TechCloudFlare API to detect DDoS Attack and Activate or Deactivate Under Attack...

CloudFlare API to detect DDoS Attack and Activate or Deactivate Under Attack Mode

CloudFlare is a reputed and useful free DDoS and Content-Delivery Network (CDN) that help us to protect our website, blog and APIs by mitigating DOS and DDoS attack and increases the website performance with it’s free CDN service. It also saves server’s resources, bandwidth while it strengthen the security from known and unknown external attacks, including DNS and port scanning, Spamming, DDoS, XSS and other type of threats.

In this blog post we’ll learn to deploy an automatic Under-attack mode activator as well as deactivate on the basis of CPU load average.

Currently, on a free plan Cloudflare offer 5 Security Level which can be adjusted to increase or decrease the security levels, these  are:

  1. Essentially Off
  2. Low
  3. Medium
  4. High
  5. Under Attack

These security levels help Cloudflare automated system to determine the security level and apply the challenges on the website.

If you are running your website on a Virtual Private Server (VPS) or a dedicated server with CentOS or Linux based operating system you can use this method to switch to different Security Level on your Cloudflare for a specific website.

Login into your Console using Putty or any other application and run the following commands:

1. Create checkload.sh file with following contents 

You can use nano checkload.sh command to create an empty file.

#!/bin/bash
trigger=5.00
load=`cat /proc/loadavg | awk '{print $1}'`
response=`echo | awk -v T=$trigger -v L=$load 'BEGIN{if ( L > T){ print "greater"}}'`
if [[ $response = "greater" ]]
then
# load=`echo $(cat /proc/loadavg | awk '{print $1}') \> 2 | bc -l`
# if [ "$load" -ne 0 ]; then
        echo -e "Your Server Load Alert Needs Attention! System Load $(cat /proc/loadavg)\n\nSYNC IP\n$(netstat -n -p | grep SYN_REC | awk '{print $5}' | awk -F: '{pri$
        echo "Alert email sent to [email protected]"
./cloudflare-high.sh
echo 'ddos=high'>ddos-high.txt
else
./cloudflare-medium.sh
rm -f ddos-high.txt

fi

echo "System Load $(cat /proc/loadavg)"

After creating the checkload.sh file add the above bash-script and don’t forget to set the load level which is 5.00 by default and also change the E-mail address to receive load notification. After adding the bash-script save the file and assign the executable permission using command chmod +x checkload.sh from the console screen.

2. Create cloudflare-high.sh to increase the Security level or enable under attack mode

Using nano cloudflare-high.sh or any other command create cloudflare-high.sh file with following contents:

if [ ! -e ddos-high.txt]
then
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/YOUR-ZONE-ID/settings/security_level" \
     -H "X-Auth-Email: [email protected]" \
     -H "X-Auth-Key: YOUR-AUTH-KEY" \
     -H "Content-Type: application/json" \
     --data '{"value":"under_attack"}'
fi

Replace YOUR-ZONE-ID with your Cloudflare Zone ID which can be found on the Overview page of your Cloudflare account in the right-side bar at the bottom also replace [email protected] with your Cloudflare registered email ID and YOUR-AUTH-KEY with your CloudFlare Global Key. After making changes save the file and assign the executable permission by running chmod cloudflare-high.sh command from console-line.

3. Create cloudflare-medium.sh to decrease the Security level or disable under attack mode

Using nano cloudflare-medium.sh create cloudflare-medium.sh file with following contents:

if [ -e ddos-high.txt ]
then
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/YOUR-Zone-ID/settings/security_level" \
     -H "X-Auth-Email: [email protected]" \
     -H "X-Auth-Key: YOUR-AUTH-KEY" \
     -H "Content-Type: application/json" \
     --data '{"value":"medium"}'
fi

Replace YOUR-ZONE-ID with your Cloudflare Zone ID which can be found on the Overview page of your Cloudflare account in the right-side bar at the bottom also replace [email protected] with your Cloudflare registered email ID and YOUR-AUTH-KEY with your CloudFlare Global Key. After making changes save the file and assign the executable permission by running chmod cloudflare-medium.sh command from console-line.

3. Adding to Cron Job of your OS

These scripts won’t fire or run until it is manually called or scheduled with the help of Cron job. To create cron job you can run the following command after replacing the path of your checkload.sh file

*/5 * * * * /root/checkload.sh

The above cron job will fire in every 5 minute which you can adjust on the basis of your preference.

Suggestions

You can adjust and change the different security levels by altering the values in the above scripts as well you can also increase or decrease the average CPU load value to adjust when to trigger.

IR Digital Media Team
IR Digital Media Teamhttps://www.isrgrajan.com/
IR Digital Media Team is a member of Digital Pradesh, a collective of journalists, reporters, writers, editors, lawyers, advocates, professors, and scholars affiliated with the Digital Pradesh.

Latest Updates