Results 1 to 18 of 18

Thread: DDOS attacks ?

  1. #1
    Join Date
    Sep 2009
    Location
    Indonesia
    Posts
    59

    Question DDOS attacks ?

    hmm do anyone have protection plans about this ?
    how do you guys manage the attacks ?

  2. #2
    Join Date
    May 2009
    Posts
    165
    There are a few ways and methods, check google for something that works for you, here is a start. http://www.mydigitallife.info/2007/1...-ddos-deflate/
    I don't have much experience with DDOS, but one this you can do is set up a firewall which does ingress and egress filtering at the gateway (e.g., APF from http://www.rfxnetworks.com/apf.php)

  3. #3
    Join Date
    Oct 2006
    Location
    New Jersey
    Posts
    110
    DDOS is really hard to prevent, depending on number of bots attacking you. Protecting from large botnets could cost you thousands of dollars per month. However, hackers usually don't launch large attacks on the people whom do no have to spend thousands of dollars per month.

    There are quite few web hosting providers, whom does provide shared hosting with DDOS minimal or medium protection for reasonable amount of money.

    I do believe there was couple here on WHT in offers section, have a look.
    «▌UNIX IS user friendly, it's just very choosy about who it calls a friend.

  4. #4
    Join Date
    Nov 2009
    Location
    Nasik,India
    Posts
    252
    Hi,


    For DDOS Attack u use this
    netstat -anp | grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

    this will help u better....

  5. #5
    Join Date
    Feb 2006
    Location
    India
    Posts
    858
    If your website is not very important, just wait till it dies down.

  6. #6
    Join Date
    Jun 2006
    Location
    London, Arizona, Utah
    Posts
    654
    What are the size of the attacks?
    General Manager, 100TB
    100TB.com -> 21 Datacenter Locations

  7. #7
    This command will show you the IP arranged in order of established connections to the server,

    #netstat -lpn|grep :80|awk '{print $5}'|sort

    if you have more than 30 connections then its sure that your server is under doss. You should need to block this IP using csf/apf or iptables firewall.
    Shared Hosting | Reseller Hosting | VPS Hosting | Dedicated Servers
    KeserHosting.Com

  8. #8
    Hello,

    These days DDOS attack become usual in the webhosting server
    You can check the which site has been attacked, You can follow the below checklist to Stop at certain extent.

    1.How to find DOS attack on the server.

    $> ps aux | grep httpd

    if you find more access to httpd process from above command result, you can suspect there is DOS attack in the server.

    2. Run the below script to confirm the DOS attack.



    netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1


    you can find high hit from different IPs.



    3.If You confirm DOS attack in the server, then compile the DOS_EVASIVE module in the apache server.

    4. Now we have to check the "MaxClient" and Timeout value in apache configuration.
    MaxClients 150 Timeout 300 Timeout 300 is the default value ,we can reduce bit lower into avoid DOS attack at certain extend.

    4. Now we have to find , on which are the domain, DOS attack is happening

    cd /usr/local/apache/domlogs/
    ls -ltr |tail -50




    (it will list the TOP 50 domains which are in high access.



    Otherwise, go to WHM >> apache status. That will show the domain which is having high http access.

    3.Now, Run the following command to know the IPs which is hitting the particular domain..

    cd /usr/local/apache/domlogs/
    tail -f domainname | awk {'print $1'}


    If the hit is coming from same IP, we can block only those IP. if hit is from different ranges of IP, we have to suspend the account or can block the range of IPs.

    5. If the attack happening still, we can remove the DNS DB entry for the domain.
    6.After 3-4 hrs(propagation delay), DOS attack will be stopped on the particular domain.

  9. #9
    Join Date
    Sep 2009
    Location
    Indonesia
    Posts
    59
    thanks guys for the replays ,how about services like proxy shield ( at WHT patners above )

  10. #10
    External services like Proxy Shields (which makes use of another DNS like a layer to protect your server) are really pricey from what I see. In terms of effectiveness, I believe most are utilizing external hardware to mitigate the DDOS attacks so it would most likely work. If you are getting DDOS (which I was) on a large scale, I doubt you'll be able to even connect to your server to perform important tasks. Especially since its a DDOS, there will be loads of connections from different IPs, Zombie Agents.
    Ian Lai - www.fyianlai.com
    Web Design & Development
    System Operator & Administrator

  11. #11
    Hello,
    If you dont have any firewall on your server (except iptables). Please install apf or csf, it will reduce DOS attacks.

  12. #12
    Join Date
    Sep 2009
    Location
    Indonesia
    Posts
    59
    Quote Originally Posted by MrSaints View Post
    External services like Proxy Shields (which makes use of another DNS like a layer to protect your server) are really pricey from what I see. In terms of effectiveness, I believe most are utilizing external hardware to mitigate the DDOS attacks so it would most likely work. If you are getting DDOS (which I was) on a large scale, I doubt you'll be able to even connect to your server to perform important tasks. Especially since its a DDOS, there will be loads of connections from different IPs, Zombie Agents.
    this is a great replay really thanks , btw pricey ? how much does they cost ? any reference ? i seem not getting replays from them about the price of a full dedicated server .

  13. #13
    Join Date
    Jan 2003
    Location
    U.S.A.
    Posts
    3,928
    First off no Software firewall is going to stop a DDOS attack. It will help but a decent size DDOS attack you will need to get a hardware firewall. I have tried a few solutions out at in reality it all depends on what type of DDOS attack it is to be effective.

  14. #14
    Hi,


    You can view the http requests by checking the log files inside /usr/local/apache/domlogs/

    The details of the present http connections can be found by using:

    Code:
    netstat -alpn | grep :80 | awk '{print $5}' | cut -d: -f 1 | sort | uniq -c | sort -n | tail -10
    If there are too many http connections from any IP, you can block that IP.

    If you want to block an IP use the syntax

    Code:
     iptables -I INPUT -s IP -j DROP

  15. #15
    Maybe PSAD could help you.

  16. #16
    Join Date
    Nov 2009
    Location
    Nasik,India
    Posts
    252
    Hi,

    A quick and usefull command for checking if a server is under ddos is:

    netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

    Then u can drop that ip by using following scripts

    iptables -A INPUT -s 88.110.69.244 -j DROP

    iptables -A INPUT -s 88.107.33.203 -j DROP
    iptables -A INPUT -s 79.74.148.98 -j DROP
    iptables -A INPUT -s 81.151.140.127 -j DROP
    iptables -A INPUT -s 82.28.3.143 -j REJECT

  17. #17
    Join Date
    May 2008
    Location
    Canada
    Posts
    985
    Quote Originally Posted by ksv2nash View Post
    Hi,


    For DDOS Attack u use this
    netstat -anp | grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

    this will help u better....

    Hi,

    A quick and usefull command for checking if a server is under ddos is:

    netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

    Then u can drop that ip by using following scripts

    iptables -A INPUT -s 88.110.69.244 -j DROP

    iptables -A INPUT -s 88.107.33.203 -j DROP
    iptables -A INPUT -s 79.74.148.98 -j DROP
    iptables -A INPUT -s 81.151.140.127 -j DROP
    iptables -A INPUT -s 82.28.3.143 -j REJECT
    How this cmd will help you to prevent DDoS?

    It's ok to manually ban IP but on DDoS attack with around 5k bot or more, you will probably ban IP during a week 24/24.

    You can also use:
    route add IPADDRESS reject

    With APF:
    apf -u IPADDRESS

    But again those method, will not prevent or mitigate a DDoS attack.
    Last edited by UnderHost; 11-20-2009 at 10:13 AM.
    UnderHost.comOffshore Hosting Solutions and USA/Canadian based servers.
    24/7 Rapid Support / 99.9% Uptime Guarantee / Shared / Cloud / VPS / Dedicated Servers
    Managed OnApp CloudUSA Cloud Virtual Datacenter - Dedicated and Scalable Resources
    Hong Kong - Netherlands - Canada - Caribbean - United States - Russia

  18. #18
    Join Date
    Nov 2009
    Location
    Nasik,India
    Posts
    252
    Hi,

    With this
    netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

    u can check how many connections at ur end after that usinf\g iptables u can just reject that ip rages
    so this will help u like this......

    and u protect it by installing csf......

    skype: kedar.varma

Similar Threads

  1. Ddos Attacks
    By SpeedHostingDaniel in forum Systems Management Requests
    Replies: 2
    Last Post: 05-06-2007, 02:50 PM
  2. Replies: 7
    Last Post: 01-17-2007, 12:49 PM
  3. DDoS Attacks!
    By LoganFebbi in forum Hosting Security and Technology
    Replies: 7
    Last Post: 01-05-2006, 07:42 AM
  4. Ddos Attacks!
    By funmaza in forum Hosting Security and Technology
    Replies: 5
    Last Post: 12-28-2005, 08:30 PM
  5. DDOS Attacks
    By Webhoster2004 in forum Hosting Security and Technology
    Replies: 12
    Last Post: 11-02-2004, 06:27 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •