├── README.md ├── countrylist-willcaptcha.txt ├── jq-1.5-linux64 ├── md5sum.txt ├── opensource ├── CloudFlare-API-Block-IP.sh ├── CloudFlare-API-Captcha-All-Country.sh ├── CloudFlare-API-Remove-All-Rules.sh ├── CloudFlare-API-Show-Info.sh └── CloudFlare-API-Whitelist-Botsearch.sh ├── vddos-layer4-mapping └── vddos-layer4-mapping.old-api.08.2017 /README.md: -------------------------------------------------------------------------------- 1 | vDDoS Layer4 Mapping 2 | =================== 3 | 4 | vDDoS Layer4 Mapping is a addon support for vDDoS Proxy Protection - Monitor processor logs and block it in Layer 3-4. This tool is product for those people ask me to add "BLOCK & CAPTCHA" on Layer 3-4 (Support Iptables CSF & CloudFlare API) for vDDoS Proxy Protection. 5 | 6 | ---------- 7 | 8 | 1/ Install vDDoS Proxy Protection: 9 | ------------- 10 | To install vDDoS Proxy Protection please visit this site: http://vddos.voduy.com 11 | 12 | ---------- 13 | 14 | 15 | 2/ Install vDDoS Layer4 Mapping: 16 | ------------- 17 | ``` 18 | curl -L https://github.com/duy13/vDDoS-Layer4-Mapping/raw/master/vddos-layer4-mapping -o /usr/bin/vddos-layer4 19 | chmod 700 /usr/bin/vddos-layer4 20 | /usr/bin/vddos-layer4 21 | ``` 22 | 23 | Using vDDoS Layer4 Mapping: 24 | ------------- 25 | ``` 26 | 27 | Welcome to vDDoS, a HTTP(S) DDoS Protection Reverse Proxy. Thank you for using! 28 | 29 | Please choose vDDoS Layer 4 Running Mode: 30 | 31 | CloudFlare Mode: 32 | 1. Enable Captcha-All-Country Mode (Recommend This Mode For Large DDoS Attacks) 33 | 2. Enable Monitor-vDDoS-logs-and-Captcha Mode 34 | 3. Enable Monitor-vDDoS-logs-and-Block Mode 35 | 4. Remove all rules exist on CloudFlare Firewall 36 | 37 | CSF Mode: 38 | 5. Enable Monitor-vDDoS-logs-and-Block Mode 39 | 6. Remove all rules exist on CSF 40 | 41 | End & Exit: 42 | 7. End All Process (Kill all Process Mode Running) 43 | 8. Exit 44 | 45 | Enter Your Answer [1, 2, 3... or 8]: 46 | ``` 47 | 48 | If you use CloudFlare: 49 | ------------- 50 | Register account on CloudFlare.com > Add Your Website > Overview > View Zone ID 51 | 52 | Email > My Setting > API Key > Global API Key > View API Key 53 | 54 | 55 | If you use CSF: 56 | ------------- 57 | Homepage: https://configserver.com/cp/csf.html 58 | 59 | 60 | Install CSF: 61 | ``` 62 | cd /usr/src/ 63 | wget 'https://download.configserver.com/csf.tgz' 64 | tar -xvf csf.tgz 65 | cd csf 66 | sh install.sh 67 | chkconfig --levels 235 csf on 68 | chkconfig --levels 235 lfd on 69 | ``` 70 | 71 | Config CSF: 72 | ``` 73 | cd /etc/csf/ 74 | sed -i 's/TESTING = "1"/TESTING = "0"/g' /etc/csf/csf.conf 75 | ``` 76 | 77 | Restart CSF: 78 | ``` 79 | csf -r && csf -q && service lfd restart 80 | ``` 81 | 82 | 3/ CloudFlare API Control Command: 83 | --------------- 84 | Change Security Level: 85 | ``` 86 | vddos-layer4 Security-Level-CloudFlare [email] [api] [zoneid] [essentially_off|low|medium|high|under_attack] 87 | ``` 88 | 89 | Captcha All Country: 90 | ``` 91 | vddos-layer4 Captcha-All-Country-CloudFlare [email] [api] [zoneid] 92 | ``` 93 | 94 | Remove-All-Rules: 95 | ``` 96 | vddos-layer4 Remove-All-Rules-CloudFlare [email] [api] [zoneid] 97 | ``` 98 | 99 | Example: 100 | ``` 101 | /usr/bin/vddos-layer4 Security-Level-CloudFlare usercf@cloudflare.com f3aa24e0debfe5157629856afa4671bb 6dc6afc194bf744cd0f8c45bf3303afc under_attack 102 | 103 | /usr/bin/vddos-layer4 Captcha-All-Country-CloudFlare usercf@cloudflare.com f3aa24e0debfe5157629856afa4671bb 6dc6afc194bf744cd0f8c45bf3303afc 104 | 105 | /usr/bin/vddos-layer4 Remove-All-Rules-CloudFlare usercf@cloudflare.com f3aa24e0debfe5157629856afa4671bb 6dc6afc194bf744cd0f8c45bf3303afc 106 | 107 | ``` 108 | 109 | 4/ More Config: 110 | --------------- 111 | Document: http://vddos.voduy.com 112 | ``` 113 | Still in beta, use at your own risk! It is provided without any warranty! 114 | ``` -------------------------------------------------------------------------------- /countrylist-willcaptcha.txt: -------------------------------------------------------------------------------- 1 | AF 2 | AX 3 | AL 4 | DZ 5 | AS 6 | AD 7 | AO 8 | AI 9 | AQ 10 | AG 11 | AR 12 | AM 13 | AW 14 | AU 15 | AT 16 | AZ 17 | BS 18 | BH 19 | BD 20 | BB 21 | BY 22 | BE 23 | BZ 24 | BJ 25 | BM 26 | BT 27 | BO 28 | BQ 29 | BA 30 | BW 31 | BV 32 | BR 33 | IO 34 | BN 35 | BG 36 | BF 37 | BI 38 | KH 39 | CM 40 | CA 41 | CV 42 | KY 43 | CF 44 | TD 45 | CL 46 | CN 47 | CX 48 | CC 49 | CO 50 | KM 51 | CG 52 | CD 53 | CK 54 | CR 55 | CI 56 | HR 57 | CU 58 | CW 59 | CY 60 | CZ 61 | DK 62 | DJ 63 | DM 64 | DO 65 | EC 66 | EG 67 | SV 68 | GQ 69 | ER 70 | EE 71 | ET 72 | FK 73 | FO 74 | FJ 75 | FI 76 | FR 77 | GF 78 | PF 79 | TF 80 | GA 81 | GM 82 | GE 83 | DE 84 | GH 85 | GI 86 | GR 87 | GL 88 | GD 89 | GP 90 | GU 91 | GT 92 | GG 93 | GN 94 | GW 95 | GY 96 | HT 97 | HM 98 | VA 99 | HN 100 | HK 101 | HU 102 | IS 103 | IN 104 | ID 105 | IR 106 | IQ 107 | IE 108 | IM 109 | IL 110 | IT 111 | JM 112 | JP 113 | JE 114 | JO 115 | KZ 116 | KE 117 | KI 118 | KP 119 | KR 120 | KW 121 | KG 122 | LA 123 | LV 124 | LB 125 | LS 126 | LR 127 | LY 128 | LI 129 | LT 130 | LU 131 | MO 132 | MK 133 | MG 134 | MW 135 | MY 136 | MV 137 | ML 138 | MT 139 | MH 140 | MQ 141 | MR 142 | MU 143 | YT 144 | MX 145 | FM 146 | MD 147 | MC 148 | MN 149 | ME 150 | MS 151 | MA 152 | MZ 153 | MM 154 | NA 155 | NR 156 | NP 157 | NL 158 | NC 159 | NZ 160 | NI 161 | NE 162 | NG 163 | NU 164 | NF 165 | MP 166 | NO 167 | OM 168 | PK 169 | PW 170 | PS 171 | PA 172 | PG 173 | PY 174 | PE 175 | PH 176 | PN 177 | PL 178 | PT 179 | PR 180 | QA 181 | RE 182 | RO 183 | RU 184 | RW 185 | BL 186 | SH 187 | KN 188 | LC 189 | MF 190 | PM 191 | VC 192 | WS 193 | SM 194 | ST 195 | SA 196 | SN 197 | RS 198 | SC 199 | SL 200 | SG 201 | SX 202 | SK 203 | SI 204 | SB 205 | SO 206 | ZA 207 | GS 208 | SS 209 | ES 210 | LK 211 | SD 212 | SR 213 | SJ 214 | SZ 215 | SE 216 | CH 217 | SY 218 | TW 219 | TJ 220 | TZ 221 | TH 222 | TL 223 | TG 224 | TK 225 | TO 226 | TT 227 | TN 228 | TR 229 | TM 230 | TC 231 | TV 232 | UG 233 | UA 234 | AE 235 | GB 236 | US 237 | UM 238 | UY 239 | UZ 240 | VU 241 | VE 242 | VN 243 | VG 244 | VI 245 | WF 246 | EH 247 | YE 248 | ZM 249 | ZW 250 | XX 251 | T1 252 | -------------------------------------------------------------------------------- /jq-1.5-linux64: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/duy13/vDDoS-Layer4-Mapping/099af4852e245d8421104227ab1bbfd257e5d84c/jq-1.5-linux64 -------------------------------------------------------------------------------- /md5sum.txt: -------------------------------------------------------------------------------- 1 | cd0ec6ea3e220f7497dc527564e29949 opensource/CloudFlare-API-Block-IP.sh 2 | 805eb8281495f84eb2f5716ce2827dfd opensource/CloudFlare-API-Captcha-All-Country.sh 3 | 4fae3d935f857f89372fc3e0e42e75d2 opensource/CloudFlare-API-Remove-All-Rules.sh 4 | fd8387b174200b25bc5182baa3edcd14 opensource/CloudFlare-API-Show-Info.sh 5 | 58197c4dde264203a689d34c772eb157 opensource/CloudFlare-API-Whitelist-Botsearch.sh 6 | d12cf6a8bb73a854a59dab7080df0086 countrylist-willcaptcha.txt 7 | 6a342dbb17b2f2ea4ec0e64d2157614d jq-1.5-linux64 8 | 978b4afbe90d13e0a9197f33398cbada md5sum.txt 9 | 6c019e1a15044d52c701fc88af2049dc README.md 10 | 3a614c3711ffa4a7f50f99b57a132666 vddos-layer4-mapping 11 | -------------------------------------------------------------------------------- /opensource/CloudFlare-API-Block-IP.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | 4 | apikey='*************' 5 | zone='*************' 6 | email='*************@hotmail.com' 7 | 8 | mkdir -p /vddos/layer4-mapping/cf/block/ 9 | iplist_willblock='/vddos/layer4-mapping/cf/block/iplist-willblock.txt' 10 | iplist_blocked='/vddos/layer4-mapping/cf/block/iplist-blocked.txt' 11 | 12 | ################### Chặn IP: 13 | ten_file_chua_list=$iplist_willblock 14 | echo "`cat $ten_file_chua_list | grep .`" > $ten_file_chua_list 15 | so_dong_file_chua_list=`cat $ten_file_chua_list | grep . | wc -l` 16 | dong=1 17 | 18 | while [ $dong -le $so_dong_file_chua_list ] 19 | do 20 | ipblock_hientai=$(awk " NR == $dong " $ten_file_chua_list) 21 | (curl -sSX POST "https://api.cloudflare.com/client/v4/zones/$zone/firewall/access_rules/rules" \ 22 | -H "X-Auth-Email: $email" \ 23 | -H "X-Auth-Key: $apikey" \ 24 | -H "Content-Type: application/json" \ 25 | --data "{\"mode\":\"block\",\"configuration\":{\"target\":\"ip\",\"value\":\"$ipblock_hientai\"},\"notes\":\"Block by vDDoS Proxy Protection\"}" >/dev/null 2>&1 & )& 26 | echo "Da block IP $ipblock_hientai" 27 | dong=$((dong + 1)) 28 | done 29 | #echo > $iplist_willblock 30 | #echo > $iplist_blocked 31 | 32 | -------------------------------------------------------------------------------- /opensource/CloudFlare-API-Captcha-All-Country.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | 4 | apikey='*************' 5 | zone='*************' 6 | email='*************@hotmail.com' 7 | 8 | mkdir -p /vddos/layer4-mapping/cf/captcha-all-country/ 9 | countrylist_willcaptcha='/vddos/layer4-mapping/cf/captcha-all-country/countrylist-willcaptcha.txt' 10 | countrylist_captchated='/vddos/layer4-mapping/cf/captcha-all-country/countrylist-captchated.txt' 11 | 12 | ################### Captcha cho country: 13 | ten_file_chua_list=$countrylist_willcaptcha 14 | echo "`cat $ten_file_chua_list | grep .`" > $ten_file_chua_list 15 | so_dong_file_chua_list=`cat $ten_file_chua_list | grep . | wc -l` 16 | dong=1 17 | 18 | while [ $dong -le $so_dong_file_chua_list ] 19 | do 20 | delaytime=$(( $RANDOM % 9 )) 21 | countrycaptcha_hientai=$(awk " NR == $dong " $ten_file_chua_list) 22 | (sleep $delaytime; curl -sSX POST "https://api.cloudflare.com/client/v4/zones/$zone/firewall/access_rules/rules" \ 23 | -H "X-Auth-Email: $email" \ 24 | -H "X-Auth-Key: $apikey" \ 25 | -H "Content-Type: application/json" \ 26 | --data "{\"mode\":\"challenge\",\"configuration\":{\"target\":\"country\",\"value\":\"$countrycaptcha_hientai\"},\"notes\":\"Captcha by vDDoS Proxy Protection\"}" >/dev/null 2>&1 & )& 27 | echo "Da bat captcha country: $countrycaptcha_hientai" 28 | dong=$((dong + 1)) 29 | done 30 | #echo > $countrylist_willcaptcha 31 | #echo > $countrylist_captchated 32 | 33 | -------------------------------------------------------------------------------- /opensource/CloudFlare-API-Remove-All-Rules.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | 4 | apikey='*************' 5 | zone='*************' 6 | email='*************@hotmail.com' 7 | 8 | 9 | ################### Cho ra full thông tin lan dau tien: 10 | 11 | fullrawinfo=`curl --silent -X GET "https://api.cloudflare.com/client/v4/zones/$zone/firewall/access_rules/rules?match=all" \ 12 | -H "X-Auth-Email: $email" \ 13 | -H "X-Auth-Key: $apikey" \ 14 | -H "Content-Type: application/json"` 15 | fullinfo=`echo "$fullrawinfo"|jq .` 16 | 17 | ################### Cho ra tổng số rule lau dau tiên: 18 | numberrule=`echo "$fullinfo"| grep "total_count"|awk {'print $2'}| tr -dc '0-9'` 19 | #echo "Tong rule la: $numberrule" 20 | 21 | mkdir -p /tmp/vddos/vddos-layer4-mapping-cf-remove-all-rule 22 | ten_file_chua_list='/tmp/vddos/vddos-layer4-mapping-cf-remove-all-rule/CF-idrulelist.txt' 23 | 24 | rulebandau=$numberrule 25 | so_lan_vong_lap_lon=0 26 | donglon=1 27 | while [ $numberrule -gt $so_lan_vong_lap_lon ] 28 | do 29 | 30 | ################### Cho ra full thông tin khac nhau trong moi vong lap lớn: 31 | 32 | fullrawinfo=`curl --silent -X GET "https://api.cloudflare.com/client/v4/zones/$zone/firewall/access_rules/rules?match=all" \ 33 | -H "X-Auth-Email: $email" \ 34 | -H "X-Auth-Key: $apikey" \ 35 | -H "Content-Type: application/json"` 36 | fullinfo=`echo "$fullrawinfo"|jq .` 37 | ################### Cho ra full ID Rules khac nhau trong moi vong lap lớn: 38 | idrulelist=`echo "$fullinfo" | grep '"id":' |sed "/.*$zone.*/d" | awk {'print $2'}| tr -d ','|tr -d '"'` 39 | #echo "Danh sach ID la: 40 | #$idrulelist" 41 | echo "$idrulelist" > $ten_file_chua_list 42 | echo "`cat $ten_file_chua_list | grep .`" > $ten_file_chua_list 43 | so_dong_file_chua_list=`cat $ten_file_chua_list | grep . | wc -l` 44 | ################### Xoa toan bo ID Rules: 45 | 46 | 47 | 48 | dong=1 49 | while [ $dong -le $so_dong_file_chua_list ] 50 | do 51 | 52 | ################### Xóa id rule hiện tại: 53 | delaytime=$(( $RANDOM % 9 )) 54 | idrulehientai=$(awk " NR == $dong " $ten_file_chua_list) 55 | 56 | (sleep $delaytime; curl --silent -X DELETE "https://api.cloudflare.com/client/v4/zones/$zone/firewall/access_rules/rules/$idrulehientai" \ 57 | -H "X-Auth-Email: $email" \ 58 | -H "X-Auth-Key: $apikey" \ 59 | -H "Content-Type: application/json" >/dev/null 2>&1 &) & 60 | echo "Rule thu $dong cua trang $donglon da xoa la: $idrulehientai" 61 | 62 | # 63 | 64 | dong=$((dong + 1)) 65 | done 66 | donglon=$((donglon + 1)) 67 | sleep 5 68 | ################### Cho ra tổng số rule lau dau tiên: 69 | numberrule=`echo "$fullinfo"| grep "total_count"|awk {'print $2'}| tr -dc '0-9'` 70 | # Nếu rule vẫn lớn hơn 0 thì tiếp tục lặp 71 | echo "Removed rule $((rulebandau-numberrule)). The remaining rules $numberrule" 72 | done 73 | 74 | 75 | 76 | -------------------------------------------------------------------------------- /opensource/CloudFlare-API-Show-Info.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | 4 | apikey='*************' 5 | zone='*************' 6 | email='*************@hotmail.com' 7 | 8 | 9 | ################### Cho ra full thông tin: 10 | 11 | fullrawinfo=`curl --silent -X GET "https://api.cloudflare.com/client/v4/zones/$zone/firewall/access_rules/rules?match=all" \ 12 | -H "X-Auth-Email: $email" \ 13 | -H "X-Auth-Key: $apikey" \ 14 | -H "Content-Type: application/json"` 15 | fullinfo=`echo "$fullrawinfo"|jq .` 16 | 17 | ################### Cho ra tổng số rule: 18 | numberrule=`echo "$fullinfo"| grep "total_count"|awk {'print $2'}| tr -dc '0-9'` 19 | echo "Total rules: $numberrule" 20 | ################### Cho ra full ID Rules: 21 | idrulelist=`echo "$fullinfo" | grep '"id":' |sed "/.*$zone.*/d" | awk {'print $2'}| tr -d ','|tr -d '"'` 22 | echo "ID list: 23 | $idrulelist" 24 | 25 | -------------------------------------------------------------------------------- /opensource/CloudFlare-API-Whitelist-Botsearch.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | 4 | apikey='*************' 5 | zone='*************' 6 | email='*************@hotmail.com' 7 | 8 | mkdir -p /vddos/layer4-mapping/cf/whitelist/ 9 | iplist_willwhitelist='/vddos/layer4-mapping/cf/whitelist/iplist-willwhitelist.txt' 10 | iplist_whitelisted='/vddos/layer4-mapping/cf/whitelist/iplist-whitelisted.txt' 11 | 12 | ################### Chặn IP: 13 | ten_file_chua_list=$iplist_willwhitelist 14 | echo "`cat $ten_file_chua_list | grep .`" > $ten_file_chua_list 15 | so_dong_file_chua_list=`cat $ten_file_chua_list | grep . | wc -l` 16 | dong=1 17 | 18 | while [ $dong -le $so_dong_file_chua_list ] 19 | do 20 | ipwhitelist_hientai=$(awk " NR == $dong " $ten_file_chua_list) 21 | (curl -sSX POST "https://api.cloudflare.com/client/v4/zones/$zone/firewall/access_rules/rules" \ 22 | -H "X-Auth-Email: $email" \ 23 | -H "X-Auth-Key: $apikey" \ 24 | -H "Content-Type: application/json" \ 25 | --data "{\"mode\":\"whitelist\",\"configuration\":{\"target\":\"ip_range\",\"value\":\"$ipwhitelist_hientai\"},\"notes\":\"Whitelist by vDDoS Proxy Protection\"}" >/dev/null 2>&1 & )& 26 | echo "Da Whitelist IP $ipwhitelist_hientai" 27 | dong=$((dong + 1)) 28 | done 29 | #echo > $iplist-willwhitelist 30 | #echo > $iplist-whitelisted 31 | 32 | -------------------------------------------------------------------------------- /vddos-layer4-mapping: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/duy13/vDDoS-Layer4-Mapping/099af4852e245d8421104227ab1bbfd257e5d84c/vddos-layer4-mapping -------------------------------------------------------------------------------- /vddos-layer4-mapping.old-api.08.2017: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/duy13/vDDoS-Layer4-Mapping/099af4852e245d8421104227ab1bbfd257e5d84c/vddos-layer4-mapping.old-api.08.2017 --------------------------------------------------------------------------------