Cara Mencegah dan Mendeteksi Serangan DDOS di Server VPS

DDOS (denial-of-service attacks) adalah jenis serangan terhadap sebuah komputer atau server di dalam jaringan internet dengan cara menghabiskan sumber (resource) yang dimiliki oleh komputer tersebut sampai komputer tersebut tidak dapat menjalankan fungsinya dengan benar sehingga secara tidak langsung mencegah pengguna lain untuk memperoleh akses layanan dari komputer yang diserang tersebut.

Dalam sebuah serangan Denial of Service, si penyerang akan mencoba untuk mencegah akses seorang pengguna terhadap sistem atau jaringan dengan menggunakan beberapa cara, yakni sebagai berikut:

  • Membanjiri lalu lintas jaringan dengan banyak data sehingga lalu lintas jaringan yang datang dari pengguna yang terdaftar menjadi tidak dapat masuk ke dalam sistem jaringan. Teknik ini disebut sebagai traffic flooding.
  • Membanjiri jaringan dengan banyak request terhadap sebuah layanan jaringan yang disedakan oleh sebuah host sehingga request yang datang dari pengguna terdaftar tidak dapat dilayani oleh layanan tersebut. Teknik ini disebut sebagai request flooding.
  • Mengganggu komunikasi antara sebuah host dan kliennya yang terdaftar dengan menggunakan banyak cara, termasuk dengan mengubah informasi konfigurasi sistem atau bahkan perusakan fisik terhadap komponen dan server.

Salah satu serangan mematikan dan menjadi suatu momok yang paling di benci oleh salah adminstrasi web jaringan adalah DDOS.

Pada saat server terasa berat ada kemungkinan anda terkena serangan DDOS. klo masih sempet kebuka sih masih bisa banned ip yang melakukan bad request ke server kita .. kita bisa cek dengan perintah :

netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

  1. Akan tampil muncul daftar IP seperti ini
    6 218.56.1.***
    7 36.68.197.**
    7 67.186.145.**
    7 49.114.132.**
    11 218.30.103.**
    17 72.246.47.**
    17 72.246.47.**
    30 74.125.129.**
    ** ****
  2. Warna merah menunjutkan jumlah koneksi dan biru nomor IP.
  3. Menurut referensi koneksi web tidak lebih dari 10 koneksi per IP per detik , apabila terdapat lebih dari 20 koneksi dengan IP yang sama, ada kemungkinan IP tersebut melakukan DDOS, namun setelah saya cek ternyata IP dengan koneksi berlebih tersebut google bot dan search engine lain.

Cara lain adalah dengan install tools , yaitu dengan DDOS-Deflate

ok sekarang login ke terminal pada server anda. Lewat SSH ato koneksi apa saja yang penting pada terminal ato console.

Untuk sesi kali ini saya akan berbagi tentang pemakaian DDOS-Deflate di mana tools ini akan membantu anda dalam pengamanan dari serangan DDOS.

download toolsnya :

wget http://www.inetbase.com/scripts/ddos/install.sh
–2011-06-17 22:19:13– http://www.inetbase.com/scripts/ddos/install.sh
Resolving http://www.inetbase.com… 205.234.99.83
Connecting to http://www.inetbase.com|205.234.99.83|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 1067 (1.0K) [application/x-sh]
Saving to: `install.sh’

100%[======================================>] 1,067 –.-K/s in 0s

2011-06-17 22:19:15 (27.5 MB/s) – `install.sh’ saved [1067/1067]

root@id-backtrack:~# ls
install.sh

nah setelah di download kita ubah chmod nya dulu agar dapat di esekusi ,

chmod 0700 install.sh
./install.sh

nah klo sudah terinstall teman-teman dapat mengedit file-file configurasi sesuai kehendak..

Untuk whitelist IP
vim /usr/local/ddos/ignore.ip.list

Untuk konfigurasi utamanya ada di
vim /usr/local/ddos/ddos.conf

kira – kira seperti ini defaultnya .. kalo saya edit2 dikit sih

##### Paths of the script and other files
PROGDIR=”/usr/local/ddos”
PROG=”/usr/local/ddos/ddos.sh”
IGNORE_IP_LIST=”/usr/local/ddos/ignore.ip.list”
CRON=”/etc/cron.d/ddos.cron”
APF=”/etc/apf/apf”
IPT=”/sbin/iptables”

##### frequency in minutes for running the script
##### Caution: Every time this setting is changed, run the script with –cron
##### option so that the new frequency takes effect
FREQ=1

##### How many connections define a bad IP? Indicate that below.
NO_OF_CONNECTIONS=150

##### APF_BAN=1 (Make sure your APF version is atleast 0.96)
##### APF_BAN=0 (Uses iptables for banning ips instead of APF)
APF_BAN=1

##### KILL=0 (Bad IPs are’nt banned, good for interactive execution of script)
##### KILL=1 (Recommended setting)
KILL=1

##### An email is sent to the following address when an IP is banned.
##### Blank would suppress sending of mails
EMAIL_TO=”root”

##### Number of seconds the banned ip should remain in blacklist.
BAN_PERIOD=600

Dan Cara terakhir adalah dengan memasang mod_evasive di server anda

mod_evasive adalah modul untuk mengatasi serangan pada Apache, untuk memberikan tindakan mengelak serangan HTTP DoS atau DDoS atau serangan brute force. Hal ini juga dirancang untuk menjadi Deteksi dan alat manajemen jaringan, dan dapat dengan mudah dikonfigurasi untuk terhubung dengan ipchains, firewall, router, dan dan sebagainya. mod_evasive dapat melaporkan pelanggaran tersebut melalui email dan syslog fasilitas.

cara instalasinya :

1. Akses VPS/DS anda menggunakan ssh client (putty/tunnelier)
2. Chdir ke /usr/local/src dengan perintah
cd /usr/local/src
3. ambil pake mod_evasive
wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz
4. Extract paket tersebut

tar -xzf mod_evasive_1.10.1.tar.gz

5. Pindah ke direktori hasil extract

cd mod_evasive

6. Build modulnya

/usr/bin/apxs -cia mod_evasive20.c

7. Done

Konfigurasi:

1.Edit file httpd.conf anda, bila anda menggunakan cPanel/WHM, file httpd.conf terletak di /usr/local/apache/conf/

nano /usr/local/apache/conf/httpd.conf

2. tambahkan baris berikut ke file tersebut:
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
DOSEmailNotify webmaster@yourdomain.com

3. Kemudian simpan dan jalankan perintah berikut untuk mengupdate konfigurasi httpd (cPanel/WHM only):

/usr/local/cpanel/bin/apache_conf_distiller –update

/usr/local/cpanel/bin/build_apache_conf

4. Restart webserver anda dengan perintah:

service httpd restart

atau

/etc/init.d/httpd restart

5. Selesai

Mari kita test apakah modulnya telah berjalan 😉
1. Masuk ke direktori src mod_evasive td

cd /usr/local/src/mod_evasive

2. beri akses executable pada file test.pl

chmod +x test.pl

3. jalankan file tersebut

./test.pl

Bila anda melihat hasil berikut brarti instalasi anda sukses :-bd

HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
………dipotong……..
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
………dipotong……..
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden

About the Author

24 thoughts on “Cara Mencegah dan Mendeteksi Serangan DDOS di Server VPS

  1. peinados para bodas - 26 February 2015 at 10:42

    Thanks for finally writing about > Cara Mencegah dan Mendeteksi Serangan DDOS di Server VPS < Loved it!

  2. blmforum.net - 27 February 2015 at 20:36

    Superb blog! Do you have any tips for aspiring writers?
    I’m planning to start my own website soon but I’m a little
    lost on everything. Would you suggest starting with a free platform like WordPress
    or go for a paid option? There are so many choices out there that I’m completely overwhelmed ..
    Any recommendations? Thanks a lot!

  3. th12bet - 28 February 2015 at 08:14

    I am truly thankful to the owner of this web page who has shared this great paragraph at here.

  4. CASINO - 1 March 2015 at 08:05

    It is in reality a nice and useful piece of information. I am satisfied that you just shared this helpful
    info with us. Please keep us informed like this.
    Thanks for sharing.

  5. Diabetes is one of those diseases which are in the world for quite a long time but no proper treatment has yet been found.
    Search for decrease GI ratings if you struggle with all forms of diabetes.
    Erectile disorders aren’t quite rare, especially in those men who have blood
    sugar problems and diabetes.

  6. Amado - 4 March 2015 at 18:00

    They’re not doing it themselves, they’re going to the Russians to do the same thing.
    Then he added a ton of third-and-mediums and third-and-longs.
    in China but there is an ongoing debate over whether the first casinos began in Ancient
    China or the Nile Delta.

  7. desimlocker iphone - 10 March 2015 at 02:54

    It’s amazing in favor of me to have a site, which is good in favor of my know-how.
    thanks admin

  8. gaming - 12 March 2015 at 21:48

    Spot on with this write-up, I actually believe this amazing site needs a great deal more attention. I’ll probably be back again to
    see more, thanks for the information!

  9. WhatsApp Clone - 13 March 2015 at 05:52

    I think everything said was very logical. However, think on this,
    suppose you added a little information? I am
    not suggesting your information is not good, however what if you added a post
    title that makes people want more? I mean Cara Mencegah dan Mendeteksi Serangan DDOS di
    Server VPS is kinda plain. You could peek at Yahoo’s front page and
    see how they create news titles to get people to click.
    You might add a related video or a pic or two to grab readers excited about everything’ve got to say.

    Just my opinion, it would bring your blog a little bit more interesting.

  10. watch cam online - 17 March 2015 at 08:35

    Thank you for the auspicious writeup. It in reality used to be
    a amusement account it. Glance complex to more introduced agreeable from you!
    However, how could we be in contact?

  11. annuities - 24 March 2015 at 21:00

    What’s up to all, it’s truly a good for me to pay a quick visit this web page, it includes useful Information.

  12. my middleman success plan - 26 March 2015 at 07:42

    I blog frequently and I really appreciate your content. The article
    has really peaked my interest. I’m going to bookmark your blog and keep checking for new
    information about once per week. I subscribed to your RSS feed too.

  13. info surabaya - 4 April 2015 at 17:29

    Wah…pusing mas…kl sdh kena ddos…

  14. trade finance - 13 April 2015 at 22:54

    I’m really enjoying the theme/design of your weblog. Do you ever
    run into any internet browser compatibility issues?
    A number of my blog visitors have complained about my website not operating correctly in Explorer but looks great in Firefox.
    Do you have any recommendations to help fix this problem?

  15. black widow - 5 May 2015 at 08:26

    It’s in fact very difficult in this busy life to listen news on TV, so I only use the web for that reason, and get the hottest news.

  16. comparatif routeur wifi - 9 May 2015 at 17:13

    I am really thankful to the owner of this web
    site who has shared this enormous article at at this time.

  17. Reece - 16 May 2015 at 10:12

    I do accept as true with all the ideas you have presented
    in your post. They’re very convincing and can certainly work.
    Still, the posts are too quick for starters. Could you please lengthen them a little from
    subsequent time? Thanks for the post.

  18. nak belog - 15 July 2015 at 18:48

    ngeri juga kalau website kita diserang ddos

  19. ask - 18 July 2015 at 10:53

    Thanks to my father who told me on the topic
    of this blog, this blog is really amazing.

  20. kevinapril - 3 September 2015 at 01:57

    Kalo installasi mod_evasive di nginx gimana mas?

  21. cik - 24 February 2016 at 04:02

    DDOS-Deflate + Couldflare = Ip couldflare dianggap penyerang dan dblock krn 1 ip sering mengakses lebih dari 50 Koneksi.

    Gimana conf agar ip dari couldflare tidak di block ?

  22. buat website - 9 December 2016 at 13:58

    bermanfaat tutorialnya, trims sudah share

  23. Ryder - 28 March 2017 at 14:24

    It is in reality a great and helpful piece of information. I
    am satisfied that you just shared this helpful
    info with us. Please stay us up to date like this.

    Thank you for sharing.

Leave a Reply