Results 1 to 13 of 13
  1. #1
    Join Date
    May 2007
    Posts
    83

    * Server under SYN-flood DDoS, please help

    Hi friends,

    Our dedicated hosting server under SYN-flood DDoS now and we are looking for any solution of this problem, can anybody help with this?

    SYN-flood power is 60-80 Mb/s, we have configured CSF for protection and block some countries where attack from but this do not helped, connection to server is timed-out after IP connected to server by datacenter staff.

    We are working for several years and can mitigate powerful HTTP flood attaks but we can't mitigate this SYN flood attack..

    Please give us some suggestions how to mitigate this attack?

  2. #2
    Join Date
    Feb 2004
    Location
    UK
    Posts
    1,431
    Hi

    If its directed at one site, you could use a proxy service to filter it out.

    Have you looked at cloudfront (i think thats what its called)

    Thanks

  3. #3
    Join Date
    Feb 2012
    Location
    USA
    Posts
    32
    Please research this thread: http://www.webhostingtalk.com/showthread.php?t=860864 - http://www.webhostingtalk.com/showthread.php?t=1074691 and this one: http://www.webhostingtalk.com/showthread.php?t=859081

    I would highly recommend Cloudflare as we use this for our services and always under heavy protection. I hope this gets resolved.

  4. #4
    Join Date
    May 2007
    Posts
    83
    Yes, I have changed a lot of settings but every time server has inaccessible after enable IP.

    How Cloudflare can protect our server, can you please explain in details?

  5. #5
    Join Date
    Mar 2008
    Posts
    81
    Cloudflare wont protect you. if the attack is big enough they will just send the traffic straight to your server.


    I recommend installing Nginx and rate limiting connections to it, as well as fire-walling the ip addresses. 80Mb/s is well under a gigabit port's full speed so if you have 100mbit you might want to upgrade.

  6. #6
    Join Date
    Nov 2009
    Location
    Colombia
    Posts
    2,150
    Drop all SYN packets and ask your provider help.
    █ Diego Rodríguez B. - https://diegorbaquero.com
    █ Software Engineer @ Protocol Labs | Filecoin Saturn

  7. #7
    Join Date
    Feb 2012
    Location
    WHT
    Posts
    124
    cfs is good tools to fix this
    its better to limmite connection to 50 for each ip and enable permanent band
    Online WebHosting And Linux Server Support
    █ DirectAdmin & Cpanel/Whm & CWP & Zpanel & Kloxo & etc ...
    █ Installing and configuration WebServer | Nginx & Apache & LiteSpeed
    Linux System Admin & Troubleshooting | Mysql & Webserver LoadBalancing

  8. #8
    Join Date
    Sep 2011
    Posts
    987
    That is NOT a small amount for a SYN DDoS. sign up for a serious DDoS mitigation service.

  9. #9
    Join Date
    Feb 2012
    Location
    USA
    Posts
    32
    Would have to agree with n!ghtmare and Badmanh on this. For the DDoS protection, we have a few clients who use this service: http://www.ultradns.com/

    Let us know how everything goes and we can be any further assistance for you.

  10. #10
    Join Date
    Nov 2010
    Location
    San Francisco, CA
    Posts
    901

    Post Hi,

    [QUOTE=Badmanh;7985935]Cloudflare wont protect you. if the attack is big enough they will just send the traffic straight to your server."

    Yes, but it generally has to be a huge attack for us to force direct. We can offer some mitigation for a lot of attacks. If the party does end up using CloudFlare, then they could also set their server to only accept connections from our IPs.
    CloudFlare Community Evangelist

  11. #11
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,657
    Quote Originally Posted by SysTeam View Post
    Please give us some suggestions how to mitigate this attack?
    Am no DDoS expert but this could help you: http://litespeedtech.com/sign-up-lit...y-service.html
    UK Based Proactive Server Management.
    Zabbix Enterprise 24/7 Monitoring.

  12. #12
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,525
    Quote Originally Posted by cd/home View Post
    Am no DDoS expert but this could help you: http://litespeedtech.com/sign-up-lit...y-service.html
    Has this service been launched yet? I've seen you put out a lot or recommendations for it, but have not seen anyone using it thus far?

  13. #13
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,657
    Quote Originally Posted by IRCCo Jeff View Post
    Has this service been launched yet? I've seen you put out a lot or recommendations for it, but have not seen anyone using it thus far?
    Yes, I believe it has been launched but only as a trial.

    You will need to contact LiteSpeed because it was open to orders then it wasnt then it was...
    UK Based Proactive Server Management.
    Zabbix Enterprise 24/7 Monitoring.

Similar Threads

  1. Say godbye to DDOS and SYN flood attacks!
    By ibelledthecat in forum Hosting Security and Technology
    Replies: 8
    Last Post: 05-21-2010, 01:47 PM
  2. SYN FLOOD
    By Gigaron in forum Hosting Security and Technology
    Replies: 6
    Last Post: 06-12-2008, 09:25 PM
  3. TCP/IP Hardening ˇV Prevents DDOS and SYN-Flood attacks.
    By hkivan in forum Hosting Security and Technology
    Replies: 9
    Last Post: 06-20-2004, 11:25 PM
  4. SYN flood, what else can I do?
    By Bourd in forum Hosting Security and Technology
    Replies: 9
    Last Post: 06-05-2004, 04:27 PM
  5. Syn Flood???
    By ClusterMania in forum Hosting Security and Technology
    Replies: 0
    Last Post: 01-13-2003, 08:50 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •