Results 1 to 10 of 10
  1. #1

    We are having Ddos attack, what to do ?

    we are having right now a huge ddos attack. Our isp can manage it. Any advise would be appreciated.

    Thank you

  2. #2
    Hello belen!

    Sorry to hear about the DDOS attack. You can Stop a DDOS attack by blocking the IP's or rerouting the IP's. This can be a difficult task if you are not a systems administrator; however, the quickest fix is to find the IP(s) of the perpetrator and block them. If you have your Host looking into the attack, they should know how to block them.
    Best regards,
    James R
    InMotion Hosting

  3. #3
    Join Date
    Apr 2006
    Location
    United Kingdom
    Posts
    618
    Unless you or your datacentre have DDoS protection equipment, you should ask your host which IP is being attacked and have it nullrouted until the attack has stopped. If this is your only IP address, then unfortunately it means having your server IP changed.

  4. #4
    Join Date
    Jan 2010
    Location
    Europe
    Posts
    372
    If you are from nonstandard country like Germany, just block all ips except germany. Search gogole for: block all countries except htaccess

    then add it into iptables

    also install "config server firewall" with very restrictive settings

    (if you have access to your server...)

    Try to determine, what exactly is being attacked on your server. also tail IP access logs to determine ranges which attack you.


    Try to report DDOS to authoritative site.

  5. #5
    Join Date
    Jul 2011
    Location
    SriLanka
    Posts
    2,010
    Report the latest situation as well
    LankaPartnerHost.Com
    Canada Anti DDOS Webhosting, Reseller Hosting, WHMsonic, WHMsonic Resellers

  6. #6
    The best practice would be to null route the IP address at the data center.

  7. #7
    First, what does a "huge" DDoS attack mean - give us some numbers please. Have your ISP given you any detail as to what type of attack it is? If it's using UDP and you don't need UDP, you can ask your ISP to block UDP at border router - some ISP's are nice enough and will do that for you. If the attack is on L4, then collecting IP's won't help at all as they're most probably spoofed. If your attack is on L7 you should be given a list of attacking IP's for you to block, unless they're too many of course.

    Now, if your ISP "can" handle the attack, i.e. you don't get nullrouted because of it, there are a number of "tricks" you can try, depending on your web server. Unfortunately, all of these are limited in their effectiveness. I won't go into detail about them here, but you can easily find more information in this forum or just googling:

    - Neuron network PyBrain
    - Iptables –string
    - Apache mod evasive
    - nginx testcookie module
    - tcpdump

    The best approach to DDoS mitigation is a complex of measures that will protect or at least limit the risk from the most common types of attack. The real problem starts when the attack is bigger than your uplink, and you get nullrouted by your host. Then you'd need professional mitigation by people who do this for a living.

  8. #8
    If attack is big then I would suggest you to go for a hardware firewall option OR else you can move to the provider who provides DDOS protection.

  9. #9
    Large attacks on hosting providers usually end up in a nullroute.

    This is to protect not only you from experiencing over utilization and overages of your bandwidth, but to protect the hosting providers network from issues caused by the Ddos.

    The only way TRUE way to prevent ddos is having some type of active filtration at the network level before it reaches the core routers.

    If the attack is some slow loris or slow attack causing open connections or high utilization of resources at your server level, you will need to take steps into optimizing your server so that it can effectively combat those types of exploits.

  10. #10
    Join Date
    Apr 2009
    Location
    OnTheWeb
    Posts
    2,397
    you can limit the amount of times a single ip can access the server which will calm things down considerably. Ie limit the amount of requests for a particular file or IP to about 1 in every 3 requests which will break that in half. Also, use a firewall to help as well.
    If you're the smartest person in the room then you're in the wrong room

Similar Threads

  1. DDoS attack
    By WitherHost in forum Hosting Security and Technology
    Replies: 9
    Last Post: 03-20-2013, 11:51 AM
  2. Replies: 0
    Last Post: 02-20-2013, 10:08 AM
  3. Replies: 23
    Last Post: 10-23-2012, 02:37 PM
  4. Replies: 5
    Last Post: 05-11-2011, 07:01 PM
  5. under ddos attack
    By sundae in forum Dedicated Server
    Replies: 11
    Last Post: 01-07-2009, 07:24 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •