[Sir]

Hello Guys,

This is a thread about complete Isolation from DDOS.

Disclaimer-
This thread is not created by me, I ripped it from another forum and am sharing it for the users of Sinisterly, if abody has a problem with that PM me. All Things used in the Tutorials are properties of their respective knowledge.


First of all let me Introduce How DDOS works?

Sometimes a cracker uses a network of zombie computers to sabotage a specific Web site or server. The idea is pretty simple -- a cracker tells all the computers on his botnet to contact a specific server or Web site repeatedly. The sudden increase in traffic can cause the site to load very slowly for legitimate users. Sometimes the traffic is enough to shut the site down completely. We call this kind of an attack a Distributed Denial of Service (DDoS) attack.

Anyways Leaving this all Official Language Behind. Moving Ahead.

What are the common things we use to prevent DDOS from our website.
- Cloudflare
- Use SMTP for mailing to Hide UP IP's.

This way you block 90% of the attacks that includes Layer-3/4 Attacks but if you get too many Layer-7 Attacks Cloudflare Closes down their service for you. And there you End UP.

So I am introducing a way by which you can stop Cloudflare from blocking your domain and also make your server Isolated from all kinds of DDOS attacks completely.

Requirements:-
- A Cloudflare Account(Free)
- A Dome9 Account(You may ask me for one if you don't know where it is)

Lets go ahead-

Currently Your Website is running like this:-

- We will start up with adding our website on Cloudflare Free, Just Like This

After this your website will be like this

But the problem is if someone gets your IP then you are going to be down or if someone launches a Layer 7 attack then also you are gone.

---

- Now We will get a Dome9 Account. As already said you can ask me if you don't know how to get a Dome9 Account for free, Stop Paying for that.

Further, Login to your account and go to Policy Management Tab

Now Click on Add Security Group(On Right Side)

After you name your group,this you will get something like this

Click on "Add New Service", On the next screen Click on "Protected" Make sure you have Web(HTTP) or Web(HTTPS) on the Service Field. Now Click on Add Allowed IP.

After this

Allow Cloudflare IP's and Save the Security Group.

Note:- You may add other services such as SSH/FTP or any other custom ports if needed. You can keep them "Open" or on "Access on Demand" mode. Cloudflare IP's are not needed for any other services than Port 80 and Port 443. Make sure you do not leak the ports that you have kept opened. Although I do not recommend that.

Roughly Drawing how your Website Works now:-

Hurray, It means now you are completely protected to all kinds of Layer 3 Attacks i.e. 80% Of Attacks.
But Still some may attack you with a nice Layer 7 Attack which may cause Cloudflare to disable your service and hence keeping everything useless.
But never worry I am here with complete things

Lets Move to another side -

Now,First of all go to Page Rules add your URL and put all traffic from your http://domain.com to www.domain.com. You will come to know Later why I asked you to do so.

Now Go here, https://developers.google.com/speed/pagespeed/service

And sign UP,It takes 72 hours at least. If you don't feel like waiting you may ask me to create one for you It will be done instantly.

Now Login to your Pagespeed Account and add up your domain after adding it up just go to Cloudflare DNS Settings and for your CNAME on www put the Hostname that Pagespeed gave you and voila you are completely safe now.

How to use Pagespeed with Cloudflare !

Code:

You can add the Google PageSpeed subdomain by going to your CloudFlare DNS settings. Go to:

Settings->DNS settings->add subdomain->make sure cloud is grey.

Please follow these steps from Google:

1) Follow PageSpeed Service's setup process.

2) Make sure CloudFlare is ENABLED (orange cloud) for your origin domain
(yourdomain.com)

3) Make sure CloudFlare is DISABLED (grey cloud) for your www CNAME pointing to Google (the record pointing to pagespeed.googlehosted.com). If you do not do this, then you may see a "DNS Points to Prohibited IP" error visiting www.

With the above configuration, the PSS console continue to say "DNS Changes Required". Despite this message, your site will retain the benefits of both PSS and CloudFlare.

Also, an Alternative to this PageSpeed Service is http://www.litespeedtech.com/litespeed-a...rvice.html

So now If someone tries to do a Level-3 Attack, It is not possible because you have already blocked all direct access and Layer 7 attacks on Google won't work since www.yourdomain.com is on Google's Server, It will be filtered easily, And Just to say if someone does it on domain.com instead of www.yourdomain.com then your pagerules will redirect them to Google's Server and Hence the Attack is filtered.

Hope you Enjoy this Thread!

[yokai_old]

But, but, but, if you run something like a wordpress blog, and have comments enabled, that renders all the protection you setup worthless, loool.

Not to mention this is just one class/style of a DDoS, it's not always a botnet, lol..or a botnet in this fashion, and 'cracker', I lol'd. And yes I understand this piece of shit wasn't written by you, but it's miseducating...

[Sir]

But, but, but, if you run something like a wordpress blog, and have comments enabled, that renders all the protection you setup worthless, loool.

Not to mention this is just one class/style of a DDoS, it's not always a botnet, lol..or a botnet in this fashion, and 'cracker', I lol'd. And yes I understand this piece of shit wasn't written by you, but it's miseducating...

I wouldn't say it's a piece of shit, otherwise I wouldn't of shared it. Plenty of people have benefited from it from what I've read. If you ca write something much better please be our guest.

[DarkFlux™]

nice tutorial . thanks for contribution .

[Sale0]

It doesn't have to be slaves, API's running attack scripts or private shells suffice.

Also, since this is ABOUT DDoSing, you should have posted the technical explanation of it.
Assuming it's a UDP flood, and not HTTP, SYN, etc.


UDP flood is when you send tons of traffic being user datagram packets to a port on a remote host, once the port is stuffed with traffic the router or server can't handle all the requests so it shuts down, which is the internet loss. Yours seemed a little bit broad

I don't mean to sound like im better than you, because that's not what i'm trying to do. Just a little suggestion that's all :3

[Sir]

It doesn't have to be slaves, API's running attack scripts or private shells suffice.

Also, since this is ABOUT DDoSing, you should have posted the technical explanation of it.
Assuming it's a UDP flood, and not HTTP, SYN, etc.


UDP flood is when you send tons of traffic being user datagram packets to a port on a remote host, once the port is stuffed with traffic the router or server can't handle all the requests so it shuts down, which is the internet loss. Yours seemed a little bit broad

I don't mean to sound like im better than you, because that's not what i'm trying to do. Just a little suggestion that's all :3

I ripped this, didn't write it myself, thanks for the contribution though.

[Sale0]

I ripped this, didn't write it myself, thanks for the contribution though.

Ah I see, okay, should have read that a bit more :p

[Colonel]

Why would you copy this from another website?

[Sir]

Why would you copy this from another website?

To share it with the people here, obviously...