Installed it on a DirectAdmin server (CentOS 6.x) but doesn't ban anything?

[HHawk]

Hi there,

Well this solution looked quite solid. So I decided to test it on a server of mine. The server had a ton of connections (mail and HTTPD), however after installing it didn't ban anything.

ddos -b List of currently banned ip's.

Exp. IP

Here is my config:

FREQ=5 DAEMON_FREQ=300 NO_OF_CONNECTIONS=30 ONLY_INCOMING=false ENABLE_CLOUDFLARE=false ENABLE_PORTS=false #PORT_CONNECTIONS="20-21:40:60 22:11:60 25:11:60 53:11:60 80:90:60 143:90:60 587:90:60" FIREWALL="iptables" the rest was default

I tried various things e.g. switching FIREWALL from auto to iptables and fool around with PORT_CONNECTIONS. But nothing is happening at all? :(

What am I doing wrong here?

Regards, HHawk

[jgmdev]

I see you are setting the cronjob FREQ to 5 minutes which is too high, should be 1 (and I would say running as cronjob is deprecated depending on your use case) and the DAEMON_FREQ (which is used when running ddos-deflate as a service and is more effective) set to 300 which is also 5 minutes and that is too high for it to be of any use, recommended value is 5 seconds.

So the question is, how are you running ddos-deflate, as a cron job or a service? Depending on the answer you should use one of the recommended settings above for it to be effective.

[HHawk]

Thank you kindly for answering!

Ah, so I am doing it wrong by using them both (or at least enabling them in the script), right? I am using it as a service, I guess. So I will comment out "FREQ=5".

In regards setting it too high; I was being worried that it would cause an overload?

Thanks again so far.

Regards, HHawk

[HHawk]

Hi jgmdev,

A small follow-up; as it seems it's now working! Just noticed a blocked IP:

[root@mail /]# ddos -b List of currently banned ip's.

Exp. IP

00:00 74.125.143.26 40 [root@mail /]#

Guess it's configured correctly now? Thanks man!

Regards, HHawk