Results 1 to 29 of 29
  1. #1
    Join Date
    May 2011
    Location
    Beach
    Posts
    113

    Exclamation harden against a DDOS

    how can i harden server againsta DDOS

  2. #2
    Join Date
    Mar 2009
    Location
    Gods Own Country
    Posts
    681
    software configuration alone cannot help mitigate all kinds of DDOS attacks. You will have to use a DDOS mitigation device.

    CSF/LDF can be used to prevent SYNFLOOD to a certain extent if the rate of packet is low.
    Fabin Mundattil @ Xieles Support
    High Quality Server Management | support @ xieles.com
    http://xieles.com

  3. #3
    Join Date
    May 2011
    Location
    Beach
    Posts
    113
    Thank you Fabin.

    Can u guide me to install mod_security on cpanel??????

  4. #4
    Just go to cPanelWHM > cPanel > Plugins > mod_security and there just enable it and save it.

  5. #5
    Join Date
    May 2011
    Location
    Beach
    Posts
    113
    Thank you so much..is there any particular mod in apache to protect against ddos

  6. #6

    arturr scientific

    mod_evasive or even mod_qos

  7. #7
    Join Date
    Jan 2001
    Location
    Miami, FL
    Posts
    1,072
    this will only work on some DOS attacks... what about when the DDOS is bigger than your uplink pipe from the server. At that point, is your Host able to take the load.
    Biznesshosting, Inc. DBA VOLICO - Intelligent Hosting Solutions
    East Coast Enterprise Dedicated Servers and Miami Colocation.
    managed and unmanaged dedicated servers. High bandwidth colocation. Managed clusters.

  8. #8
    mod_evasive, mod_security and the ConfigServer fIrewall are what I would recommend for you to try stop an attack with a software solution.

    If you are experiencing further attacks which are unpreventable with a software firewall, you may want to do some research into some dedicated hardware firewalls, load balancing, etc.

    good luck - i have personally been in a similar situation to you and it's a tough one to fix.

  9. #9
    Join Date
    May 2011
    Posts
    9
    Quote Originally Posted by nimiam View Post
    mod_evasive, mod_security and the ConfigServer fIrewall are what I would recommend for you to try stop an attack with a software solution.

    If you are experiencing further attacks which are unpreventable with a software firewall, you may want to do some research into some dedicated hardware firewalls, load balancing, etc.

    good luck - i have personally been in a similar situation to you and it's a tough one to fix.
    Can you link me to install config firewall please?

    -Hazz

  10. #10
    Join Date
    Apr 2009
    Posts
    50
    http://www.configserver.com/cp/csf.html

    Quote Originally Posted by kinghazz View Post
    Can you link me to install config firewall please?

    -Hazz

  11. #11
    Join Date
    Jan 2011
    Posts
    451
    Hello,

    Proper configuration of CSF will protect our server from DDOS.

  12. #12
    Join Date
    Jan 2001
    Location
    Miami, FL
    Posts
    1,072
    you should look into ASL by gotroot.com ... the main team member is one of the ORIGINAL plesk architects and lead programmer. He is known as Atomic Rocket Turtle around ALL the PLESK forums.

    His Enterprise product is ASL which stands for Atomic Secure Linux ... It goes WAY ABOVE the standard firewall.
    Biznesshosting, Inc. DBA VOLICO - Intelligent Hosting Solutions
    East Coast Enterprise Dedicated Servers and Miami Colocation.
    managed and unmanaged dedicated servers. High bandwidth colocation. Managed clusters.

  13. #13
    Join Date
    Jan 2011
    Posts
    451
    Hello,

    But we cannot ever neglect the performance by CSF. It has helped a lot in our shared servers.
    " Your work is to discover your work and then with all your heart to give yourself to it. "

    That's the mark of a true professional !

  14. #14
    Join Date
    Apr 2003
    Location
    NC
    Posts
    3,080
    DDoS come in many sizes and types. You can do some general things to help, such as CSF, but realistically not much more. There are some dedicated appliances that can help (they are very expensive) but for the average site it generally is a matter of seeing the type attack. Something like mod_evasive can help on some attacks but not on all.

    Have you or are you experiencing an attack now or are you just wanting to be prepared for one?
    John W, CISSP, C|EH
    MS Information Security and Assurance
    ITEagleEye.com - Server Administration and Security
    Yawig.com - Managed VPS and Dedicated Servers with VIP Service

  15. #15
    Join Date
    Jan 2011
    Posts
    451
    Guys,

    Hardware Firewall is the best way to prevent high DDOS attacks ! if you have a good budget you can go for this.
    " Your work is to discover your work and then with all your heart to give yourself to it. "

    That's the mark of a true professional !

  16. #16
    Quote Originally Posted by cptechie View Post
    Guys,

    Hardware Firewall is the best way to prevent high DDOS attacks ! if you have a good budget you can go for this.
    A hardware firewall is not something made for blocking DDoS in most cases unless you have a specific model you would like to mention.

    Providers typically try to sale a hardware firewall to block a DDoS in order to get more money from a client, if you have server with 1Gb/s link that is being saturated what is a 100Mbps or 1Gbps firewall going to do ?

    Also most firewalls are not going to automagically even detect a DDoS, you need a proper solution for such which is designed for DDoS attacks.

    Hardware which continuously detects protocol, protocol flag, PPS, IP etc % distribution and acts/alerts upon oddities is a proper solution.

  17. #17
    Join Date
    Jun 2006
    Location
    NYC
    Posts
    1,446
    Quote Originally Posted by IDediServer Kevin View Post
    A hardware firewall is not something made for blocking DDoS in most cases unless you have a specific model you would like to mention.

    Providers typically try to sale a hardware firewall to block a DDoS in order to get more money from a client, if you have server with 1Gb/s link that is being saturated what is a 100Mbps or 1Gbps firewall going to do ?

    Also most firewalls are not going to automagically even detect a DDoS, you need a proper solution for such which is designed for DDoS attacks.

    Hardware which continuously detects protocol, protocol flag, PPS, IP etc % distribution and acts/alerts upon oddities is a proper solution.
    There isn't a 'firewall' on the market that can withstand a 100k PPS flood if it's on an open port where it's being routed.

    Most have session limitations, for example: 300K Sessions

    100k PPS flood with a default timeout of 60 seconds on most Cisco devices = dead firewall in under 30 seconds.

    The only way to block real attacks is either mitigation or mitigation-specific hardware.
    FiberPeer.Com | | REAL DDoS Protection | Cloud Hosting | VPS | Dedicated Servers | High Bandwidth Hosting | 1Gbps-10Gbps Unmetered
    FiberPeer DDoS Mitigation | ethProxy Upgraded! | 14-Years Experience | Emergency 24/7 Support
    Visit us @ www.fiberpeer.com

  18. #18
    Quote Originally Posted by ServerOrigin View Post
    There isn't a 'firewall' on the market that can withstand a 100k PPS flood if it's on an open port where it's being routed.

    Most have session limitations, for example: 300K Sessions

    100k PPS flood with a default timeout of 60 seconds on most Cisco devices = dead firewall in under 30 seconds.

    The only way to block real attacks is either mitigation or mitigation-specific hardware.
    I completely agree with this, session limitations will completely take firewalls down faster than most servers. Thus I do not see why anyone would come here and suggest a firewall for such an attack.

  19. #19
    Join Date
    May 2011
    Location
    N/A
    Posts
    116
    You should need Hardware Firewall and server from good datacenter at least 1GBPS port speed, on the otherhand activate mod_security, use CSF and also use DDoS Deflate.

    Generally DDoS is something which cant totally prevent, however Hardware Firewall will help you to restrict those suspicious connections.

  20. #20
    Quote Originally Posted by stardust_x7 View Post
    You should need Hardware Firewall and server from good datacenter at least 1GBPS port speed, on the otherhand activate mod_security, use CSF and also use DDoS Deflate.



    Generally DDoS is something which cant totally prevent, however Hardware Firewall will help you to restrict those suspicious connections.

    Hardware firewall has been discussed, it is a terrible solution.

  21. #21
    Hi,

    So, can I said with proper configured Software Solution: csf, mod_evasive, mod_security can prevent DDOS? Assume with a power full 2xXeon 56xx, lots of RAM, 1GBps link (assume the attack not over the 1Gbps).

    Is there any exception?

  22. #22
    Join Date
    Jul 2010
    Location
    Close 2 U
    Posts
    549
    WHATS this "mod_evasive"

    Not as that Much Expert
    I'm just a "LostEagle"
    _-_-_-_-_-_-_-_-_-_-_-_-_

  23. #23
    Join Date
    Feb 2011
    Posts
    62
    this command can help you to see the level of the ddos attacks

    netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

    that will tell you how many IP sorted by grander you have actually over the server.

  24. #24
    Join Date
    May 2009
    Location
    Italy - Rome
    Posts
    149
    FreeBSD with PF+ALTQ is the best configuration to Firewall DDoS attacks.
    With 100Mbps i support without problem up to 140.000 pps in my server/firewall. Want to test?
    Last edited by raffo; 05-25-2011 at 04:26 AM.

  25. #25
    Join Date
    Feb 2011
    Posts
    62
    Quote Originally Posted by raffo View Post
    FreeBSD with PF+ALTQ is the best configuration to Firewall DDoS attacks.
    With 100Mbps i support without problem up to 140.000 pps in my server/firewall. Want to test?
    Raffo, do we have a way to see how many pps we are currently getting? or how many pps we was getting?

    thanks

  26. #26
    Join Date
    May 2009
    Location
    Italy - Rome
    Posts
    149
    Quote Originally Posted by HostingRQ View Post
    Raffo, do we have a way to see how many pps we are currently getting? or how many pps we was getting?

    thanks
    sure, can see the pps by system tools for networking or with a 3rd party software, for example by vnstat or iptraf. If you want to see your server stats.

    in my little server i have write a bash script that generate a page every 1 min with these information: http://exchange.rv89.net/rete.html (are write in italian but can understain because are general info)

  27. #27
    Join Date
    Jun 2010
    Location
    Panama
    Posts
    265
    A good configuration on your server / firewall is always good for DDoS attacks make sure you don't have rules too strong or too soft that can make false positives, but there is nothing on the market that can guaranteed to protect you against all types of DDoS attacks. Everything have a limit, your pps that your firewall/server can process, your total bandwidth, network switches, even mitigation hardware. Its better to ask yourself why I am being attacked? cause DDoS attacks are not free.
    Offshore Hosting & High Privacy in Panama
    OnApp Cloud Servers & Shared Web Hosting | Daily Backups | 99.9% Uptime
    www.OffshoreRacks.com

  28. #28
    Join Date
    Jul 2010
    Location
    Close 2 U
    Posts
    549
    cause DDoS attacks are not free.
    you are right .. but at certain regions and for some political issues , you may be under attack .. "sure because one of your clients"

    contacting some ISP "SYNC source" could help ..

    the IRC-Flooders are too strong .. and for this I guess data centers + Web hosters should be a ware ..

    Not as that Much Expert
    I'm just a "LostEagle"
    _-_-_-_-_-_-_-_-_-_-_-_-_

  29. #29
    Join Date
    Jul 2010
    Location
    Close 2 U
    Posts
    549
    NOTE: some pearl scripts could sync it self .. secure your temp + close the IRC ports at your end .. if you are not using any IRC services

    Not as that Much Expert
    I'm just a "LostEagle"
    _-_-_-_-_-_-_-_-_-_-_-_-_

Similar Threads

  1. Looking someone to harden my vps security and etc
    By Ishee in forum Systems Management Requests
    Replies: 4
    Last Post: 02-14-2011, 01:49 PM
  2. How do I harden up my dedicated server?
    By tomdorrian in forum Dedicated Server
    Replies: 9
    Last Post: 05-21-2010, 10:47 AM
  3. Harden php
    By Medo Hard in forum Hosting Security and Technology
    Replies: 3
    Last Post: 04-05-2007, 06:04 PM
  4. harden tmp
    By HD Fanatic in forum Hosting Security and Technology
    Replies: 5
    Last Post: 03-04-2007, 10:51 AM
  5. Harden /tmp directory
    By mali in forum Hosting Security and Technology
    Replies: 9
    Last Post: 10-06-2004, 02:22 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •