Sep 2, 2014

Howto: Web Defense – Apache2 Examples

Source: https://www.defcon.org/images/defcon-22/dc-22-presentations/Self/DEFCON-22-Blake-Self-cisc0ninja-Dont-DDOS-me-bro-UPDATED.pdf

.htaccess
Block him:
SetEnvIf User-Agent ”.*Fuck.*" Skid=1
Deny from env=Skid


.htaccess + mod_rewrite
Redirect him to himself:
<IfModule mod_rewrite.c>
RewriteCond %{HTTP_USER_AGENT} ^.*Fuck.*$
RewriteRule .* http://%{REMOTE_ADDR}/ [R,L]
</IfModule>
Redirect him somewhere more interesting:
<IfModule mod_rewrite.c>
RewriteCond %{HTTP_USER_AGENT} ^.*Fuck.*$
RewriteRule .* http://www.fbi.gov/ [R,L]
</IfModule>

Mod_evasive sample config
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 3
DOSSiteCount 50
DOSPageInterval 3
DOSSiteInterval 5
DOSBlockingPeriod 1800
DOSEmailNotify shinobi@gmail.com
DOSLogDir /var/log/mod_evasive
DOSWhitelist 192.168.42.*
</IfModule>




If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Howto: Block TOR Client with IPTABLES

Source: https://www.defcon.org/images/defcon-22/dc-22-presentations/Self/DEFCON-22-Blake-Self-cisc0ninja-Dont-DDOS-me-bro-UPDATED.pdf

#!/bin/bash
# Block Tor Exit nodes
IPTABLES_TARGET="DROP"
IPTABLES_CHAINNAME="TOR”
if ! iptables -L TOR -n >/dev/null 2>&1 ; then 

  iptables -N TOR >/dev/null 2>&1
  iptables -A INPUT -p tcp -j TOR 2>&1
fi

cd /tmp/
echo -e "\n\tGetting TOR node list from dan.me.uk\n"
wget -q -O - "https://www.dan.me.uk/torlist/" -U SXTorBlocker/1.0 > /tmp/full.tor
sed -i 's|^#.*$||g' /tmp/full.tor
iptables -F TOR CMD=$(cat /tmp/full.tor | uniq | sort)
for IP in $CMD; do
  let COUNT=COUNT+1
  iptables -A TOR -s $IP -j DROP

done
iptables -A TOR -j RETURN echo -e "\n\tiptables is now blocking TOR connections\n”
rm /tmp/full.tor




If you like my blog, Please Donate Me
Or Click The Banner For Support Me.