Results 1 to 18 of 18
Thread: DDOS attacks ?
-
11-18-2009, 04:37 PM #1Junior Guru Wannabe
- Join Date
- Sep 2009
- Location
- Indonesia
- Posts
- 59
DDOS attacks ?
hmm do anyone have protection plans about this ?
how do you guys manage the attacks ?
-
11-18-2009, 09:51 PM #2WHT Addict
- Join Date
- May 2009
- Posts
- 165
There are a few ways and methods, check google for something that works for you, here is a start. http://www.mydigitallife.info/2007/1...-ddos-deflate/
I don't have much experience with DDOS, but one this you can do is set up a firewall which does ingress and egress filtering at the gateway (e.g., APF from http://www.rfxnetworks.com/apf.php)
-
11-18-2009, 10:25 PM #3WHT Addict
- Join Date
- Oct 2006
- Location
- New Jersey
- Posts
- 110
DDOS is really hard to prevent, depending on number of bots attacking you. Protecting from large botnets could cost you thousands of dollars per month. However, hackers usually don't launch large attacks on the people whom do no have to spend thousands of dollars per month.
There are quite few web hosting providers, whom does provide shared hosting with DDOS minimal or medium protection for reasonable amount of money.
I do believe there was couple here on WHT in offers section, have a look.«▌UNIX IS user friendly, it's just very choosy about who it calls a friend.
-
11-19-2009, 05:50 AM #4Web Hosting Guru
- Join Date
- Nov 2009
- Location
- Nasik,India
- Posts
- 252
Hi,
For DDOS Attack u use this
netstat -anp | grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
this will help u better....
-
11-19-2009, 05:57 AM #5Temporarily Suspended
- Join Date
- Feb 2006
- Location
- India
- Posts
- 858
If your website is not very important, just wait till it dies down.
-
11-19-2009, 07:02 AM #6Web Hosting Master
- Join Date
- Jun 2006
- Location
- London, Arizona, Utah
- Posts
- 654
What are the size of the attacks?
General Manager, 100TB100TB.com -> 21 Datacenter Locations
-
11-19-2009, 07:56 AM #7Web Hosting Master
- Join Date
- Oct 2009
- Posts
- 1,063
This command will show you the IP arranged in order of established connections to the server,
#netstat -lpn|grep :80|awk '{print $5}'|sort
if you have more than 30 connections then its sure that your server is under doss. You should need to block this IP using csf/apf or iptables firewall.Shared Hosting | Reseller Hosting | VPS Hosting | Dedicated Servers
KeserHosting.Com
-
11-19-2009, 08:00 AM #8New Member
- Join Date
- Oct 2009
- Posts
- 1
Hello,
These days DDOS attack become usual in the webhosting server
You can check the which site has been attacked, You can follow the below checklist to Stop at certain extent.
1.How to find DOS attack on the server.
$> ps aux | grep httpd
if you find more access to httpd process from above command result, you can suspect there is DOS attack in the server.
2. Run the below script to confirm the DOS attack.
netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
you can find high hit from different IPs.
3.If You confirm DOS attack in the server, then compile the DOS_EVASIVE module in the apache server.
4. Now we have to check the "MaxClient" and Timeout value in apache configuration.
MaxClients 150 Timeout 300 Timeout 300 is the default value ,we can reduce bit lower into avoid DOS attack at certain extend.
4. Now we have to find , on which are the domain, DOS attack is happening
cd /usr/local/apache/domlogs/
ls -ltr |tail -50
(it will list the TOP 50 domains which are in high access.
Otherwise, go to WHM >> apache status. That will show the domain which is having high http access.
3.Now, Run the following command to know the IPs which is hitting the particular domain..
cd /usr/local/apache/domlogs/
tail -f domainname | awk {'print $1'}
If the hit is coming from same IP, we can block only those IP. if hit is from different ranges of IP, we have to suspend the account or can block the range of IPs.
5. If the attack happening still, we can remove the DNS DB entry for the domain.
6.After 3-4 hrs(propagation delay), DOS attack will be stopped on the particular domain.
-
11-19-2009, 08:22 AM #9Junior Guru Wannabe
- Join Date
- Sep 2009
- Location
- Indonesia
- Posts
- 59
thanks guys for the replays ,how about services like proxy shield ( at WHT patners above )
-
11-19-2009, 10:15 AM #10WHT Addict
- Join Date
- Aug 2009
- Posts
- 171
External services like Proxy Shields (which makes use of another DNS like a layer to protect your server) are really pricey from what I see. In terms of effectiveness, I believe most are utilizing external hardware to mitigate the DDOS attacks so it would most likely work. If you are getting DDOS (which I was) on a large scale, I doubt you'll be able to even connect to your server to perform important tasks. Especially since its a DDOS, there will be loads of connections from different IPs, Zombie Agents.
-
11-19-2009, 11:02 AM #11Newbie
- Join Date
- Oct 2009
- Posts
- 9
Hello,
If you dont have any firewall on your server (except iptables). Please install apf or csf, it will reduce DOS attacks.
-
11-19-2009, 12:31 PM #12Junior Guru Wannabe
- Join Date
- Sep 2009
- Location
- Indonesia
- Posts
- 59
-
11-19-2009, 12:59 PM #13Web Hosting Master
- Join Date
- Jan 2003
- Location
- U.S.A.
- Posts
- 3,928
First off no Software firewall is going to stop a DDOS attack. It will help but a decent size DDOS attack you will need to get a hardware firewall. I have tried a few solutions out at in reality it all depends on what type of DDOS attack it is to be effective.
-
11-19-2009, 04:42 PM #14Disabled
- Join Date
- Oct 2009
- Location
- India
- Posts
- 95
Hi,
You can view the http requests by checking the log files inside /usr/local/apache/domlogs/
The details of the present http connections can be found by using:
Code:netstat -alpn | grep :80 | awk '{print $5}' | cut -d: -f 1 | sort | uniq -c | sort -n | tail -10
If you want to block an IP use the syntax
Code:iptables -I INPUT -s IP -j DROP
-
11-19-2009, 07:51 PM #15WHT Addict
- Join Date
- Mar 2006
- Posts
- 165
Maybe PSAD could help you.
-
11-20-2009, 09:36 AM #16Web Hosting Guru
- Join Date
- Nov 2009
- Location
- Nasik,India
- Posts
- 252
Hi,
A quick and usefull command for checking if a server is under ddos is:
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
Then u can drop that ip by using following scripts
iptables -A INPUT -s 88.110.69.244 -j DROP
iptables -A INPUT -s 88.107.33.203 -j DROP
iptables -A INPUT -s 79.74.148.98 -j DROP
iptables -A INPUT -s 81.151.140.127 -j DROP
iptables -A INPUT -s 82.28.3.143 -j REJECT
-
11-20-2009, 10:07 AM #17
How this cmd will help you to prevent DDoS?
It's ok to manually ban IP but on DDoS attack with around 5k bot or more, you will probably ban IP during a week 24/24.
You can also use:
route add IPADDRESS reject
With APF:
apf -u IPADDRESS
But again those method, will not prevent or mitigate a DDoS attack.Last edited by UnderHost; 11-20-2009 at 10:13 AM.
█ • UnderHost.com • Offshore Hosting Solutions and USA/Canadian based servers.
█ • 24/7 Rapid Support / 99.9% Uptime Guarantee / Shared / Cloud / VPS / Dedicated Servers
█ • Managed OnApp Cloud • USA Cloud Virtual Datacenter - Dedicated and Scalable Resources
█ • Hong Kong - Netherlands - Canada - Caribbean - United States - Russia •
-
11-20-2009, 10:13 AM #18Web Hosting Guru
- Join Date
- Nov 2009
- Location
- Nasik,India
- Posts
- 252
Hi,
With this
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
u can check how many connections at ur end after that usinf\g iptables u can just reject that ip rages
so this will help u like this......
and u protect it by installing csf......
skype: kedar.varma
Similar Threads
-
Ddos Attacks
By SpeedHostingDaniel in forum Systems Management RequestsReplies: 2Last Post: 05-06-2007, 02:50 PM -
Got DDoS? BLCC DDoS Protection sale! Stop HTTP GET attacks in their tracks!
By ddosguru in forum Dedicated Hosting OffersReplies: 7Last Post: 01-17-2007, 12:49 PM -
DDoS Attacks!
By LoganFebbi in forum Hosting Security and TechnologyReplies: 7Last Post: 01-05-2006, 07:42 AM -
Ddos Attacks!
By funmaza in forum Hosting Security and TechnologyReplies: 5Last Post: 12-28-2005, 08:30 PM -
DDOS Attacks
By Webhoster2004 in forum Hosting Security and TechnologyReplies: 12Last Post: 11-02-2004, 06:27 AM