Beiträge von jakubek160

Hello , I want to setup a anti-vpn sort of thing on my server and i was wondering what to do with it , because there are a lot of vpn's out there and I don't know if I really need to ban every single ip on my teamspeak server or if there is a way to block like 100 related ips on my vps (I am using centos 7 but doesn't changes much). Appreciate any help!

#Edit where from can i get a related ip's to certain vpses for example CyberGhost , Hotspotshield , Windscribe , Tunnelbear etc. I tryed to find and i managed to only find for old hotspotshield ones.

One more thing i've got some type of ddos i don't know if it's the software ddos or what but look at this : ScreenShooter - Check this screenshot! , only ts3 is on and the bots (normally it's like 10% of usage of cpu)

One more question , please help me configure the ipconfig to do not allow any other ddos because idk where to paste these settings to be started automaticly since every vps restart : #!/bin/bash

if [ "$1" = "start" ]; then
echo '::: Uruchamianie blokadu'

##################################################################
##################################################################
# ping_bloc
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
# Ochrona przed atakiem typu Smurf
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
# Nie aktceptujemy pakietow "source route"
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
# Nie przyjmujemy pakietow ICMP rediect, ktore moga zmienic tablice routingu
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
# Wlaczamy ochrone przed blednymi komunikatami ICMP error
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
# Wlaczenie mechanizmu wykrywania oczywistych falszerstw
# (pakiety znajdujace sie tylko tablicy routingu)
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 1 > /proc/sys/net/ipv4/tcp_timestamps
echo 1 > /proc/sys/net/ipv4/conf/all/log_martians
echo 10 > /proc/sys/net/ipv4/ipfrag_time
echo 36024 > /proc/sys/net/ipv4/tcp_max_syn_backlog
# zwiekszenie rozmaru tablicy ARP
echo 1024 > /proc/sys/net/ipv4/neigh/default/gc_thresh1
echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh2
echo 8192 > /proc/sys/net/ipv4/neigh/default/gc_thresh3
echo 1 > /proc/sys/net/ipv4/tcp_rfc1337
echo 1 > /proc/sys/net/ipv4/ip_no_pmtu_disc
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 2400 > /proc/sys/net/ipv4/tcp_keepalive_time
echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
echo 0 > /proc/sys/net/ipv4/tcp_sack
echo 20 > /proc/sys/net/ipv4/ipfrag_time
echo 1280 > /proc/sys/net/ipv4/tcp_max_syn_backlog
# Blokada przed atakami typu SYN FLOODING
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
# Właczenie proxy arp - dzieki temu serwer nie zdycha po kilku
#echo 1 > /proc/sys/net/ipv4/conf/all/arp_filter
# Zwiekszenie rozmiarutablic routingu
echo "18192" > /proc/sys/net/ipv4/route/max_size
##################################################################
##################################################################
# czyszczenie starych regul
iptables -F
iptables -X
iptables -t nat -X
iptables -t nat -F
iptables -t mangle -F
iptables -t mangle -X

# ustawienie domyslnej polityki
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

iptables -A INPUT -m conntrack --ctstate NEW -p tcp --tcp-flags SYN,RST,ACK,FIN,URG,PSH ACK -j DROP
iptables -A INPUT -m conntrack --ctstate NEW -p tcp --tcp-flags SYN,RST,ACK,FIN,URG,PSH FIN -j DROP
iptables -A INPUT -m conntrack --ctstate NEW -p tcp --tcp-flags SYN,RST,ACK,FIN,URG,PSH FIN,URG,PSH -j DROP

# wykrywanie skanowania NULL
iptables -A INPUT -p tcp --tcp-flags ALL NONE -m limit --limit 10/s --limit-burst 4 #-j LOG --log-level debug --log-prefix "SKAN_NULL: "
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP

# wszystkie pakiety uznane za NEW bez flagi SYN sa podejrzane
iptables -N skany
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j skany
iptables -A skany -p tcp --tcp-flags ALL RST -m limit --limit 10/s --limit-burst 4 #-j LOG --log-level debug --log-prefix "SKAN_INVERSE: "
iptables -A skany -p tcp --tcp-flags ALL RST -j DROP
iptables -A skany -p tcp --tcp-flags ALL ACK -m limit --limit 10/s --limit-burst 4 #-j LOG --log-level debug --log-prefix "SKAN_TCP_PING: "
iptables -A skany -p tcp --tcp-flags ALL ACK -j DROP
iptables -A skany -p tcp --tcp-flags ALL FIN -m limit --limit 10/s --limit-burst 4 #-j LOG --log-level debug --log-prefix "SKAN_FIN: "
iptables -A skany -p tcp --tcp-flags ALL FIN -j DROP
iptables -A skany -p tcp --tcp-flags ALL FIN,PSH,URG -m limit --limit 10/s --limit-burst 4 #-j LOG --log-level debug --log-prefix "SKAN_XMAS-NMAP: "
iptables -A skany -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP
iptables -A skany -p tcp -m limit --limit 10/s --limit-burst 4 #-j LOG --log-level debug --log-prefix "SKAN_INNE: "
iptables -A skany -j DROP

# Lancuch syn-flood (obrona przed DoS)
iptables -N syn-flood
iptables -A INPUT -p tcp --syn -j syn-flood
iptables -A syn-flood -m limit --limit 1/s --limit-burst 4 -j RETURN
iptables -A syn-flood -m limit --limit 1/s --limit-burst 4 #-j LOG --log-level debug --log-prefix "SYN-FLOOD: "
iptables -A syn-flood -j DROP
iptables -A INPUT -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p icmp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

# ping
iptables -A INPUT -p icmp -s 0/0 -m limit --limit 1/s --limit-burst 4 -j ACCEPT

# utrzymanie polaczen nawiazanych
iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
iptables -A FORWARD -j ACCEPT -m state --state ESTABLISHED,RELATED
iptables -A OUTPUT -j ACCEPT -m state --state ESTABLISHED,RELATED

elif [ "$1" = "stop" ]; then
echo "::: Zatrzymanie blokady"
iptables -F
iptables -X
iptables -t nat -X
iptables -t nat -F
iptables -t mangle -F
iptables -t mangle -X

fi

Hello , I am newbie to this subject even though i had a lot of ts3 servers but never builded myself on linux and i hat a lot of attempts to connect through the sshd (54k failed attempts) and i have 2 questions , first how to configure different port than 22 in fail2ban and other is how to give root permissions to another user and disable root logging. Thanks for all answers!