DDos Guide and how to protect yourself)

Info about Ddosing (This is for educational purpose only)
DDoS is short for Distributed Denial of Service. DDoS is a type of DOS attack where multiple compromised systems, which are often infected with a Trojan, are used to target a single system causing a Denial of Service (DoS) attack.
========================================================================================================================================

    DoS/DDoS
    What is DDoS actually?
    Is it illegal? Will I get easily caught?
    How to DDoS?
    Spoofing
    How to prevent a DDoS Attack?
    DDoS Ampflication.
    Layer 4 and Layer 7
    Scripts.
    Websites that allows spoofing.


DoS/DDoS

DoS (Denial of Service)
DDoS (Distributed Denial Of Serivce)

They both have a large difference, DoS is sending from one location, and DDoS is sending from multiple locations.

What is DDos actually?

DDoS is basicly sending out packets, and preventing the usert from connecting to the destination.
Basicly the user is trying to connect 1.1.1.1, And the attacker is sending packets to 1.1.1.1 to prevent the user from connecting.

When the host isnt being ddosed :
User > Testing Connection > 1.1.1.1 > Succesfully connected.

When a DDoS attack is active :
User > Testing Connection > Connection failed > Timeout on 1.1.1.1

Is it illegal? Will I get easily caught?

In some ways, DDoS is legal, but mostly DDoS is illegal, DDoS is also called Stress-testing, that means you are testing your server, to see If your server can handle a large amount of bandwith in.
But DDoS is mostly illegal, and for illegal purposes used, like attacking homeconnections without permission.

Is it easy to get caught? No, depends on where you are sending the attack from, you can hide your location with a VPN (Virtual Private Network).

How to DDoS/DoS

A denial of service attack is basicly sending out packets from your location to a destination, to prevent a user connecting to the destination.
You can DoS simply with using Control+R and type in CMD.exe, then type something like ping (host), this is basicly pinging the destination.
Pinging wont do much, So you can buy a server and send packets from that, that will make you getting caught a lower chance, most hosts doesnt allow DDoS attacks, and will simply cancel your dedicated server/VPS.
You need a host that allows spoofing, So your destination doesnt know wher e to send the abuse report to, this will prevent you from getting your server canceled Not all hosts allow spoofing

Spoofing

What is spoofing you ask? Spoofing is basicly hiding your host so the destination doesnt know, where the packets come from, Here is how spoofing looks like :
Spoiler (Click to View)

How to prevent DDoS attacks?

Preventing DDoS attacks, isnt that simple you think it is, There are alot of different ways to stop DDoS attacks, You can ask for DDoS Protection by your host, or you can get migation, migation is basicly spreading all the packets to a set of servers so your main server doesnt get too much packets in, a reverse proxy can be used also.

How to block XMLRPC attacks?
Simply block the Wordpress Useragent, and make them redirect to a blank page.

DDoS Ampflication

What is DDoS ampflication you ask? Well its basicly a ampflication of your DDoS attacks, there are alot of different methods to use for ampflication attacks, You double your DDoS attacks using a ampflication method.

Here is a list of different amp (ampflication) methods :
(Click to View)

Layer 4 and Layer 7

What is the difference about Layer 4 and Layer7 you ask?
Layer 4 is basicly sending out data/packets.
Layer 7 is sending out fake users, to a webserver.

List of Layer 4 and Layer 7 methods.
Layer 4 (Click to View)

Layer 7 (Click to View)

Scripts

Well, you need scripts also before DDoSing, so here is a thread where a large amount of scripts got posted :)

https://hackforums.net/showthread.php?tid=4230629
Compile using chmod 777 (file)

Scanning and Filtering.

Scanning and filtering, is really important for your ampflication methods.
Scanning is basicly searching around the world, for IPs that your ampflication method can use, to double the attack amount.

How do you filter you ask me?
Here are some filter scripts, made by QuezzStresser.
http://quez-stresser.com/joomlafilter.txt
http://quez-stresser.com/mssqlfilter.txt
http://quez-stresser.com/xmlrpcfilter.txt
http://quez-stresser.com/chargenfilter.txt

Use them with installing PHP.

Filtering is testing the timeout on the IPs you scanned, the lower the timeout the higher your amp rate is.

Websites that allow spoofing.

http://www.ecatel.info
https://www.slaskdatacenter.pl
http://blazingfast.io | Layer 7 only.
use OVH for scanning.
==========================================================================================================================================
Ddosing  site

distributed denial-of-service attack (DDOS attack) is an attempt to make a computer resource unavailable to its intended users. One common method of attack involves sending an enormous amount of request to Server or site and server will be unable to handle the requests and site will be offline for some days or months depending upon the strength of Attack i.e. (Data Sent to the Site/Server)

Basic Procedure/Logic employed in DDOS :

1.) Open Command Prompt in windows by going to Start -> All Programs -> Accessories -> Command Prompt.

2.) Type "ping site-ip -l 5120 -n 100000 -w 1".

Here "site-ip" is the IP Address of Target, You can also use site-name like "www.google.com" instead of site-ip."5120" is the size of packet sent to the target Which is 5 KB in example. "100000" is the no of requests sent to the Target. "- w 1" is the waiting time after each request which is 1 sec in example. You can change these parameters according to your need, but Don't omit these.

This Attack is also called "Ping of Death"

But In Actual a Single Computer using this Attack cannot Deface a Site for long time. Hackers Create and install botnets on different computers as trojans and use those Comprised Computers also to send these Dummy Packets to Target. When a Large no of Compromised Computer send simultaneous Requests to the target, the target site will be offline and Defaced.
=========================================================================================================================================
Types#
UDP Flood

SYN Flood

Ping of Death

Reflected Attack

Peer-to-Peer Attacks

Nuke

Slowloris

Degradation of Service Attacks

Unintentional DDoS

Zero Day DDoS

Multi-Vector Attacks
==========================================================================================================================================
How to protect yourself

Anti-Virus Programs:
So after testing the anti-virus program AVG it turned out to be actually a decent anti virus [With the help of other programs that we will mention later]
So yeah i guess you should also download it.
It will function as A Normal Computer Anti-Virus:
http://www.avg.com/ww-en/homepage

Next here we have our default Advanced Anti-Virus which will protect us from viruses upon with RATs since most crypters can't fight The well known nod32.
The ESET Smart security will also protect from ddos attacks and bad websites upon with other cool extra features:
https://www.eset.com/int/home/smart-security/
======================
Advanced Firewalls:
First we will start out with our basic new internet firewall that won't allow hackers to use port scanning programs on you such as NMAP,it also blocks the OS Detection hack that can be used by hacking tools... it's a really decent internet firewall and by the help of the anti-viruses,nothing will be able to stop it.
Zone Alarm Firewall:
http://www.zonealarm.com/software/free-firewall/

Second here we have our default Advanced Firewall which will protect you both Online and Offline,It will protect your internet and also might function as an anti virus since it doesn't allow processes that can be executed silent without your permission,now it gives you the permission to do whatever you want with the process.
However,i am talking about Comodo firewall.
If you got annoyed from the notifications asks for permission and stuff,use the Game Mode in the comodo firewall.
Comodo Firewall:
https://www.comodo.com/home/internet-sec...rewall.php
======================
Browser Protection [TOR]:
So basically if you feel unsafe on the internet use the browser TOR to be anonymous.
TOR:
https://www.torproject.org/
If you want to maximize the protection use some Proxies.
Also make sure to open a VPN before opening TOR [If you want to maximize the protection.]
Also i am not really sure if you can run TOR with Proxies with a fucking VPN but i will try this method soon and i will let y'all know if it's possible or not.
However,For now lets move on to the VPN.
======================
VPN[Virtual Private Network]:
Look guys,when it comes to VPN i am not that expert guy that can tell if a vpn keeps logs or not.
So If you have a secure VPN that doesn't keep logs,make sure to run it and NOT USE THE ONE THAT I SUGGEST.
But incase you don't,you can just use this one:
https://www.securitykiss.com/
I have been using this one for a pretty long time,and it works very well.
There are thousands of hundreds of VPNs out there,so make sure you have the best one that you can find.
Or if you are really curious or if you are a true black hat hacker,then you can give the VPNs your middle finger and use proxies instead.
======================
VMware [Virtual Machine]
If you want to run Without being infected with anything,run a windows virtual machine on VMware: http://www.vmware.com/
Also,Sandboxie: http://www.sandboxie.com/
Is a goot tool to use for both,ur main OS [Ur computer/laptop] and the VMware.
======================
Quick shits before i end the tutorial:
Note:If you tried to sell this tutorial as a Private Protection Method,i will find your computer and you will be a victim of Project Ni
Now lets move on to the tips:
1-If you have a question write it down below,i might be able to help you.
2-If you are a hacker don't use windows,use kali linux.
3-Do not treat your CMD as a hacking terminal.
4-Don't be a skid.
5-Don't make anyone teach you hacking,teach yourself.
6-Feel free to install any program that will maximize your protection.
7-If you used this,don't be a stupid fucker and tell everyone about it.
8-If you have open ports,close them. [Unless you know what you are doing.]
9-Turn off windows firewall if you don't need it.
10-If you want to run a suspicious program,use sandboxie on VirtualMachine.
==========================================================================
VPN are useful from an Ddos and ip masking but these may not always help.
====================================================================================
1) Download and install WampServer: http://www.wampserver.com/en/

2) Configure it to operate on a port that is not 80 such as 9987

3) Correctly port forward for your web server (you may not be able to see it if you go through your browser. Just use http://www.canyouseeme.org/ to check).

4) Register @ http://ddos-protection.io and claim your free ddos protection

5) Register a domain for your website, it can be a free one.

6) Verify your website i.e: http://yourwebsite.com:9987/verify.txt

7) Create a reverse proxy to your home IP on port 9987, or whichever port that you chose.

8) Point your domain to the DDoS-Protection.io servers!

9) Enjoy! Your website now has DDoS protection, and is operating under a standard port (port 80). http://yourwebsite.com will now work without the :9987 (port)
=====================================================================================================================================
anything else ask me.