 ~]#
Rbw: keluar TOS
icecubes: ok done
Rbw: ################################################################
# "Artistic License" #
# #
# Preamble
icecubes: now adjust ip ignore nye
Rbw: end
Rbw: ape tekan?
Rbw: ctrl X tak mau
icecubes: enter
Rbw: x mau
icecubes: q
Rbw: end kedip2 jer
Rbw: mau
Rbw: q
Rbw: ok next
icecubes: ok
icecubes: nano /usr/local/ddos/ignore.ip.list
icecubes: ko cek ada lgi tk ip2 yg lama
Rbw:
GNU nano 2.0.9 File: /usr/local/ddos/ignore.ip.list
127.0.0.1
Rbw: 1 ip tu jer
icecubes: ok ko tambah kn ip2 yg ko nk whitelist
icecubes: jarak spasi
icecubes: semua 1 line
Rbw: 64.120.216.47 ip bot
Rbw: ip cf brp ?
icecubes: jap aku cek
Rbw: ip pc aku masukan juge?
icecubes: ip pc ko tukar2 tak?
icecubes: ip liine ko tu
Rbw: kdg2 jer
icecubes: setiap kali tukar
icecubes: ko kena lah tambah
Rbw: susah plak ye tak
Rbw: ip cf jer la
icecubes: yup jap
icecubes: jarak kn 1 spasi
Rbw: ye
icecubes: pastu ko tambah ni
icecubes: 62.75.187.99 64.40.8.242 64.40.9.39 64.120.216.47 64.40.9.30 64.40.9.34
64.40.8.42 64.40.8.44 168.62.189.175 65.75.255.82
Rbw: banyak sangat
icecubes: buat 1 line jer
icecubes: panjang tkper
icecubes: opps silap
icecubes: tu ada ip servre aku
Rbw: heee
icecubes: ko ganti dgn ip server ko
icecubes: apa ip servr
Rbw: localhost tu kan dah ip serv
icecubes: kasi jer lah
icecubes: adui
Rbw: ok
icecubes: playsafe
Rbw: yg mane ip serv ko?
icecubes: 62.75.187.99
Rbw: ok
Rbw: yg lain ip cf?
icecubes: ganti dgn ip server wan
icecubes: biar kn lh
icecubes: yg byk2 tu biarkn
Rbw: ok dah
Rbw: save?
icecubes: cek semua ada jarak 1 spasi
icecubes: yes save
icecubes: ok next
Rbw: ok
icecubes: nano /usr/local/ddos/ddos.conf
Rbw: ok
icecubes: ##### How many connections define a bad IP? Indicate that below.
NO_OF_CONNECTIONS=150 << ko set lh ikut rasa ko
Rbw: bagusnye?
icecubes: dlm 25
icecubes: apa ip yg lebih 25 di bann
Rbw: ok
Rbw: 33
icecubes: APF_BAN=0 (Uses iptables for banning ips instead of APF)
APF_BAN=0
Rbw:
##### How many connections define a bad IP? Indicate that below.
NO_OF_CONNECTIONS=33
icecubes: ok
Rbw: ##### APF_BAN=1 (Make sure your APF version is atleast 0.96)
##### APF_BAN=0 (Uses iptables for banning ips instead of APF)
APF_BAN=1
icecubes: set 0
Rbw: 1 jd 0
Rbw: semue 0
Rbw: semue 0
icecubes: semua??
icecubes: bkn
icecubes: APF_BAN=0 (Uses iptables for banning ips instead of APF)
APF_BAN=1
icecubes: jadi 1
icecubes: kalo dia 0
icecubes: sori2
icecubes: silap td
icecubes: kkkkkkkkkkkkkkkk
icecubes: jap2
icecubes: ##### APF_BAN=0 (Uses iptables for banning ips instead of APF)
APF_BAN=0
icecubes: tu yg betul
icecubes: ##### KILL=1 (Recommended setting)
KILL=1
yg ni set 1
Rbw: ##### APF_BAN=1 (Make sure your APF version is atleast 0.96)
##### APF_BAN=0 (Uses iptables for banning ips instead of APF)
APF_BAN=1
##### KILL=0 (Bad IPs are'nt banned, good for interactive execution of script)
##### KILL=1 (Recommended setting)
KILL=1
Rbw: itu now
icecubes: APF_BAN=1 << ni tukar jadi 0
Rbw: ##### APF_BAN=0 (Make sure your APF version is atleast 0.96)
Rbw: ##### APF_BAN=0 (Uses iptables for banning ips instead of APF)
APF_BAN=1
Rbw: itu now
icecubes: bkn tukar yg tu
icecubes: bwh dia
icecubes: yg ats tu sample
icecubes: ##### APF_BAN=1 (Uses iptables for banning ips instead of APF)
APF_BAN=0
Rbw: ##### APF_BAN=0 (Uses iptables for banning ips instead of APF)
APF_BAN=0
icecubes: tukar 1 jer lh
Rbw: ##### APF_BAN=1 (Uses iptables for banning ips instead of APF)
APF_BAN=0
icecubes: yg bwh
icecubes: ats tk usah
icecubes: ok ok
icecubes: next
Rbw: k
icecubes: ##### Number of seconds the banned ip should remain in blacklist.
BAN_PERIOD=600 <<< yg ni ikut suke
Rbw: 600 menit?
Rbw: ban?
icecubes: 600 = 10 min
icecubes: tu secs
Rbw: buat brp elok?
icecubes: 2 jam atau 3
Rbw: 10000
icecubes: terserah
icecubes: dh?
Rbw: ##### Number of seconds the banned ip should remain in blacklist.
BAN_PERIOD=10000
icecubes: ok
icecubes: save
icecubes: tutup
Rbw: ok
icecubes: next
icecubes: restart ddos tu command = sh /usr/local/ddos/ddos.sh -c
Rbw: [root@X3440-26466 ~]# sh /usr/local/ddos/ddos.sh -c
/usr/local/ddos/ddos.conf: line 30: -1ap: command not found
/root
Stopping crond: [ OK ]
Starting crond: [ OK ]
Stopping crond: [ OK ]
Starting crond: [ OK ]
[root@X3440-26466 ~]#
icecubes: ok
Rbw: comand ot found tu
icecubes: sadakal wah hul azimmmmmmmm
Rbw: kkkkkkkkkkkkk
icecubes: ko try restart lagi
icecubes: try restat ddos tu
Rbw: [root@X3440-26466 ~]# sh /usr/local/ddos/ddos.sh -c
/usr/local/ddos/ddos.conf: line 30: -1ap: command not found
/root
Stopping crond: [ OK ]
Starting crond: [ OK ]
Stopping crond: [ OK ]
Starting crond: [ OK ]
[root@X3440-26466 ~]#
Rbw: line 30 comnd not found
Rbw: ?
icecubes: heran
Rbw: line 30 ade yg error
icecubes: ko ada tulis salah tu
icecubes: kt config td
Rbw: nano /usr/local/ddos/ddos.conf
icecubes: gi cek
Rbw: ##### Number of seconds the banned ip should remain in blacklist.
BAN_PERIOD=10000ls -1ap;pwd
Rbw: itu:D
icecubes: apa jadah tu
icecubes: Number of seconds the banned ip should remain in blacklist.
BAN_PERIOD=10000
Rbw: [root@X3440-26466 ~]# sh /usr/local/ddos/ddos.sh -c
Stopping crond: [ OK ]
Starting crond: [ OK ]
Stopping crond: [ OK ]
Starting crond: [ OK ]
[root@X3440-26466 ~]#
Rbw: sodokallahul adziim
Rbw: rehat dl
icecubes: tu lh ko yg silap tyype
Rbw: esok sambung ggi
Rbw: jazakallah din
icecubes: waklu esok stanby 1 set
Rbw: ;D
icecubes: esok stanby 1 set sebelom bismillah
icecubes: insyallah
icecubes: (A)

route add 174.34.172.131 reject <<command banned ip

iftop -i eth1 -B -P -N <<tuk cek semua yg msk
icecubes: netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
icecubes: tu tuk tgk ip mn yg byk
sudo service fail2ban restart <<restart fail2ban
icecubes: List blocked IP�s:
route -n
icecubes: route -n

Checking if UDP Denial of Service is targetting the server

netstat -nap | grep 'udp' | awk '{print $5}' | cut -d: -f1 | sort |uniq -c |sort -n

Rbw: nak tengok ip2 yg kene ban di anti ddos ape comand?
icecubes: berapa byk kali nk tanya dah
Rbw: kkkkkkkkk
icecubes: iptables -L

==========================list ip yg hrs di banned

[root@X3440-26466 ~]# route -nKernel IP routing tableDestination Gateway

Genmask
Flags Metric Ref Use Iface

85.25.128.10 - 255.255.255.255 !H 0 - 0 -

85.25.255.10 - 255.255.255.255 !H 0 - 0 -

192.211.51.27 - 255.255.255.255 !H 0 - 0 -

217.172.191.69 - 255.255.255.255 !H 0 - 0 -

198.24.154.8 0.0.0.0 255.255.255.248 U 0 0 0 eth1

172.23.12.128 0.0.0.0 255.255.255.128 U 0 0 0 eth0

169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0

169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1
0.0.0.0 198.24.154.9 0.0.0.0 UG 0 0 0 eth1

route add 85.25.128.10 reject

route add 192.211.51.27 reject
route add 217.172.191.69 reject
route add 198.24.154.8 reject
route add 172.23.12.128 reject
route add 169.254.0.0 reject
route add 41.239.83.202 reject
41.239.83.202
route add 76.171.12.66 reject
64.40.9.30
route add 64.40.9.30 reject
route add 76.171.12.66 reject
route add 112.201.155.175 reject
route add 223.27.30.222 reject

echo "Block TCP-CONNECT scan attempts (SYN bit packets)"

iptables -A INPUT -p tcp --syn -j DROP
echo "Block TCP-SYN scan attempts (only SYN bit packets)"
iptables -A INPUT -m conntrack --ctstate NEW -p tcp --tcp-flags
SYN,RST,ACK,FIN,URG,PSH SYN -j DROP
echo "Block TCP-FIN scan attempts (only FIN bit packets)"
iptables -A INPUT -m conntrack --ctstate NEW -p tcp --tcp-flags
SYN,RST,ACK,FIN,URG,PSH FIN -j DROP
echo "Block TCP-ACK scan attempts (only ACK bit packets)"
iptables -A INPUT -m conntrack --ctstate NEW -p tcp --tcp-flags
SYN,RST,ACK,FIN,URG,PSH ACK -j DROP
echo "Block TCP-NULL scan attempts (packets without flag)"
iptables -A INPUT -m conntrack --ctstate INVALID -p tcp --tcp-flags !
SYN,RST,ACK,FIN,URG,PSH SYN,RST,ACK,FIN,URG,PSH -j DROP
echo "Block "Christmas Tree" TCP-XMAS scan attempts (packets with FIN, URG, PSH
bits)"
iptables -A INPUT -m conntrack --ctstate NEW -p tcp --tcp-flags
SYN,RST,ACK,FIN,URG,PSH FIN,URG,PSH -j DROP

echo "Block DOS - Ping of Death"

iptables -A INPUT -p ICMP --icmp-type echo-request -m length --length 60:65535 -j
ACCEPT
echo "Block DOS - Teardrop"
iptables -A INPUT -p UDP -f -j DROP
echo "Block DDOS - SYN-flood"
iptables -A INPUT -p TCP --syn -m iplimit --iplimit-above 9 -j DROP
echo "Block DDOS - Smurf"
iptables -A INPUT -m pkttype --pkt-type broadcast -j DROP
iptables -A INPUT -p ICMP --icmp-type echo-request -m pkttype --pkttype broadcast
-j DROP
iptables -A INPUT -p ICMP --icmp-type echo-request -m limit --limit 1000/s -j
ACCEPT
echo "Block DDOS - UDP-flood (Pepsi)"
iptables -A INPUT -p UDP --dport 7 -j DROP
iptables -A INPUT -p UDP --dport 19 -j DROP
echo "Block DDOS - SMBnuke"
iptables -A INPUT -p UDP --dport 135:139 -j DROP
iptables -A INPUT -p TCP --dport 135:139 -j DROP
echo "Block DDOS - Connection-flood"
iptables -A INPUT -p TCP --syn -m iplimit --iplimit-above 5 -j DROP
echo "Block DDOS - Fraggle"
iptables -A INPUT -p UDP -m pkttype --pkt-type broadcast -j DROP
iptables -A INPUT -p UDP -m limit --limit 100/s -j ACCEPT
echo "Block DDOS - Jolt"
iptables -A INPUT -p ICMP -f -j DROP

Alexey_V. (VPN Support)

same as you used before
openvpn --config /etc/openvpn/vpn11_ovpn008_account.ovpn
Hanrisman S.Pi
and how to stop ?
Alexey_V. (VPN Support)
killall openvpn
openvpn --config /etc/openvpn/vpn11_ovpn008_account.ovpn

openvpn --config /etc/vpn-la6_ovpn216_account.ovpn <<<tuk start di vps vpnya

route add default gw 192.210.201.12 <<add ip serv
route add default gw 192.210.201.1 <<add ip gateway
route add default gw 74.201.27.217 <<add ip vpn
route add default gw 36.68.43.255

Your serial number(s): vmware server

9ANMJ-YUA0M-2778J-4TN9R
925YH-YKZ00-2E305-4T1RM
901P0-YKZAJ-2E28N-4L53H
98NP0-YUA2M-25285-4J5HX
920P1-YRA2J-2578J-4TH8X

iptables -t raw -A PREROUTING -p tcp -m tcpmss --mss 1460 -m ttl --ttl-eq 118 -j
DROP
iptables -t raw -A PREROUTING -p tcp -m tcpmss --mss 1460 -m ttl --ttl-eq 119 -j
DROP
iptables -t raw -A PREROUTING -p tcp -m tcpmss --mss 1460 -m ttl --ttl-eq 241 -j
DROP
iptables -t raw -A PREROUTING -p tcp -m tcpmss --mss 1460 -m ttl --ttl-eq 242 -j
DROP
iptables -t raw -A PREROUTING -p tcp -m tcpmss --mss 1460 -m ttl --ttl-eq 243 -j
DROP
iptables -t raw -A PREROUTING -p tcp -m tcpmss --mss 1460 -m ttl --ttl-eq 244 -j
DROP
iptables -t raw -A PREROUTING -p tcp -m tcpmss --mss 1460 -m ttl --ttl-eq 245 -j
DROP
iptables -t raw -A PREROUTING -p tcp -m tcpmss --mss 1460 -m ttl --ttl-eq 246 -j
DROP
iptables -t raw -A PREROUTING -p tcp -m tcpmss --mss 1460 -m ttl --ttl-eq 247 -j
DROP
iptables -t raw -A PREROUTING -p tcp -m tcpmss --mss 1460 -m ttl --ttl-eq 248 -j
DROP
iptables -t raw -A PREROUTING -p tcp -m tcpmss --mss 1460 -m ttl --ttl-eq 249 -j
DROP
C++ (6:04:04 PM) : service iptables stop
C++ (6:04:11 PM) : iptables -F
C++ (6:04:22 PM) : iptables -A INPUT -p tcp -m tcp -m u32 --u32
"0x6&0xff=0x6&&0x4&0x1fff=0x0&&0x0>>0x16&0x3c@0xc&0xffff=0x0" -j DROP
C++ (6:04:26 PM) : masukin itu aja
C++ (6:04:29 PM) : anti spoof cam
C++ (6:05:00 PM) : iptables -I INPUT -p udp -m udp -m length --length 6:32 -m u32
--u32 "0x6&0xff=0x11&&0x0>>0x16&0x3c@0x2&0xff=0x8" -j DROP
C++ (6:05:03 PM) : ini anti spoof cam

++ (10:33:19 AM) : check dns server bang

C++ (10:33:23 AM) : coaspin ke yhuza
C++ (10:33:52 AM) : cat /etc/resolv.conf
C++ (10:33:54 AM) : check
C++ (10:36:47 AM) : bng
C++ (10:36:50 AM) : nah sibuk ni abng
C++ (10:36:55 AM) : yhuza aja de yg check
4/27/2013 11:06:34 AMC++ (11:06:34 AM) : length 0:28
length 826
length 1161
length 1054
length 429
length 176
length 745
length 197
length 1500
C++ (11:07:34 AM) : tcp filtring : seq 0 & win 0
C++ (11:08:33 AM) : filtring udp flagment
C++ (11:08:53 AM) : block sport udp & tcp sport 53 & 80
C++ (11:09:11 AM) : allow dport tcp 22 & 6005
C++ (11:09:33 AM) : allow dport udp 20000-30000
C++ (11:09:59 AM) : block all kinds icmp