How to permanently stop DOS attacks?

kshazad86 · #1 12-05-2011, 09:24 AM

My cPanel server has recently been bombarded by romanians and people from hungary.

I've used country block in CSF, and that seems to have done the trick, but how can I stop this from happening again without blocking an entire country?

relichost · #2 12-05-2011, 11:11 AM

Hi

You cant stop this from happening. Do you know who they are targetting on your server ?

Thanks

Exerox · #3 12-05-2011, 11:14 AM

As said above, a DDoS can't be properly avoided, network level DDoS protection would help you though.

And finding who the attacks are being aimed at and looking at what's being targeted is a must.

DreamServers · #4 12-05-2011, 11:22 AM

I'd recommend in getting a hardware firewall to start with, then its a long and winded process of tracing the IP's and blocking them.

However what exerox said is correct too you want to find out who they're attacking

kshazad86 · #5 12-06-2011, 04:36 PM

I'm still constantly being attacked from Romania and Hungary..

Any ideas how I can put a stop to this without blocking an entire country in CSF? They seem to constantly flood port 80, rather than attack a specific site on the server, and I've using CT_Limit = 100.

**Steve_Arm** · #6 12-06-2011, 04:57 PM

If it helps, take a look here: http://forums.cpanel.net/f34/first-a...0-a-66952.html

brianoz · #7 12-06-2011, 09:13 PM

CSF has some auto-blocking settings which could be worth experimenting with. If they persist they get permanently blocked, and if a number of IPs in a range get blocked CSF can be setup to block the entire range. If you play with the related settings for a while, along with some of the rate limiting stuff you may be able to get it going well enough to manage the blocking without your help. It may not be good enough to solve the problem, but it might be enough and it's definitely worth a shot.

Would be nice if you could update the thread and let us know how you went.

kshazad86 · #8 12-07-2011, 02:02 AM

Thanks for the replies guys...

I've tweaked CSF, and for the time being it seems that the attack is either getting smaller or the setting is quite strict so its blocking alot of traffic.

I'm using CT_LIMIT = 60, so I believe its blocking everyone who has more than 60 open connections on port 80 at the same time. I've also disabled Synflood feature in CSF as I dont think it has any benefit when used with CONNLIIMT. Let me know if I am wrong?

Can someone let me know where I can find Syn Deflate, I've installed DDos Deflate, but would like some protection against synflood attacks as well, and I think the synflood feature is not very good in CSF. All the download links I've seen for syn-deflate are broken.

kshazad86 · #9 12-07-2011, 02:25 AM

Also, can someone let me know more about this IP range blocking.. I have it enabled on a setting of:

LS_DSHIELD = 86400
LF_SPAMHAUS =86400

But it would be nice to know exactly how this works? Thanks.

How to permanently stop DOS attacks?

Sponsored Links

Advertise Here

Internet Services

Web Development

Digital Marketing

Consumer Tech