hey,
guys today I have been hit with HUGE DDOS attack (syn flood)(http://www.webhostingtalk.com/showthread.php?threadid=430301) it took me 7 hours to find the site, I lost 4 Ips and had to move all sites to different Ip. I have redirected the domain name to 127.0.0.1 but the person moved it to mphosting.net , I see that they are down now, and I'm not sure how to notify them. They will probably do not find the problem as it is almost impossibe.

If You guys know any contact info to mphosting.net let them know , maybe moderstors have email address...

if You have your own hosting company you better block the domain name.

It's probably a HIYP site and thus getting DDoS'd.

Do you know what the site was all about?

How did you figure out who was causing the attack ? Last time I had a situation like this I used netstat to see all open connections. Then I searched for the offending IP`s in the Apache logs.

Its the same attack hitting multiple sites :) Mostly HYIPS

Originally posted by server4sale
Its the same attack hitting multiple sites :) Mostly HYIPS
There are people going around trying to blackmail HYIPs. If the HYIP doesn't respond or refusses to send the requested amount to a specified e-gold account then the HYIP gets DDOSed

There has been an increased in DDoSS activity lately. One of our servers faced the same attack but on a completely different website. It took us over a day to block it.

Massive SYN floods... If this happens to you, the only way is to change ips..

Is there not a way to stop these kinds of attacks all together?

Originally posted by thomas.smith
How did you figure out who was causing the attack ? Last time I had a situation like this I used netstat to see all open connections. Then I searched for the offending IP`s in the Apache logs.

That wont do you much if the IP being attacked is your shared IP.

Originally posted by xAngel
Is there not a way to stop these kinds of attacks all together?

You need Anti-DDoS security gear on the front. Without it you are pretty much SOL.

Sorry for the late reply - didn't see this post until now.

We got a notification about it - THANK YOU! We were probably lucky as our downtime got "limited" to about 5 hours in total... Although terminating the domain didn't solve the problem instantly (the requests were still coming to the server due to DNS caching), we at least know what hit us and could make sure that we wouldn't get any more problems after the DNS caches expired.

I spoke to the domain owner, and told him not to use the domain. He said that the DDoS story was also what his previous host told him, but he thought he would solve the problem by changing hosting company :-(

He also said that his biggest competitor was also getting hit by this, so I encouraged him to go to the police. Don't know what happened after that.

Anyway, our data center, The Planet, solved it by implementing Cisco Guard - 5 minutes after, we were back online...

He is one of those who dont want to spend that much amount :)

Sorry, I don't get it (maybe it is because it is past midnight here...) Who doesn't want to spend such an amount and on what?

Cheers...