BitNinja has a built-in module for monitoring current active connections and interfering in case of a potential denial of service attack. If there are more than 80 connections from a single IP, BitNinja detects it as an attack. The 80 threshold can be configured on a per port basis.
To change the default thresholds create a config file at /etc/bitninja/DosDetection/config.ini
An example content for the config.ini file:
; ; Thresholds set to DoS Detection ; [tresholds] general = 80 ; Threshold for remote SMTP servers. remote = 200 remote = 200 ; Threshold for local ports local = 40 ;You can set restrictions for remote and local ports. For example to change ;the number of connections allowed to the default IMAP4 port (143) you can do this: local = 150
When BitNinja detects a DoS attack, it will block the IP for 1 minute and then place it to the greylist allowing the user to delist his/her IP. To change the default threshold, you can modify /etc/bitninja/IpFilter/config.ini, or add this section with the proper value:
[times] ; ; Temporary blacklist time in DoS suspicious requests; default: 60 ; tmp_bl_sec = 60
You can read more about the greylist on the CaptchaHttp - Http Captcha module page.
Don’t forget to restart BitNinja after creating the custom restrictions.
service bitninja restart