Welcome to World of IPTV

With

+23k members
+11k threads
+106k posts

we are the most popular IPTV community on the web. 

IMPORTANT NOTE:
WE HAVE RECENTLY NOTICED THAT TOO MANY DOUBLE FAKE ACCOUNTS ARE CREATED IN THE PAST.
TO PREVENT THIS ISSUE THE DECISION WAS MADE THAT IN THE FUTURE A ANNUALLY FEE 20 EURO WILL BE RAISED FOR NEW MEMBERSHIPS.

Join now to the World of IPTV

Forum Rules

Before you start, check out the forum rules first

Account upgrade

Upgrade your account to get access to full features

Advertising

Would you like to place your advertisement with us ?

Resources Manager

Hundreds of IPTV scripts and apps are available for download
  • SCAMMER & FRAUD ALERTS

    category has been added to the Forum.

    DO NOT BUY ANYTHING FROM THIS LISTED SCAMMERS - YOU WILL LOST YOUR MONEY !

Tutorial Basic DoS DDoS protection (IPTV PANEL)

Professor

Extended Member
Basic Member
Seller
Ext. Member
Joined
Oct 21, 2022
Messages
5
Reaction score
8
Points
14
Location
Spain

Basic DoS DDoS protection (IPTV PANEL)​

Found this a good read as well
be advised that this is just very very basic

DDoS and DoS protection in real case is:
- a good infrastructure
- external firewalls
- core routers external from firewall
- a good overwatch
- fallback systems

and much more.
So this wont keep you from a real DDoS attack but however it could keep some idiot skids from taking you down.

What we basically take to establish a little security is iptables. it should be preinstalled on nearly every servers but in case it isnt you can do it e.g. in the following ways:

Debian:
apt-get install iptables

CentOS:
yum install iptables

And so on and so on. Off course you need to run this with administrative rights.

Now we can do some configuration.
So at first we will just block a connection if its hitting an UDP port X more then Y times a second:
iptables -A INPUT -p udp -m udp --dport X -m state --state NEW -m recent --set --name DEFAULT --rsource iptables -A INPUT -p udp -m udp --dport X -m state --state NEW -m recent --update --seconds 1 --hitcount Y --name DEFAULT --rsource -j REJECT

Next we could control some established connections.
iptables -A INPUT -p tcp --syn -m limit --limit 1 /s --limit-burst X -j DROP

This will actually drop all new connection attempts after X connections are established.
Off yourse you have to think of a reasonable value here and insert it. Just before the skids start asking.

And furthermore since we are on a Linux-System we could drop all microshit (SMB&CIFS&Stuff). You can also modify this rule to block every port your server does not need:
$IPTABLES -A INPUT -p tcp -m multiport --dports 135,137,138,139,445,1433,1434 -j DROP $IPTABLES -A INPUT -p udp -m multiport --dports 135,137,138,139,445,1433,1434 -j DROP

However this was some basic playaround with the IPtables. You can from this just get a bit further. Just think.
Depending on your configuration you may need some Administrative rights ro insert the rules as well as to display them. By the way you can see all the rules and status of your firewall with:
iptables -L -n

So what else can you do?
ATTENTION: Everything I'll show now will contain kernel modification. I am not an will neither be responsible for any damage taken to your system.
It may be that under a certain configuration besides the kernel, this changes can cause damage to your system! Handle with care!

You could disable all SYN/SSYN flood attacks, with setting a TCP-Syncookie for every connection.
To do so, edit your /proc/sys/net/ipv4/tcp_syncookies, or do:
echo 1 > /proc/sys/net/ipv4/tcp_syncookies

Also its a good idea to ignore all incoming ICMP echo requests:
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all

Furthermore you have kind of some inbuilt spoofing protection, what only needs to be activated. I'd do this in bash:
Bash:
#!/bin/bash

for i in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $i; done


Oh last but not least maybe you should make your server neither accept nor resend any ICMP redirects:
Bash:
#!/bin/bash

for i in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo 0 > $i; done

for i in /proc/sys/net/ipv4/conf/*/send_redirects; do echo 0 > $i; done

I hope this helped some of you.
Regards
 
shape1
shape2
shape3
shape4
shape5
shape6
Top
AdBlock Detected

We know, ad-blocking software do a great job at blocking ads. But our site is sponsored by advertising. 

For the best possible site experience please take a moment to disable your AdBlocker.
You can create a Account with us or if you already have account, you can prefer an Account Upgrade.

I've Disabled AdBlock