hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : How to permanently stop DOS attacks?
Reply

Forum Jump

How to permanently stop DOS attacks?

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 12-05-2011, 09:24 AM
kshazad86 kshazad86 is offline
Web Hosting Master
 
Join Date: Jan 2011
Posts: 604

How to permanently stop DOS attacks?


My cPanel server has recently been bombarded by romanians and people from hungary.

I've used country block in CSF, and that seems to have done the trick, but how can I stop this from happening again without blocking an entire country?



Sponsored Links
  #2  
Old 12-05-2011, 11:11 AM
relichost relichost is offline
Temporarily Suspended
 
Join Date: Feb 2004
Location: UK
Posts: 1,429
Hi

You cant stop this from happening. Do you know who they are targetting on your server ?

Thanks

  #3  
Old 12-05-2011, 11:14 AM
iexo iexo is offline
Disabled
 
Join Date: Feb 2006
Location: Global
Posts: 1,629
As said above, a DDoS can't be properly avoided, network level DDoS protection would help you though.

And finding who the attacks are being aimed at and looking at what's being targeted is a must.

Sponsored Links
  #4  
Old 12-05-2011, 11:22 AM
DreamServers DreamServers is offline
Junior Guru
 
Join Date: Jun 2008
Location: South West, UK
Posts: 184
I'd recommend in getting a hardware firewall to start with, then its a long and winded process of tracing the IP's and blocking them.

However what exerox said is correct too you want to find out who they're attacking

__________________
James Little Operations Director Dream Servers Ltd

Dedicated Servers - Colocation - IP Transit - Data Storage - Managed Services - Cloud Web Hosting - Cloud vServers

  #5  
Old 12-06-2011, 04:36 PM
kshazad86 kshazad86 is offline
Web Hosting Master
 
Join Date: Jan 2011
Posts: 604
I'm still constantly being attacked from Romania and Hungary..

Any ideas how I can put a stop to this without blocking an entire country in CSF? They seem to constantly flood port 80, rather than attack a specific site on the server, and I've using CT_Limit = 100.

  #6  
Old 12-06-2011, 04:57 PM
Steve_Arm Steve_Arm is offline
Community Guide
 
Join Date: Jan 2006
Location: Athens, Greece
Posts: 1,479

__________________


  #7  
Old 12-06-2011, 09:13 PM
brianoz brianoz is offline
Web Hosting Master
 
Join Date: Nov 2004
Location: Australia
Posts: 1,514
CSF has some auto-blocking settings which could be worth experimenting with. If they persist they get permanently blocked, and if a number of IPs in a range get blocked CSF can be setup to block the entire range. If you play with the related settings for a while, along with some of the rate limiting stuff you may be able to get it going well enough to manage the blocking without your help. It may not be good enough to solve the problem, but it might be enough and it's definitely worth a shot.

Would be nice if you could update the thread and let us know how you went.

  #8  
Old 12-07-2011, 02:02 AM
kshazad86 kshazad86 is offline
Web Hosting Master
 
Join Date: Jan 2011
Posts: 604
Thanks for the replies guys...

I've tweaked CSF, and for the time being it seems that the attack is either getting smaller or the setting is quite strict so its blocking alot of traffic.

I'm using CT_LIMIT = 60, so I believe its blocking everyone who has more than 60 open connections on port 80 at the same time. I've also disabled Synflood feature in CSF as I dont think it has any benefit when used with CONNLIIMT. Let me know if I am wrong?

Can someone let me know where I can find Syn Deflate, I've installed DDos Deflate, but would like some protection against synflood attacks as well, and I think the synflood feature is not very good in CSF. All the download links I've seen for syn-deflate are broken.


Last edited by kshazad86; 12-07-2011 at 02:11 AM.
  #9  
Old 12-07-2011, 02:25 AM
kshazad86 kshazad86 is offline
Web Hosting Master
 
Join Date: Jan 2011
Posts: 604
Also, can someone let me know more about this IP range blocking.. I have it enabled on a setting of:

LS_DSHIELD = 86400
LF_SPAMHAUS =86400

But it would be nice to know exactly how this works? Thanks.

Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to stop DDOS/DOS attacks? battlekid Dedicated Server 34 07-24-2011 09:58 PM
Need Some advice on DOS attacks and other forms of attacks, kayz Hosting Security and Technology 10 10-17-2006 05:54 PM
Dos attacks petfut Dedicated Server 4 06-27-2006 01:29 AM
All these DoS attacks! VN-Ken Hosting Security and Technology 15 08-02-2005 02:26 AM
Simple way to STOP VIRUSES PERMANENTLY FOREVER kckclass Hosting Security and Technology 15 01-29-2004 10:05 AM

Related posts from TheWhir.com
Title Type Date Posted
WiredTree Listing 2014-04-24 04:31:54
Prolexic Warns of Growing Identity Theft Camouflaged by DDoS Attacks Web Hosting News 2013-08-28 12:20:19
Petition Urges White House to Consider DDoS Attacks Legal Form of Protest Web Hosting News 2013-01-11 11:26:47
DDoS Mitigation Provider Prolexic Blocks Extended DDoS Attack Against Ecommerce Website Parts Geek Web Hosting News 2012-11-07 10:57:01
Web Host Tenzing Launches DDoS, DoS Mitigation Service Web Hosting News 2012-10-11 17:35:53


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?