Web Hosting Talk : Web Hosting Main Forums : Dedicated Server : DDoS Protection

[priceww]

I need a DDoS protection solution for one week until my server settles and the fing ddosers learn that it doesn;t work.

can someone recommand me a solution thats less then $30 I install Dos_Defalte and Ddos_esisive no use. also tried APF.

[mj4589]

A ddos protection solution will probably cost you a few thousand dollars per month. I don't think you're going to find anything for $30. DDoS is not that cheap to mitigate unfortunately, otherwise everyone would be protected from it.

[priceww]

so your saying small sites should be smashed by ddos?
also I need it for temp not for everyday until this attack stops

[priceww]

they are using over 800 different ips which are impossible to ban I have APF firewall which doesn't seem to do much other then protect ports whuch is doing a good job. dos_deflate is banning any connection over 60 and thats about it but thoses ips are only making 1 connection or more not sure If I ban manually I will be legit users

[NhojOhl]

Have you tried CSF + LFD? Or APF + BFD?

http://www.webhostgear.com/60.html
or
http://www.configserver.com/cp/csf.html -> Install Instructions -> http://www.configserver.com/free/csf/install.txt

Personally I like CSF + LFD.


They might not stop it depending on how large it is but they can probably help.

Edit: I almost forgot, you should probably install mod-evasive for PHP.
http://www.webhostingtalk.com/showthread.php?t=481249

[layer0]

Quote:

Originally Posted by NhojOhl

Have you tried CSF + LFD? Or APF + BFD?

http://www.webhostgear.com/60.html
or
http://www.configserver.com/cp/csf.html -> Install Instructions -> http://www.configserver.com/free/csf/install.txt

Personally I like CSF + LFD.


They might not stop it depending on how large it is but they can probably help.

Edit: I almost forgot, you should probably install mod-evasive for PHP.
http://www.webhostingtalk.com/showthread.php?t=481249

None of the above will help in any way whatsoever for the attack described.

[mj4589]

Quote:

Originally Posted by priceww

so your saying small sites should be smashed by ddos?
also I need it for temp not for everyday until this attack stops

I'm not saying it's right, I'm saying that there isn't a solution for that kind of budget. Do you realize that devices like Toplayers that don't even block that well cost upwards of $100,000? DDoS requires some very complex filters to mitigate. People that write these filters are rare, and charge top dollar.

So, like I said you are not going to find a cheap solution to DDoS. If there was a way to stop it for $30 I don't think Amazon and other big companies would have had a problem paying that to stop the attacks that have lost them millions in revenues.

[GHDpro]

I'd suggest doing a search for "ddos" to find threads in the offers forum for DDoS protected VPS. The servers in those offers are probably located at one of the providers specialized in DoS protection, such as Staminus, Gigeservers, SharkTech or Akwnet.

I'm not sure if you can find such a VPS at $30 though, and the DoS protection provided probably isn't great. SYN floods and bandwidth based attacks will probably be mostly blocked, but more specific application level attacks might not.

[IRCCo Jeff]

You absolutely, positively will not find an actually functional DDoS solution for less than three figures.

[ludachris]

How possible is it to track down the attacker? I mean, if you found a hacker that was well versed in the techniques, would it be possible for them to track them down?

[zsuatt]

the problem with DDoS is that it usually comes from hundreds or thousands of "zombie" machines, and the attacker does not attack you with his own connection, but instead he gives commands to these zombies.

The only way to track down the attacker is to either get access to one of these zombie machines and sniff it's connection until you find out where to commands come from, or you can try to find out how he infects.

And even if you find that, he might still be hiding behind other hacked machines or chaining proxies, depending on his skill level. So it can be really hard to track him down

[sloan]

What exactly does the attack look like? udp based? icmp? tcp?

[DeltaAnime]

Quote:

Originally Posted by priceww

I need a DDoS protection solution for one week until my server settles and the fing ddosers learn that it doesn;t work.

can someone recommand me a solution thats less then $30 I install Dos_Defalte and Ddos_esisive no use. also tried APF.

It seems to be work well enough that you're looking elsewhere?

if you can give us an idea of how the attack is going down (eg. are they slamming apache, or are they just trying to saturate your bandwidth), from there, there are many users on this site that can at least give pointers.

For any time i've had attacks, I always put my hosting at staminus and they kept all the bad people away

What you could try todo that's free, though, is the following....

On the dos-deflate site, they have a copy of the netstat command they run that builds out their list, you could run it and find out how many connections these IP's are.

Eg...if all bots are making 50 connections each, but all your reg users are only making say 10, you could tell dos-deflate to lower it's threshhold to 50 or however many, and then you could knock the ip's out that way.

As for dos-evasive, you can tell dos_evasive to actually hand off the ip's it marks as attackers to iptables, so then they're blocked that way. In the dos_evasive documents there is a part about "Extra" commands you can put in your httpd.conf

Thanks,

~Francisco

[HNLV]

Quote:

Originally Posted by priceww

I need a DDoS protection solution for one week until my server settles and the fing ddosers learn that it doesn;t work.

can someone recommand me a solution thats less then $30 I install Dos_Defalte and Ddos_esisive no use. also tried APF.

Gigenet provides top of the line DDoS Prtection. You can get it for cheap BUT you have to be ON their network.

You can also get it outside their network but that will cost you around $2500 I believe.

I dont know if its so serious that you will be willing to move to gigenet.

[avythe]

Quote:

You can also get it outside their network but that will cost you around $2500 I believe.

I believe their ddosprotection.com service starts at $1000/m.