Results 1 to 13 of 13
  1. #1

    Question Regarding DoS

    I have a dedicated server with HostGator, and run a fairly large website on it. The issue that I'm having is that little kids with a DoS programs have the ability to take down my website from one IP with 300+ connections. For some reason the firewall doesn't pick it up, and I have to enter the IP in the "/etc/firewall/IPDROP_GLOBAL" file, and reboot the firewall. After that, it takes about 3-4 minutes for the site to come back up.

    Is this something that would normally happen on any host? Is there anything I can do to prevent such little attacks?

    This how I find out how many connections are on my server:
    Code:
    netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
    Server specs:
    Code:
    Intel Xeon 3110 (Dual Core)
    4 GB DDR2 Memory
    2 X 250 GB Hard Drive
    1,500 GB Bandwidth
    13 Dedicated IPs

  2. #2
    Join Date
    Feb 2010
    Location
    Evanston, IL
    Posts
    53

  3. #3
    Quote Originally Posted by monty1983 View Post
    You can try csf firewall depending on the type of attack your getting, it's more or less only good for port floods.

    Do you know the type of attack you are getting?

    You may also want to consider switching to a provider like Gigenet that offers a DoS protection service.
    When it comes to this stuff, I'm a newbie.

    Is there any way for me to tell what type of attack it is? I know that it is from one single IP, and that only port 80 is affected.

    How much does the service with Gigenet cost?

  4. #4
    Join Date
    Jul 2003
    Location
    North Carolina USA
    Posts
    180
    Is the 1 IP from the same ISP ? if so you could block that entire ISP or contact them with the logs of the attacks

  5. #5
    Join Date
    Apr 2011
    Location
    Edmonton, Alberta, Canada
    Posts
    60
    Hello,

    we had been experiencing the same thing; well not us but our clients. We we're also getting sick of contacting our Data Centre and asking them to filter the IPs.

    After much research and determination to stop these attacks we came across UnTangle. UnTangle is a firewall which filters and monitors all the traffic coming into you're server, or servers. The issue with that, you must get a dedicated box just for this program which acts like an operating system.

    We haven't had any downtime nor complaints due to DOS attacks since we had this setup. The UnTangled Box was setup last week and can't complain.

    Anyways, I'd recommend checking out UnTangled as it's a cheap way to try to protect and monitor you're network.

    Thanks and good luck!

  6. #6
    Quote Originally Posted by polyn View Post
    Is the 1 IP from the same ISP ? if so you could block that entire ISP or contact them with the logs of the attacks
    It's normally an attack once a week or so from a single IP. The IP is from a totally different location each time though. Therefore I think that they are isolated attacks from kids who just found a DoS program, etc.


    Quote Originally Posted by TannerG View Post
    Hello,

    we had been experiencing the same thing; well not us but our clients. We we're also getting sick of contacting our Data Centre and asking them to filter the IPs.

    After much research and determination to stop these attacks we came across UnTangle. UnTangle is a firewall which filters and monitors all the traffic coming into you're server, or servers. The issue with that, you must get a dedicated box just for this program which acts like an operating system.

    We haven't had any downtime nor complaints due to DOS attacks since we had this setup. The UnTangled Box was setup last week and can't complain.

    Anyways, I'd recommend checking out UnTangled as it's a cheap way to try to protect and monitor you're network.

    Thanks and good luck!
    Thanks for the suggestion; I'll be sure to look into it.

  7. #7
    why would someone rent a dedicated server from hostgator ?
    i mean whats good about them ?

    they are specialized in webhosting not dedicated hosting

  8. #8
    Quote Originally Posted by Amman-DJ View Post
    why would someone rent a dedicated server from hostgator ?
    i mean whats good about them ?

    they are specialized in webhosting not dedicated hosting
    As I said before, I'm not really educated in this type of stuff.

    The only reason I have a dedicated server with HostGator is because I originally had a web hosting plan with them, but my site got to large for that. Therefore I upgraded to their dedicated server. If you have any suggestion as to what kind of host that is better for my needs, by all means please suggest one to me.

  9. #9
    Join Date
    Sep 2004
    Location
    Miami, FL
    Posts
    2,762
    Quote Originally Posted by RastaLulz View Post
    I have a dedicated server with HostGator, and run a fairly large website on it. The issue that I'm having is that little kids with a DoS programs have the ability to take down my website from one IP with 300+ connections. For some reason the firewall doesn't pick it up, and I have to enter the IP in the "/etc/firewall/IPDROP_GLOBAL" file, and reboot the firewall. After that, it takes about 3-4 minutes for the site to come back up.

    Is this something that would normally happen on any host? Is there anything I can do to prevent such little attacks?
    What type of control panel are you using? Are you using any type of firewall at all? What is HostGator giving you in your server? Just a normal empty Linux box? There are scripts and also firewalls which could easily limit the number of connections from a single IP.

    By the way, the Bandwidth given is kinda low for your server. Would you mind sharing how much you're paying per month with them? Thanks!

    Quote Originally Posted by Amman-DJ View Post
    why would someone rent a dedicated server from hostgator ?
    i mean whats good about them ?

    they are specialized in webhosting not dedicated hosting
    I totally agree. Why are you with HostGator anyways? They are good at Web Hosting but Dedicated Servers? Hmmm... their main focus was at Web Hosting... not Dedicated Servers.
    Aaron Ong
    Dedicated Servers - 100TB Servers - 100Mbps Unmetered Servers - Web Hosting - CDN Network
    Servers in Central, East/West Coast USA, EUROPE and ASIA
    Welltodo Century
    - www.welltodocentury.com

  10. #10
    Quote Originally Posted by aodat2 View Post
    What type of control panel are you using? Are you using any type of firewall at all? What is HostGator giving you in your server? Just a normal empty Linux box? There are scripts and also firewalls which could easily limit the number of connections from a single IP.

    By the way, the Bandwidth given is kinda low for your server. Would you mind sharing how much you're paying per month with them? Thanks!
    The server itself comes with cPanel and WHM. As for the firewall, I really wouldn't know. All I know is that I use "/etc/init.d/iptables" to block DoS attacks.

    Here's a list of everything you get:
    http://hostgator.com/dedicated.shtml

    I pay $219/mo.

    /feels like such a newbie

  11. #11
    Join Date
    Sep 2004
    Location
    Miami, FL
    Posts
    2,762
    I'm very sure you're overpaying for the price of the Dedicated Server. By the way, your server is not listed on there anymore. LOL. The deal you got was and is an old deal most probably.

    BTW, since you're on cPanel, then you should be able to install CSF. Tweak it and get it done.

    I'm not going to say anything else about another host. Not really into bashing other hosts.
    Aaron Ong
    Dedicated Servers - 100TB Servers - 100Mbps Unmetered Servers - Web Hosting - CDN Network
    Servers in Central, East/West Coast USA, EUROPE and ASIA
    Welltodo Century
    - www.welltodocentury.com

  12. #12
    Join Date
    Aug 2009
    Location
    Montreal
    Posts
    1,606
    You should install and configure a firewall such as CSF. If you are unable to do it yourself, I would recommend hiring a system administrator.
    CrocWeb :: Canadian Web Hosting
    Accelerate your website, maximum performance!
    www.crocweb.com :: Since 2009 (Montreal, Quebec)

  13. #13
    I had a similar attack (syn flood), on my website recently which was hitting the connection limit on apache and making the website unresponsive. I was getting about 15k requests/sec and the tool that helped me is floodmon. It banned over 1300 blocks of ips and stopped the attack

Similar Threads

  1. Question about DoS attack
    By sfovllc in forum Fraud and Abuse
    Replies: 3
    Last Post: 02-11-2011, 11:00 PM
  2. Dos Question
    By hightime in forum Hosting Security and Technology
    Replies: 2
    Last Post: 09-29-2005, 03:52 PM
  3. Any one who can help with DOS question?
    By tamarackcj in forum Web Hosting Lounge
    Replies: 8
    Last Post: 04-02-2004, 06:22 PM
  4. DOS Question
    By fatbargains in forum Hosting Security and Technology
    Replies: 1
    Last Post: 09-14-2002, 12:15 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •