Page 1 of 2 12 LastLast
Results 1 to 40 of 61
  1. #1

    Good DDOS protection provider

    I have a box at dedicatednow, which seems under DDOS

    what dedicatednow can do is only null the ip.

    We have APF -anti DOS and mod_merdevasive installed but no use

    looking for providers how have better DDOS mitidation as DN does not have any hardware firewall or ..etc

    thanks

  2. #2
    Join Date
    Dec 2002
    Location
    US
    Posts
    517
    I would suggest gigeservers for this they have some very good dos filtering.

  3. #3
    Join Date
    Dec 2004
    Location
    New York, NY
    Posts
    10,574
    If this is just a simple DDOS attack (just enough to cause httpd to crash), you may want to try using this little script called (D)DOS-Deflate. To install it:

    wget http://www.inetbase.com/scripts/ddos/install.sh
    chmod 0755 install.sh
    ./install.sh
    It'll create a cron to run it every 5 minutes, but you can run it manually with "cd /usr/local/ddos/;./ddos.sh".

    Nevertheless, the best way to block DDOS attacks is at the network side, and I would suggest Staminus or GigeServers for that.

    Regards,
    MediaLayer, LLC - www.medialayer.com Learn how we can make your website load faster, translating to better conversion rates for your business!
    The pioneers of optimized web hosting, featuring LiteSpeed Web Server & SSD Storage - Celebrating 10 Years in Business

  4. #4
    elix

    how that scripts work differently from mod_mersavie?

    thanks

  5. #5
    Join Date
    Dec 2004
    Location
    New York, NY
    Posts
    10,574
    (D)DOS-Deflate utilizes netstat and APF and is a lot more accurate than mod_dosevasive/mod_evasive.

    Give (D)DOS-Deflate a try, it won't hurt, here are a few things I suggest after you install it:
    pico /usr/local/ddos/ddos.conf

    Set NO_OF_CONNECTIONS=60 and BAN_PERIOD=10000

    Continously run it manually with this command to block IPs rapidly.
    sh /usr/local/ddos/ddos.sh

    Regards,
    MediaLayer, LLC - www.medialayer.com Learn how we can make your website load faster, translating to better conversion rates for your business!
    The pioneers of optimized web hosting, featuring LiteSpeed Web Server & SSD Storage - Celebrating 10 Years in Business

  6. #6
    seems worthy of trying, well DN now null the IP, I will give it a try next time

    do you have full install HOW-TO or instructions please?

    do you put this " sh /usr/local/ddos/ddos.sh" into cron? or script will setup cron automatically?

  7. #7
    Join Date
    Dec 2004
    Location
    New York, NY
    Posts
    10,574
    Quote Originally Posted by IKillBill
    seems worthy of trying, well DN now null the IP, I will give it a try next time

    do you have full install HOW-TO or instructions please?

    do you put this " sh /usr/local/ddos/ddos.sh" into cron? or script will setup cron automatically?
    The instructions I gave you above install the whole thing...including the cron (it will say that)

    The sh /usr/local/ddos/ddos.sh just allows you to run it manually on the command line.

    I don't really think a HowTO is necessary for this...
    MediaLayer, LLC - www.medialayer.com Learn how we can make your website load faster, translating to better conversion rates for your business!
    The pioneers of optimized web hosting, featuring LiteSpeed Web Server & SSD Storage - Celebrating 10 Years in Business

  8. #8
    Please someone explain me how can a provider protect from DDOS attack ?

  9. #9
    elix, thanks!

  10. #10
    Join Date
    Dec 2004
    Location
    New York, NY
    Posts
    10,574
    Quote Originally Posted by mycroftx
    Please someone explain me how can a provider protect from DDOS attack ?
    If they have advanced firewalls on their network that understand the patterns of a DDOS attack it's very possible for most attacks to be mitigated.
    Quote Originally Posted by IKillBill
    elix, thanks!
    No problem
    MediaLayer, LLC - www.medialayer.com Learn how we can make your website load faster, translating to better conversion rates for your business!
    The pioneers of optimized web hosting, featuring LiteSpeed Web Server & SSD Storage - Celebrating 10 Years in Business

  11. #11
    I can put a good fw on my server tho, but it won't prevent the attack

  12. #12
    Hello Elix

    script is working now and it send me note every 5 minutes

    I found that the same ip is baned repeatedly every 5 minutes, is that normal?

    I set this as you suggested
    Set NO_OF_CONNECTIONS=60 and BAN_PERIOD=10000

  13. #13
    Join Date
    Aug 2004
    Location
    USA
    Posts
    240
    IKillBill,

    Many different kind of attacks it's really hard to explain the method used to block any of them, but mostly it's all about patterns as elix mentioned. We ran thru many different methods of attacks in the last 7 years it's really hard to sum but usually

    1. Targetted against your bandwidth pipe (killing your 100Mbs pipe)
    2. Targetted against your hardware bottleneck (high packetper second rate enough to block action to your network card or o/s)
    3. Targetted against your service running (i.e www,dns,ftp,ssh...etc)

    Attacks come in different shape ways and forms and we usually study new methods and implement he best method available to prevent them from damaging our client's service.
    Tim Timrawi
    Founder, Sharktech
    https://sharktech.net
    Sharktech provides secure cyberspace with unique in-line and cloud-based DDoS protection.

  14. #14
    Hello Elix

    do you know how to stop system senind cron notice of this scripts , it sends like every3-5 minutes...

  15. #15
    Join Date
    Dec 2004
    Location
    New York, NY
    Posts
    10,574
    Quote Originally Posted by IKillBill
    Hello Elix

    do you know how to stop system senind cron notice of this scripts , it sends like every3-5 minutes...
    You mean the e-mails that say it has banned an IP address?
    MediaLayer, LLC - www.medialayer.com Learn how we can make your website load faster, translating to better conversion rates for your business!
    The pioneers of optimized web hosting, featuring LiteSpeed Web Server & SSD Storage - Celebrating 10 Years in Business

  16. #16
    Join Date
    Dec 2004
    Location
    New York, NY
    Posts
    10,574
    Quote Originally Posted by IKillBill
    Hello Elix

    script is working now and it send me note every 5 minutes

    I found that the same ip is baned repeatedly every 5 minutes, is that normal?

    I set this as you suggested
    Set NO_OF_CONNECTIONS=60 and BAN_PERIOD=10000
    Nope that is not normal. Generally connections will stop after the IP has been banned. Do you have a working install of APF? If not, try APF_BAN=0 in the conf file for the script.
    MediaLayer, LLC - www.medialayer.com Learn how we can make your website load faster, translating to better conversion rates for your business!
    The pioneers of optimized web hosting, featuring LiteSpeed Web Server & SSD Storage - Celebrating 10 Years in Business

  17. #17
    Quote Originally Posted by IKillBill
    I have a box at dedicatednow, which seems under DDOS

    what dedicatednow can do is only null the ip.

    We have APF -anti DOS and mod_merdevasive installed but no use

    looking for providers how have better DDOS mitidation as DN does not have any hardware firewall or ..etc

    thanks

    I suggest JustEdge.net they offer anti-DDOS protection that parralells gigeservers.com but at much better prices. Friendlier staff too imho.

  18. #18
    Quote Originally Posted by elix
    You mean the e-mails that say it has banned an IP address?

    yes, we just com eback from the weekend and it sends like thousands emails that say "XXXX IP has been banned" ..e.tc

  19. #19
    Quote Originally Posted by elix
    You mean the e-mails that say it has banned an IP address?
    added: except for email that says it has banned the IP and ALSO the cron mail that run like 3-5 minutes...

    thanks

  20. #20
    Join Date
    Mar 2003
    Location
    Edmonton, AB Canada
    Posts
    884
    I would recommend the following based on my personal experince:
    gigeservers.com
    staminus.net
    Also feel free to use the search option to read more on user reviews.
    Best of luck
    Ben S.

  21. #21
    Join Date
    Mar 2003
    Location
    Edmonton, AB Canada
    Posts
    884
    might also want to try sharktech.net also been with them for around 8 months. nice setup...
    Ben S.

  22. #22
    Trying http://www.bingdun.com/

    Than is good, you can try

  23. #23
    Join Date
    Nov 2005
    Location
    Denver, CO
    Posts
    728
    You should ask for providers who use technologies like CiscoGuard or Riverhead (same product actually) along with Arbor Netflow accounting. Having "DDoS Protection" could be as simple as having a black hole router or honey pot which still doesn't protect your particular IP, you still get null routed. Having an inline or OOB DDoS system is significantly better because legitimate traffic will still reach your server while the bad stuff gets "absorbed" by the DDoS guard box.

  24. #24

    Question How to Protect named against ddos attach

    what is your suggestion for DNS ddos and setting required for the above mentiond script ?

  25. #25

    attack association

    is there any association to introduce dos attacher ip address ?

  26. #26
    Join Date
    Aug 2004
    Location
    USA
    Posts
    240
    perelian,

    Please be more specific about the DNS DDoS attacks their are several types of DNS attacks. Usually DNS attacks can be crippling for your bandwidth pipe, but please give more details about your attack.

    Thanks
    Tim Timrawi
    Founder, Sharktech
    https://sharktech.net
    Sharktech provides secure cyberspace with unique in-line and cloud-based DDoS protection.

  27. #27
    Join Date
    May 2003
    Location
    Florida
    Posts
    877
    elix,

    Nice little script. Thanks for posting it here.

  28. #28
    Hi friends
    i have a problem with ddos

    it blocked an ip that i am trying to unblock but no luck.

    i removed the ignoreip file but still can not connect?
    any help please?
    thnak you.

  29. #29
    Join Date
    Jun 2005
    Posts
    87
    Quote Originally Posted by mycroftx
    I can put a good fw on my server tho, but it won't prevent the attack

    It has to be a good hardware firewall, a common (or good) software firewall, won't block a ddos attack.

  30. #30
    Join Date
    Apr 2006
    Posts
    33
    that looks like my perl script i posted on ev1servers forum a long long time ago, just in bash.

  31. #31

    Thumbs up Stop DDOS

    We use toplayer it prevents the bandwith from being used during a attack. Which stops the attack cold. The only thing it can not prevent is an internal attack by one of your user or sombody who hacked a users control panel.
    Squiggout: Exchange 2010, Sharepoint, Comunication Server, CRM, Server Instances, Reseller Hosting, and Shared Hosted.

    Silly name serious solutions

  32. #32
    Join Date
    Apr 2006
    Posts
    33
    there is absolutely nothing you can do if attack is strong enough to fill up your network pipe, you can't "prevent" bandwidth from being used, you use your bandwidth when you are dropping packets sent to you, the only thing you can do is filter ports so you are not sending back "port is closed" packets which will fill up your upstream bandwidth. I have been in this DDoS hell since forever :/

  33. #33

    Thumbs up Not the tech guy

    All I can tell you that it works we had the same problem and with 30,000+ plus users and 10,000+ websites it gets old fast. The last time we went off from a DDOS was the last time. We have not been off sense installation of Toplayer. It is not cheap but it works. toplayer.com

    Go read about it.
    Squiggout: Exchange 2010, Sharepoint, Comunication Server, CRM, Server Instances, Reseller Hosting, and Shared Hosted.

    Silly name serious solutions

  34. #34
    Join Date
    Aug 2004
    Location
    USA
    Posts
    240
    Squiggout what damir mentioned is true. It really depends on the kind of DDOS attack you are receiving are they ment to overload your bandwidth pipe? (in this case NO firewall at your end can help you).

    Some other like HTTP attacks target your services in the intention of a system overflow giving the server more than it can handle basiclly (this usually doesn't require lots of bandwidth can be done with no more than 512Kbps). Usually this will cause your server to go unresponsive may cause it to crash and a huge spike of OUTGOING traffic from this server attempting to respond to the flood of requests.

    I guess by implementing this Toplayer equipment you mentioned above managed to detect the Service-based dDoS attack and filtered them before reaching your server.

    If you end up receiving a BANDWIDTH attack that can reach above your pipe size you will go down, and IF you receive an attack with a high enough PacketPer Sec. that your TopLayer firewall can't handle it will also bring you down.

    In DDOS Mitigation you have to understand their are MANY ways to be attacked and each one of them almost a complete different ball game.

    Thanks
    Tim Timrawi
    Founder, Sharktech
    https://sharktech.net
    Sharktech provides secure cyberspace with unique in-line and cloud-based DDoS protection.

  35. #35
    Join Date
    Feb 2004
    Location
    here and there
    Posts
    746
    Quote Originally Posted by Jigy
    Squiggout what damir mentioned is true. It really depends on the kind of DDOS attack you are receiving are they ment to overload your bandwidth pipe? (in this case NO firewall at your end can help you).

    There are very easy ways to deal with this (for the provider, not for the end customer) - it's just a case of finding a host with enough clue to implement it.

    Awknet - DDoS Mitigation, Upstream ACLs/Filtering, Unmanaged Dedicated Servers, BGP IP Transit & More!

  36. #36
    Join Date
    Apr 2006
    Posts
    33
    jwr, not really. Most of providers are not writing custom software for this, the only one i have seen do that is ev1servers so far with its fireslayer (which is only partially written by ev1servers), to buy some kind of software/hardware that will deal with such big attacks you need really really deep pockets...most of providers can't even afford it.

  37. #37
    Join Date
    Aug 2004
    Location
    USA
    Posts
    240
    You cant be further from the truth jwr. DDOS Prevention is a VERY hard business. It's not as easy as slapping on a firewall and THERE YOU ARE GOOD TO GO!
    DDOS Protection requires lots of time spent, and money. Almost all providers that do DDOS firewalling have invested in their own mechanism of DDOS protection and that is alot of work.
    Tim Timrawi
    Founder, Sharktech
    https://sharktech.net
    Sharktech provides secure cyberspace with unique in-line and cloud-based DDoS protection.

  38. #38

    Ddos

    Thank you for the comments and agree with them. We have successfully stopped the attacks to my network and I have not been off sense installation because of DDOS. Maybe Squiggout has been lucky and will bring your comments to our operations review to make sure we are 100% protected.
    Squiggout: Exchange 2010, Sharepoint, Comunication Server, CRM, Server Instances, Reseller Hosting, and Shared Hosted.

    Silly name serious solutions

  39. #39
    Join Date
    Apr 2006
    Posts
    33
    what? ........

  40. #40

    Wink

    What exactly? I took the comments from everybody and gave them to my CIO because the comments to me seemed important.

    All I know is that toplayer works in conjunction with our firewall and software. I know that we have not gone off because of DDOS sense it was installed. That is real world data.

    DDOS protection starts right at the edge of your network before your firewall. There is no simple answer and there is no simple fix. The right fix to to catch the people doing it.
    Squiggout: Exchange 2010, Sharepoint, Comunication Server, CRM, Server Instances, Reseller Hosting, and Shared Hosted.

    Silly name serious solutions

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •