Script to enable/disable CloudFlare DDoS protection automatically

Some of you may regularely see application layer 7 attacks on your sites that are behind CloudFlare, apparently L7 attacks are usually the only attacks that can shutdown a site covered by CloudFlare (if you don’t leak your origin IP).

The normal solution for these attacks is to go to the CloudFlare control panel and enable “I’m under attack” mode, but what if you’re not online to do this or if you don’t instantly notice an attack is coming in?
It gets even worse: If the attack runs for a long time without you taking any action, CloudFlare will temporarily route all traffic directly to the origin IP (exposing it to the attacker). You’d have to watch your sites for attacks constantly to not risk getting temporarily routed directly to your origin IP.

That’s why I created a simple script to automatically turn CloudFlare’s DDoS protection page on/off in case of an attack.

The script watches the server load and if it’s over a certain threshold, acts accordingly.

Continue reading

Installing/Configuring nodewatch on Debian 7

Update:

There is a full-automated script, that can be found here: https://gist.github.com/ZEROF/065b8708cbe3cd62d83d

The tutorial isn’t working for the latest nodewatch versions anymore but you can use the above script.

——————————

The guys from IT7 Networks Inc, who for instance run bandwagonhost (this blog is hosted on one of their servers btw), created a nice script to monitor openvz servers and automatically suspend them if some thresholds are reached.
You can fight abuse with this script and keep your nodes stable.

Unfortunately Nodewatch doesn’t work out of the box with Debian, but with some modifications you can get it running. That’s what I want to show you in the tutorial.

Continue reading