Boela kwa blog
Ferikgong 19, 2026Dikaelo

Jang go Sireletsa VPS ya Gago go tswa mo Diteko tsa DDoS: Kaelo e e Dirisiwang

Kaelo e e feletseng ya go sireletsa VPS ya gago go tswa mo diteko tsa DDoS o dirisa di-firewall, rate limiting, le mekgwa e mengwe e e netefaditsweng.

Jang go Sireletsa VPS ya Gago go tswa mo Diteko tsa DDoS: Kaelo e e Dirisiwang

Diteko tsa DDoS (Distributed Denial of Service) di ka tsenya server ya gago e e sa berekeng ka metsotswana e le mmalwa, e e isang go lefelwa ga madi, go se kgotsofale ga baemedi, le go senngwa ga leina. Mo 2026, diteko tse di nna tse di nonofileng ka botlalo le go fitlhelelwa. Ka ntlha ya boammaaruri, mekgwa e e ntsha ya tshireletso le yona e fetogile. Kaelo e e tla go bontsha jang go sireletsa VPS ya gago ya Hiddence go tswa mo mefuta e e tlwaelegileng ka botlalo ya diteko tsa DDoS.

Teko ya DDoS ke eng?

Teko ya DDoS e diragala fa dikhomphutha tse dintsi (botnet) di romela dikopo ka nako e le nngwe go server ya gago, di e tlala ka didiriswa mme di e dira gore e se ka e fitlhelelwa ke badirisi ba ba siamang.

Mefuta e e Kgolo ya Diteko tsa DDoS

  • Diteko tsa Volumetric (L3/L4): UDP flood, ICMP, SYN flood — di tlala bandwidth ya network
  • Diteko tsa Application Layer (L7): HTTP flood, Slowloris — di tsepame mo application layer
  • Diteko tsa Protocol: Di dirisa dibotlhodi mo di-protocol tsa network

Tshireletso e e Agilweng mo Teng ya Hiddence

VPS tsotlhe tsa Hiddence di akaretsa tshireletso e e motlhofo ya Layer 3-4 ya DDoS (maemo a network). Seno se tlhopha ka boitekanelo diteko tse dintsi tsa volumetric. Le fa go ntse jalo, diteko tsa Layer 7 (application) di tlhoka peakanyo e e eketsegileng.

Kgato 1: Go Seta Firewall

Motse wa ntlha wa tshireletso ke peakanyo e e siameng ya firewall. UFW (Uncomplicated Firewall) ke sediriswa se se bonolo le se se nonofileng bakeng sa Ubuntu/Debian.

bash
# Tsenya UFW
sudo apt update && sudo apt install ufw -y

# Letlelela SSH (BOTLHOKWA! Dira seno pele ga go nolofatsa UFW)
sudo ufw allow 22/tcp

# Letlelela HTTP le HTTPS
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

# Nolofatsa UFW
sudo ufw enable

# Sekaseka maemo
sudo ufw status verbose

# Melao ya tshireletso e e kwa godimo:
# Lekanya dikgolagano tsa SSH (tshireletso ya brute force)
sudo ufw limit 22/tcp

# Thibela ICMP ping floods
sudo nano /etc/ufw/before.rules
# Tsenya morago ga *filter:
-A ufw-before-input -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
-A ufw-before-input -p icmp --icmp-type echo-request -j DROP

# Tshireletso kgatlhanelo le SYN flood
sudo nano /etc/sysctl.conf
# Tsenya:
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 5

# Dirisa diphetogo
sudo sysctl -p

Kgato 2: Tsenya Fail2Ban

Fail2Ban e thibela ka boitekanelo di-IP address tse di bontshang tiro e e tshosang (diteko tse dintsi tsa go tsena tse di paletsweng, go sekaseka port).

bash
# Tsenya
sudo apt install fail2ban -y
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

# Peakanyo bakeng sa tshireletso ya SSH le HTTP
# Dira peakanyo ya lefatshe
sudo nano /etc/fail2ban/jail.local

# Tsenya:
[DEFAULT]
bantime = 3600
findtime = 600
maxretry = 5
banaction = ufw

[sshd]
enabled = true
port = 22
logpath = /var/log/auth.log

[nginx-http-auth]
enabled = true
filter = nginx-http-auth
port = http,https
logpath = /var/log/nginx/error.log

[nginx-limit-req]
enabled = true
filter = nginx-limit-req
port = http,https
logpath = /var/log/nginx/error.log

# Boela morago Fail2Ban
sudo systemctl restart fail2ban

# Sekaseka maemo
sudo fail2ban-client status

Kgato 3: Tshireletso ya Nginx

Fa o dirisa Nginx, seta rate limiting go sireletsa kgatlhanelo le diteko tsa HTTP flood.

bash
sudo nano /etc/nginx/nginx.conf

# Tsenya go http block:
http {
    # Moedi wa dikopo: dikopo tse 10 ka motsotswana o mongwe le mongwe ka IP
    limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;
    
    # Moedi wa kgolagano
    limit_conn_zone $binary_remote_addr zone=addr:10m;
    
    # Tshireletso ya Slowloris
    client_body_timeout 10s;
    client_header_timeout 10s;
    keepalive_timeout 5s 5s;
    send_timeout 10s;
    
    # Peakanyo e e setseng...
}

# Mo server block tsenya:
server {
    location / {
        # Dirisa moedi wa dikopo
        limit_req zone=one burst=20 nodelay;
        
        # Moedi wa kgolagano: max 10 ka IP
        limit_conn addr 10;
        
        # Peakanyo ya gago...
    }
}

# Leka peakanyo mme o boele morago
sudo nginx -t
sudo systemctl reload nginx

Kgato 4: Dirisa CDN

Bakeng sa tshireletso e kgolo ka botlalo, dirisa tiro ya CDN jaaka Cloudflare. CDN e bereka jaaka proxy, e patile IP ya nnete ya server ya gago mme e nwa diteko tse dintsi tsa DDoS. Dikgolagano: patile IP ya nnete, go tlhopha ka boitekanelo ga traffic e e masisi, go abelana load, SSL/TLS e sa lefeng, WAF bakeng sa tshireletso ya L7.

  • Ikwadise mo cloudflare.com (plan e sa lefeng e leng teng)
  • Tsenya domain ya gago mme o fetole di-record tsa NS mo moemedi wa gago
  • Nolofatsa mokgwa wa 'Proxy' (orange cloud) bakeng sa di-record tsa DNS
  • Seta mokgwa wa SSL go 'Full (strict)' mo karolong ya SSL/TLS
  • Nolofatsa 'DDoS Protection' le 'Bot Fight Mode' mo ditlhophisong tsa tshireletso

Kgato 5: Tlhokomelo

Tlhokomelo e e tshwaraganeng e thusa go bona diteko ka bonako.

bash
# Tlhokomela dikgolagano tse di berekang
watch -n 1 'ss -s'

# Leba di-IP tse di kwa godimo ka palo ya kgolagano
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

# Leba di-log ka nako e ntseng jaanong
sudo tail -f /var/log/nginx/access.log
sudo journalctl -u nginx -f

# Sekaseka di-IP tse di thibetsweng mo Fail2Ban
sudo fail2ban-client status sshd

Ditsela tsa Tshoganetso

Fa teko e ntse e tswelela, tsaya ditsela tse di latelang:

  • Bona motswedi: Dirisa 'netstat' kgotsa di-log go bona di-IP tse di atakang
  • Thibelo ya nako e khutshwane: sudo ufw insert 1 deny from ATTACKING_IP
  • Thibela di-subnet tsotlhe: sudo ufw deny from 123.45.0.0/16
  • Moedi wa rate limit: Fokotsa ka nako e khutshwane di-melemo tsa Nginx go 1-5 req/s
  • Buisana le tshegetso: Etelela go tshegetso ya Hiddence bakeng sa go nolofatsa tshireletso e e kwa godimo
  • Nolofatsa 'Under Attack Mode' mo Cloudflare (fa o dirisa)

Mekgwa e e Molemo

  • O se ka wa phatlalatsa IP ya nnete ya server ya gago fa o dirisa CDN
  • Ntsha ditlhophiso tsa system ka metlha: sudo apt update && sudo apt upgrade
  • Dirisa di-key tsa SSH mo e leng tlhokego ya di-password bakeng sa pono ya server
  • Fetola port ya motlhofo ya SSH (22) go e e sa tlwaelegileng
  • Seta di-backup tse di ikemetseng bakeng sa go boela morago ka bonako
  • Dirisa di-IP tse di farologaneng bakeng sa ditiro tse di botlhokwa
  • Nolofatsa go loga mme o sekaseke di-log ka metlha bakeng sa tiro e e tshosang
  • Akanya go dirisa thibelo ya lefatshe fa tiro ya gago e se ya lefatshe ka bophara