Skip to content

Simple Python script that will detect timeout, and enable Cloudflare custom WAF rules

License

Notifications You must be signed in to change notification settings

plisskien/anti-ddos-script

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
 
 
 
 
 
 

Repository files navigation

Anti-DDoS Python Script

This is a simple Python script designed to detect timeouts and enable Cloudflare custom WAF rules. The script was created to help users who prefer to have their Cloudflare WAF off when not needed.

Prerequisites

  • Cloudflare free plan
  • Another server with SSH access to host the script
  • Python installed on the server (you can also host it on the same server, but it's not recommended)
  • Installed requests and ping3 on server with Python

FAQ

Q: How does it work?

A: The script sends a request every second to detect timeouts (default timeout is 5 seconds). It then pings the server IP to check if the server is up. If the server is down, it waits for 60 minutes and repeats the process. If the server is up but there is downtime, it indicates a potential DDoS attack. The script then uses the Cloudflare API to update WAF rules (examples provided in the code). After 60 minutes, it turns off the Cloudflare rules.

Q: Is it tested and functional?

A: Yes, it works effectively with a stable hosting provider. If your hosting provider experiences instability, the script might trigger itself even without a DDoS attack.

Q: Can I customize the DDoS detection method?

A: Yes, you can modify the script to use your own DDoS detection method. The provided timeout-based method is effective for stable VPS setups.

Screenshots

Downtime during DDoS attacks: downtime

High CPU usage during server downtime: ddps-dead-server

Normal CPU usage during non-attack period: ddos-not-dead-server

Cloudflare dashboard showing requests: cloudflare-panel

Discord logs for reference: discord-logs

Sources

  • Uptime Kuma
  • Grafana integrated with Prometheus