Need help, DDoS attack on my VPS.. down for 2 days now
Hey guys, I'm in need of some help. For the past two days there has been a DDoS attack on my VPS.
My VPS specs are fairly small, so it is easy to take down, with only 512mb RAM, and a 666MHz CPU. I'm running the latest CentOS.
I've used the command:
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | sed -e s/'::ffff:'/''/g|cut -d: -f1 | sort | uniq -c | sort -n
To check the IP's that are hitting me, and there seems to be hundreds of different ones from all different countries.
" 26 99.147.202.54
28 142.59.192.124
29 119.160.178.45
29 67.206.209.63
36 202.27.218.72
47 66.75.49.158
67 87.3.160.142
130 80.117.212.205"
" 30 70.153.64.140
30 85.94.123.78
38 82.249.18.116
39 66.75.49.158
51 190.213.16.4
51 80.54.48.5
79 87.11.54.124
116 87.3.160.142"
" 36 121.96.116.63
38 85.94.123.78
46 70.153.64.140
59 80.54.48.5
69 190.213.16.4
139 87.11.54.124"
" 44 81.164.95.51
52 190.213.16.4
57 76.3.94.140
109 219.93.18.98
186 82.117.202.46
187 189.127.141.70
208 212.156.145.206"
And the list never ends.. Every few minutes all the IP's change.
As you can see the IP's that are using up all my resources are random, and change about once every minute. I've tried adding the most resource consuming IP's to my iptables, with no luck - as more and more IP's will pop up with 200+ processes in use.
I've got (D)Dos deflate installed, and from what I can see it doesn't seem to be working..
I'm stuck here, what could I possibly do to get my site back online, with limited money resources? My host recommend that I try:
"Try with nginx as a reverse proxy and let us know how it works."
What is this, and how would I use this?
Any help at all would be highly appreciated,
Matt.