• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

[AntiDDoS] for Plesk Panel with vDDoS Proxy Protection

duy13

duy13

New Pleskian
Server operating system version
Microsoft Windows Server 2012 R2
Plesk version and microupdate number
Plesk Obsidian Version 18.0.42
[AntiDDoS] for Plesk Panel with vDDoS Proxy Protection



STEP 1: Install Plesk (Plesk Onyx Or Plesk Obsidian)

Code: 
wget https://autoinstall.plesk.com/plesk-installer
chmod +x ./plesk-installer
env PLESK_INSTALLER_SKIP_FIREWALLD=1
./plesk-installer --web-interface


More documentation:
Installing Plesk for Linux Using Installer GUI
Installing Plesk for Linux Using Installer GUI


STEP 2: Install vDDoS Proxy Protection

vDDoS Proxy Protection is free software to provide a Reverse Proxy Server HTTP(S) protocols. It act as a Layer 7 Firewall Filter & Mitigate DOS, DDOS, SYN Floods, or HTTP Floods attack to protect your website.

Code: 
wget https://files.voduy.com/vDDoS-Proxy-Protection/latest.sh ; chmod 700 latest.sh ; bash latest.sh

More documentation:
vDDoS Proxy Protection - Home


STEP 3: Stop Nginx Proxy Server

Code: 
service nginx stop
chkconfig nginx off

Re-Check Apache port:

Code: 
[root@vDDoS-Plesk ~]# netstat -lntup|grep httpd
tcp6       0      0 :::7080                 :::*                    LISTEN      7261/httpd
tcp6       0      0 :::7081                 :::*                    LISTEN      7261/httpd




STEP 4: Config vDDoS Proxy Protection

For example, the IP Addr of your server is 1.2.3.4:

Code: 
nano /vddos/conf.d/website.conf

# Website       Listen               Backend                  Cache Security SSL-Prikey   SSL-CRTkey
default         http://0.0.0.0:80    http://1.2.3.4:7080    no    no      no           no
default         https://0.0.0.0:443  https://1.2.3.4:7081   no    no      /vddos/ssl/your-domain.com.pri /vddos/ssl/your-domain.com.crt

Restart vDDoS service after you have configured:

Code: 
/usr/bin/vddos restart



STEP 5: Config vDDoS Auto Add

vDDoS Auto Add is a addon support for vDDoS Proxy Protection - Monitor Domains/Aliasdomains/Subdomains in Panel Hosting, Web Server, List Domain, Virtual Host... and automatically add them into the website.conf file.

Code: 
nano /vddos/auto-add/setting.conf

# Default Setting for vddos-add command:

SSL                auto
DNS_sleep         66
DNS_alias_mode    no
Cache            no
Security        no
HTTP_Listen        http://0.0.0.0:80
HTTPS_Listen    https://0.0.0.0:443
HTTP_Backend    http://1.2.3.4:7080
HTTPS_Backend    https://1.2.3.4:7081

Set Crontab:

Code: 
echo '*/15 * * * * root /usr/bin/vddos-autoadd panel plesk apache' >> /etc/crontab




STEP 6: Config vDDoS Auto Switch

vDDoS Auto Switch is a addon support for vDDoS Proxy Protection - Automatically identifies overloaded websites and changes their Security Mode.

Code: 
nano /vddos/auto-switch/setting.conf

# This is the default configuration for "sensor-switch.sh" and "vddos-autoswitch.sh"

hostname="vDDoS Master"                            #(Name this server, it will show up in Email notifications)

vddos_master_slave_mode="no"                    #(Turn on "yes" if your system has slave servers, want to sync affter switch like master)
backend_url_check="no"            #(Put the URL of the backend. Ex: https://1.1.1.1:8443/ (make sure Backend status response is "200"))

send_notifications="no"                        #(Turn on "yes" if you want receive notification)
smtp_server="smtps://smtp.gmail.com"        #(SMTP Server)
smtp_username="[email protected]"                #(Your Mail)
smtp_password="xxxxxxxxxxxxx"                 #(Get your Apps password for Gmail from https://security.google.com/settings/security/apppasswords)
send_notifications_to="[email protected]"        #(Your Email Address will receive notification)


maximum_allowable_delay_for_backend=2             #(Means: If Backend (status response "200") is slower than 2s, vDDoS will enable challenge mode)
maximum_allowable_delay_for_website=2             #(Means: If Website (status response "200") is slower than 2s, vDDoS will enable challenge mode)

default_switch_mode_not_attack="no"                #(Default Mode vDDoS use when it's not under attacked)
default_switch_mode_under_attack="high"            #(Default Mode vDDoS use when it's under attack)
default_waiting_time_to_release="60"            #(For example 60 minutes, release time from challenge)


Crontab vDDoS Auto Switch:

Code: 
echo '*/5 * * * * root /usr/bin/vddos-autoswitch checkalldomain high' >> /etc/crontab
echo '0 */3 * * * root /usr/bin/vddos-switch allsite no && /usr/bin/vddos reload' >> /etc/crontab
echo '* * * * * root /usr/bin/vddos-sensor' >> /etc/crontab


More documentation:
GitHub - duy13/vDDoS-Auto-Switch: Automatically identifies overloaded websites and changes their Security Mode.
 
You must log in or register to reply here.

Similar threads

I
Question Configuring Plesk with a Reverse Proxy and Cloudflare
Replies
1
Views
2K
kriteodoro
K
A
Question Assistance Needed: Setting Up Reverse Proxy for Joplin Server on Plesk VPS
Replies
0
Views
510
alborworld
A
Hangover2
Input Plesk Obsidian 18.0.59 - stable enough for live deployment?
Replies
5
Views
833
Bod
Bod
Monty
Resolved Password protection breaks static files access (404 error)
2
Replies
29
Views
8K
r.vandijk@flexpressiv
R
kaw.one
Question (VPS) Cloudflare, Gmail and Other Plesk Panel 8443 (2 minutes - slow read)
Replies
1
Views
635
kaw.one
kaw.one
Back
Top