Cara Mencegah dan Mendeteksi Serangan DDOS di Server VPS

DDOS (denial-of-service attacks) adalah jenis serangan terhadap sebuah komputer atau server di dalam jaringan internet dengan cara menghabiskan sumber (resource) yang dimiliki oleh komputer tersebut sampai komputer tersebut tidak dapat menjalankan fungsinya dengan benar sehingga secara tidak langsung mencegah pengguna lain untuk memperoleh akses layanan dari komputer yang diserang tersebut.

Dalam sebuah serangan Denial of Service, si penyerang akan mencoba untuk mencegah akses seorang pengguna terhadap sistem atau jaringan dengan menggunakan beberapa cara, yakni sebagai berikut:

  • Membanjiri lalu lintas jaringan dengan banyak data sehingga lalu lintas jaringan yang datang dari pengguna yang terdaftar menjadi tidak dapat masuk ke dalam sistem jaringan. Teknik ini disebut sebagai traffic flooding.
  • Membanjiri jaringan dengan banyak request terhadap sebuah layanan jaringan yang disedakan oleh sebuah host sehingga request yang datang dari pengguna terdaftar tidak dapat dilayani oleh layanan tersebut. Teknik ini disebut sebagai request flooding.
  • Mengganggu komunikasi antara sebuah host dan kliennya yang terdaftar dengan menggunakan banyak cara, termasuk dengan mengubah informasi konfigurasi sistem atau bahkan perusakan fisik terhadap komponen dan server.

Salah satu serangan mematikan dan menjadi suatu momok yang paling di benci oleh salah adminstrasi web jaringan adalah DDOS.

Pada saat server terasa berat ada kemungkinan anda terkena serangan DDOS. klo masih sempet kebuka sih masih bisa banned ip yang melakukan bad request ke server kita .. kita bisa cek dengan perintah :

netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

  1. Akan tampil muncul daftar IP seperti ini
    6 218.56.1.***
    7 36.68.197.**
    7 67.186.145.**
    7 49.114.132.**
    11 218.30.103.**
    17 72.246.47.**
    17 72.246.47.**
    30 74.125.129.**
    ** ****
  2. Warna merah menunjutkan jumlah koneksi dan biru nomor IP.
  3. Menurut referensi koneksi web tidak lebih dari 10 koneksi per IP per detik , apabila terdapat lebih dari 20 koneksi dengan IP yang sama, ada kemungkinan IP tersebut melakukan DDOS, namun setelah saya cek ternyata IP dengan koneksi berlebih tersebut google bot dan search engine lain.

Cara lain adalah dengan install tools , yaitu dengan DDOS-Deflate

ok sekarang login ke terminal pada server anda. Lewat SSH ato koneksi apa saja yang penting pada terminal ato console.

Untuk sesi kali ini saya akan berbagi tentang pemakaian DDOS-Deflate di mana tools ini akan membantu anda dalam pengamanan dari serangan DDOS.

download toolsnya :

wget http://www.inetbase.com/scripts/ddos/install.sh
–2011-06-17 22:19:13– http://www.inetbase.com/scripts/ddos/install.sh
Resolving http://www.inetbase.com… 205.234.99.83
Connecting to http://www.inetbase.com|205.234.99.83|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 1067 (1.0K) [application/x-sh]
Saving to: `install.sh’

100%[======================================>] 1,067 –.-K/s in 0s

2011-06-17 22:19:15 (27.5 MB/s) – `install.sh’ saved [1067/1067]

root@id-backtrack:~# ls
install.sh

nah setelah di download kita ubah chmod nya dulu agar dapat di esekusi ,

chmod 0700 install.sh
./install.sh

nah klo sudah terinstall teman-teman dapat mengedit file-file configurasi sesuai kehendak..

Untuk whitelist IP
vim /usr/local/ddos/ignore.ip.list

Untuk konfigurasi utamanya ada di
vim /usr/local/ddos/ddos.conf

kira – kira seperti ini defaultnya .. kalo saya edit2 dikit sih

##### Paths of the script and other files
PROGDIR=”/usr/local/ddos”
PROG=”/usr/local/ddos/ddos.sh”
IGNORE_IP_LIST=”/usr/local/ddos/ignore.ip.list”
CRON=”/etc/cron.d/ddos.cron”
APF=”/etc/apf/apf”
IPT=”/sbin/iptables”

##### frequency in minutes for running the script
##### Caution: Every time this setting is changed, run the script with –cron
##### option so that the new frequency takes effect
FREQ=1

##### How many connections define a bad IP? Indicate that below.
NO_OF_CONNECTIONS=150

##### APF_BAN=1 (Make sure your APF version is atleast 0.96)
##### APF_BAN=0 (Uses iptables for banning ips instead of APF)
APF_BAN=1

##### KILL=0 (Bad IPs are’nt banned, good for interactive execution of script)
##### KILL=1 (Recommended setting)
KILL=1

##### An email is sent to the following address when an IP is banned.
##### Blank would suppress sending of mails
EMAIL_TO=”root”

##### Number of seconds the banned ip should remain in blacklist.
BAN_PERIOD=600

Dan Cara terakhir adalah dengan memasang mod_evasive di server anda

mod_evasive adalah modul untuk mengatasi serangan pada Apache, untuk memberikan tindakan mengelak serangan HTTP DoS atau DDoS atau serangan brute force. Hal ini juga dirancang untuk menjadi Deteksi dan alat manajemen jaringan, dan dapat dengan mudah dikonfigurasi untuk terhubung dengan ipchains, firewall, router, dan dan sebagainya. mod_evasive dapat melaporkan pelanggaran tersebut melalui email dan syslog fasilitas.

cara instalasinya :

1. Akses VPS/DS anda menggunakan ssh client (putty/tunnelier)
2. Chdir ke /usr/local/src dengan perintah
cd /usr/local/src
3. ambil pake mod_evasive
wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz
4. Extract paket tersebut

tar -xzf mod_evasive_1.10.1.tar.gz

5. Pindah ke direktori hasil extract

cd mod_evasive

6. Build modulnya

/usr/bin/apxs -cia mod_evasive20.c

7. Done

Konfigurasi:

1.Edit file httpd.conf anda, bila anda menggunakan cPanel/WHM, file httpd.conf terletak di /usr/local/apache/conf/

nano /usr/local/apache/conf/httpd.conf

2. tambahkan baris berikut ke file tersebut:
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
DOSEmailNotify webmaster@yourdomain.com

3. Kemudian simpan dan jalankan perintah berikut untuk mengupdate konfigurasi httpd (cPanel/WHM only):

/usr/local/cpanel/bin/apache_conf_distiller –update

/usr/local/cpanel/bin/build_apache_conf

4. Restart webserver anda dengan perintah:

service httpd restart

atau

/etc/init.d/httpd restart

5. Selesai

Mari kita test apakah modulnya telah berjalan 😉
1. Masuk ke direktori src mod_evasive td

cd /usr/local/src/mod_evasive

2. beri akses executable pada file test.pl

chmod +x test.pl

3. jalankan file tersebut

./test.pl

Bila anda melihat hasil berikut brarti instalasi anda sukses :-bd

HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
………dipotong……..
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
………dipotong……..
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden

About the Author

64 thoughts on “Cara Mencegah dan Mendeteksi Serangan DDOS di Server VPS

  1. peinados para bodas - 26 February 2015 at 10:42

    Thanks for finally writing about > Cara Mencegah dan Mendeteksi Serangan DDOS di Server VPS < Loved it!

  2. blmforum.net - 27 February 2015 at 20:36

    Superb blog! Do you have any tips for aspiring writers?
    I’m planning to start my own website soon but I’m a little
    lost on everything. Would you suggest starting with a free platform like WordPress
    or go for a paid option? There are so many choices out there that I’m completely overwhelmed ..
    Any recommendations? Thanks a lot!

  3. th12bet - 28 February 2015 at 08:14

    I am truly thankful to the owner of this web page who has shared this great paragraph at here.

  4. CASINO - 1 March 2015 at 08:05

    It is in reality a nice and useful piece of information. I am satisfied that you just shared this helpful
    info with us. Please keep us informed like this.
    Thanks for sharing.

  5. Diabetes is one of those diseases which are in the world for quite a long time but no proper treatment has yet been found.
    Search for decrease GI ratings if you struggle with all forms of diabetes.
    Erectile disorders aren’t quite rare, especially in those men who have blood
    sugar problems and diabetes.

  6. Amado - 4 March 2015 at 18:00

    They’re not doing it themselves, they’re going to the Russians to do the same thing.
    Then he added a ton of third-and-mediums and third-and-longs.
    in China but there is an ongoing debate over whether the first casinos began in Ancient
    China or the Nile Delta.

  7. desimlocker iphone - 10 March 2015 at 02:54

    It’s amazing in favor of me to have a site, which is good in favor of my know-how.
    thanks admin

  8. gaming - 12 March 2015 at 21:48

    Spot on with this write-up, I actually believe this amazing site needs a great deal more attention. I’ll probably be back again to
    see more, thanks for the information!

  9. WhatsApp Clone - 13 March 2015 at 05:52

    I think everything said was very logical. However, think on this,
    suppose you added a little information? I am
    not suggesting your information is not good, however what if you added a post
    title that makes people want more? I mean Cara Mencegah dan Mendeteksi Serangan DDOS di
    Server VPS is kinda plain. You could peek at Yahoo’s front page and
    see how they create news titles to get people to click.
    You might add a related video or a pic or two to grab readers excited about everything’ve got to say.

    Just my opinion, it would bring your blog a little bit more interesting.

  10. watch cam online - 17 March 2015 at 08:35

    Thank you for the auspicious writeup. It in reality used to be
    a amusement account it. Glance complex to more introduced agreeable from you!
    However, how could we be in contact?

  11. annuities - 24 March 2015 at 21:00

    What’s up to all, it’s truly a good for me to pay a quick visit this web page, it includes useful Information.

  12. my middleman success plan - 26 March 2015 at 07:42

    I blog frequently and I really appreciate your content. The article
    has really peaked my interest. I’m going to bookmark your blog and keep checking for new
    information about once per week. I subscribed to your RSS feed too.

  13. info surabaya - 4 April 2015 at 17:29

    Wah…pusing mas…kl sdh kena ddos…

  14. trade finance - 13 April 2015 at 22:54

    I’m really enjoying the theme/design of your weblog. Do you ever
    run into any internet browser compatibility issues?
    A number of my blog visitors have complained about my website not operating correctly in Explorer but looks great in Firefox.
    Do you have any recommendations to help fix this problem?

  15. black widow - 5 May 2015 at 08:26

    It’s in fact very difficult in this busy life to listen news on TV, so I only use the web for that reason, and get the hottest news.

  16. comparatif routeur wifi - 9 May 2015 at 17:13

    I am really thankful to the owner of this web
    site who has shared this enormous article at at this time.

  17. Reece - 16 May 2015 at 10:12

    I do accept as true with all the ideas you have presented
    in your post. They’re very convincing and can certainly work.
    Still, the posts are too quick for starters. Could you please lengthen them a little from
    subsequent time? Thanks for the post.

  18. nak belog - 15 July 2015 at 18:48

    ngeri juga kalau website kita diserang ddos

  19. ask - 18 July 2015 at 10:53

    Thanks to my father who told me on the topic
    of this blog, this blog is really amazing.

  20. kevinapril - 3 September 2015 at 01:57

    Kalo installasi mod_evasive di nginx gimana mas?

  21. cik - 24 February 2016 at 04:02

    DDOS-Deflate + Couldflare = Ip couldflare dianggap penyerang dan dblock krn 1 ip sering mengakses lebih dari 50 Koneksi.

    Gimana conf agar ip dari couldflare tidak di block ?

  22. buat website - 9 December 2016 at 13:58

    bermanfaat tutorialnya, trims sudah share

  23. best pron - 26 June 2019 at 05:33

    dCXpEj Perfectly indited written content, Really enjoyed looking at.

  24. big machine label group - 4 July 2019 at 12:47

    You, my friend, ROCK! I found just the info I already searched all over the place and just could not locate it. What an ideal web-site.

  25. opalivf - 8 July 2019 at 13:00

    Some truly select posts on this internet site , saved to my bookmarks.

  26. Pingback: ??????

  27. https://masan-kranma.blogspot.com - 20 July 2019 at 14:48

    Hello there, just became alert to your blog through Google, and found that it is truly informative.
    I am gonna watch out for brussels. I’ll be grateful if you continue this in future.
    A lot of people will be benefited from your writing.

    Cheers!

  28. https://jeongeup-kranma.blogspot.com - 20 July 2019 at 20:12

    Valuable information. Lucky me I discovered your web site by chance, and I am stunned why
    this accident did not came about in advance! I bookmarked it.

  29. https://resident-anma.blogspot.com - 20 July 2019 at 20:16

    Remarkable things here. I’m very happy to look your post.

    Thanks a lot and I’m taking a look forward to contact you.
    Will you please drop me a mail?

  30. https://Japanese-Dick.blogspot.com - 21 July 2019 at 12:47

    I’m really enjoying the theme/design of your web site. Do you ever run into any
    internet browser compatibility problems? A handful of my blog readers have complained about
    my site not operating correctly in Explorer but looks great in Firefox.
    Do you have any solutions to help fix this issue?

  31. https://Christy-deer.blogspot.com - 22 July 2019 at 03:31

    Definitely believe that that you stated. Your
    favourite justification seemed to be on the net the simplest
    thing to keep in mind of. I say to you, I certainly get annoyed whilst
    other people think about concerns that they plainly do not realize about.
    You managed to hit the nail upon the top and outlined out the entire thing without having
    side-effects , other folks can take a signal. Will likely be back to get more.
    Thank you

  32. https://Ben-sparrow.blogspot.com - 22 July 2019 at 03:33

    Excellent post! We will be linking to this particularly great article on our website.

    Keep up the good writing.

  33. amk porn - 23 July 2019 at 01:51

    google porn

  34. https://Luke-whiting.blogspot.com - 23 July 2019 at 04:33

    Pretty section of content. I just stumbled upon your website and in accession capital
    to assert that I acquire actually enjoyed account your blog posts.
    Anyway I will be subscribing to your augment and even I achievement you access consistently rapidly.

  35. https://anglerfish-Jeffry.blogspot.com - 23 July 2019 at 11:21

    Thanks for the good writeup. It in fact was once a enjoyment account it.
    Glance complicated to far brought agreeable from you!
    However, how can we communicate?

  36. https://Oakes-nanny.blogspot.com - 23 July 2019 at 14:20

    I think this is among the most significant info for me.
    And i’m glad reading your article. But wanna remark on some general things, The web site style is great, the articles is really excellent : D.
    Good job, cheers

  37. https://Ezekiel-turtle.blogspot.com - 23 July 2019 at 20:18

    For hottest information you have to go to see internet and on world-wide-web I found this
    web page as a most excellent site for most recent updates.

  38. https://kid-Karin.blogspot.com - 26 July 2019 at 14:51

    Howdy exceptional website! Does running a blog such as this take a great deal of work?
    I have no knowledge of coding but I had been hoping to start my own blog soon. Anyhow,
    if you have any suggestions or techniques for new blog
    owners please share. I know this is off subject however
    I simply had to ask. Many thanks!

  39. https://Pochon-opmassage5.blogspot.com - 26 July 2019 at 16:49

    It’s a pity you don’t have a donate button! I’d definitely donate to this outstanding blog!
    I guess for now i’ll settle for book-marking
    and adding your RSS feed to my Google account. I look forward to new updates and will share this
    blog with my Facebook group. Talk soon!

  40. https://www.3dspace.kr/ - 26 July 2019 at 17:43

    Normally I do not read post on blogs, however I wish to say that this write-up very compelled me to take a look at
    and do it! Your writing taste has been surprised me.
    Thank you, very nice article.

  41. Sunny Leone Sex - 26 July 2019 at 22:33

    Please let me know if you’re looking for a article author for your site.
    You have some really good posts and I feel I would be a good asset.

    If you ever want to take some of the load off, I’d really like to write
    some articles for your blog in exchange for a link back to mine.

    Please send me an email if interested. Thanks!

  42. https://Marlee-Ox.blogspot.com - 29 July 2019 at 14:33

    When I initially left a comment I seem to have clicked
    on the -Notify me when new comments are added- checkbox and now every time a comment is added I receive four emails with the
    same comment. Perhaps there is a way you can remove me from that service?
    Appreciate it!

  43. ?? ? ??? - 21 August 2019 at 16:57

    I know this site gives quality depending articles and additional stuff, is there any other web site which gives such stuff in quality?

  44. ?? ?? - 23 August 2019 at 09:41

    I pay a quick visit daily some blogs and blogs to read articles,
    except this web site provides quality based articles.

  45. ??? ?? ?? - 25 August 2019 at 15:52

    Simply want to say your article is as amazing. The clearness
    to your put up is simply great and that i can assume you’re knowledgeable in this subject.
    Fine along with your permission let me to clutch your RSS
    feed to stay updated with coming near near post.
    Thanks a million and please carry on the rewarding work.

  46. ??? ?? ???? - 28 August 2019 at 15:42

    Hey There. I discovered your blog the usage of msn. That
    is a very smartly written article. I’ll be sure to bookmark it and return to learn more of your useful info.
    Thanks for the post. I will certainly return.

  47. ??? ?? ??? - 1 September 2019 at 01:08

    You actually make it seem so easy with your presentation but I to find this matter to be
    actually something which I believe I would by no means understand.
    It sort of feels too complicated and extremely large for me.
    I am looking forward to your next put up, I’ll attempt
    to get the hold of it!

  48. ??? ??? - 5 September 2019 at 18:05

    hello!,I love your writing so much! proportion we keep in touch more approximately
    your post on AOL? I require an expert in this area to resolve my problem.
    May be that is you! Taking a look ahead to peer you.

  49. ??? ??? - 6 September 2019 at 15:03

    What’s up, I want to subscribe for this web site to take latest updates, thus where can i
    do it please help.

  50. ??? 3? - 11 September 2019 at 07:38

    I am actually glad to read this web site posts which contains tons of useful data, thanks for providing these statistics.

  51. ?? ?? ? ?? - 11 September 2019 at 13:58

    I’d like to find out more? I’d love to find out some additional information.

  52. ???? - 20 September 2019 at 20:21

    It’s awesome to visit this web site and reading the views of all colleagues concerning this piece of writing, while I am also zealous of getting experience.

  53. ??? ?? - 20 September 2019 at 23:51

    constantly i used to read smaller articles that
    also clear their motive, and that is also happening with this piece of writing which
    I am reading now.

  54. ?? ?? ??? - 24 September 2019 at 06:40

    It’s amazing designed for me to have a website, which is beneficial
    for my knowledge. thanks admin

  55. ?? ?? - 2 October 2019 at 23:43

    Thanks in favor of sharing such a pleasant thinking, article is pleasant, thats why
    i have read it fully

  56. ??? ?? ?? - 14 October 2019 at 02:33

    I used to be recommended this blog by means of my cousin. I am no longer sure whether or not this publish is written by him
    as no one else realize such exact about my trouble. You are amazing!
    Thank you!

  57. Pingback: porn fast fuck

Leave a Reply