Results 1 to 30 of 30

Thread: DDoS Protection

  1. #1

    DDoS Protection

    I need a DDoS protection solution for one week until my server settles and the fing ddosers learn that it doesn;t work.

    can someone recommand me a solution thats less then $30 I install Dos_Defalte and Ddos_esisive no use. also tried APF.

  2. #2
    Join Date
    Feb 2004
    Posts
    390
    A ddos protection solution will probably cost you a few thousand dollars per month. I don't think you're going to find anything for $30. DDoS is not that cheap to mitigate unfortunately, otherwise everyone would be protected from it.

  3. #3
    so your saying small sites should be smashed by ddos?
    also I need it for temp not for everyday until this attack stops

  4. #4
    they are using over 800 different ips which are impossible to ban I have APF firewall which doesn't seem to do much other then protect ports whuch is doing a good job. dos_deflate is banning any connection over 60 and thats about it but thoses ips are only making 1 connection or more not sure If I ban manually I will be legit users

  5. #5
    Join Date
    Dec 2006
    Posts
    34
    Have you tried CSF + LFD? Or APF + BFD?

    http://www.webhostgear.com/60.html
    or
    http://www.configserver.com/cp/csf.html -> Install Instructions -> http://www.configserver.com/free/csf/install.txt

    Personally I like CSF + LFD.


    They might not stop it depending on how large it is but they can probably help.

    Edit: I almost forgot, you should probably install mod-evasive for PHP.
    http://www.webhostingtalk.com/showthread.php?t=481249

  6. #6
    Join Date
    Dec 2004
    Location
    New York, NY
    Posts
    10,574
    Quote Originally Posted by NhojOhl
    Have you tried CSF + LFD? Or APF + BFD?

    http://www.webhostgear.com/60.html
    or
    http://www.configserver.com/cp/csf.html -> Install Instructions -> http://www.configserver.com/free/csf/install.txt

    Personally I like CSF + LFD.


    They might not stop it depending on how large it is but they can probably help.

    Edit: I almost forgot, you should probably install mod-evasive for PHP.
    http://www.webhostingtalk.com/showthread.php?t=481249
    None of the above will help in any way whatsoever for the attack described.

  7. #7
    Join Date
    Feb 2004
    Posts
    390
    Quote Originally Posted by priceww
    so your saying small sites should be smashed by ddos?
    also I need it for temp not for everyday until this attack stops
    I'm not saying it's right, I'm saying that there isn't a solution for that kind of budget. Do you realize that devices like Toplayers that don't even block that well cost upwards of $100,000? DDoS requires some very complex filters to mitigate. People that write these filters are rare, and charge top dollar.

    So, like I said you are not going to find a cheap solution to DDoS. If there was a way to stop it for $30 I don't think Amazon and other big companies would have had a problem paying that to stop the attacks that have lost them millions in revenues.

  8. #8
    Join Date
    Nov 2000
    Location
    Holland
    Posts
    246
    I'd suggest doing a search for "ddos" to find threads in the offers forum for DDoS protected VPS. The servers in those offers are probably located at one of the providers specialized in DoS protection, such as Staminus, Gigeservers, SharkTech or Akwnet.

    I'm not sure if you can find such a VPS at $30 though, and the DoS protection provided probably isn't great. SYN floods and bandwidth based attacks will probably be mostly blocked, but more specific application level attacks might not.

  9. #9
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,512
    You absolutely, positively will not find an actually functional DDoS solution for less than three figures.

  10. #10
    How possible is it to track down the attacker? I mean, if you found a hacker that was well versed in the techniques, would it be possible for them to track them down?

  11. #11
    Join Date
    Nov 2005
    Location
    Denmark
    Posts
    188
    the problem with DDoS is that it usually comes from hundreds or thousands of "zombie" machines, and the attacker does not attack you with his own connection, but instead he gives commands to these zombies.

    The only way to track down the attacker is to either get access to one of these zombie machines and sniff it's connection until you find out where to commands come from, or you can try to find out how he infects.

    And even if you find that, he might still be hiding behind other hacked machines or chaining proxies, depending on his skill level. So it can be really hard to track him down
    Systems Developer/Programmer

  12. #12
    What exactly does the attack look like? udp based? icmp? tcp?

  13. #13
    Join Date
    Jan 2003
    Location
    Canada
    Posts
    4,845
    Quote Originally Posted by priceww
    I need a DDoS protection solution for one week until my server settles and the fing ddosers learn that it doesn;t work.

    can someone recommand me a solution thats less then $30 I install Dos_Defalte and Ddos_esisive no use. also tried APF.
    It seems to be work well enough that you're looking elsewhere?

    if you can give us an idea of how the attack is going down (eg. are they slamming apache, or are they just trying to saturate your bandwidth), from there, there are many users on this site that can at least give pointers.

    For any time i've had attacks, I always put my hosting at staminus and they kept all the bad people away

    What you could try todo that's free, though, is the following....

    On the dos-deflate site, they have a copy of the netstat command they run that builds out their list, you could run it and find out how many connections these IP's are.

    Eg...if all bots are making 50 connections each, but all your reg users are only making say 10, you could tell dos-deflate to lower it's threshhold to 50 or however many, and then you could knock the ip's out that way.

    As for dos-evasive, you can tell dos_evasive to actually hand off the ip's it marks as attackers to iptables, so then they're blocked that way. In the dos_evasive documents there is a part about "Extra" commands you can put in your httpd.conf

    Thanks,

    ~Francisco
    BuyVM - OpenVZ & KVM Based VPS Servers - Chat with us
    - All popular VPN methods supported
    - Affordable offloaded MySQL & DDoS protection
    - 5GB backup space, unmetered private LAN bandwidth & native IPv6 included. All with a strong serving of pony

  14. #14
    Join Date
    Jan 2006
    Location
    Jersey
    Posts
    2,965
    Quote Originally Posted by priceww
    I need a DDoS protection solution for one week until my server settles and the fing ddosers learn that it doesn;t work.

    can someone recommand me a solution thats less then $30 I install Dos_Defalte and Ddos_esisive no use. also tried APF.
    Gigenet provides top of the line DDoS Prtection. You can get it for cheap BUT you have to be ON their network.

    You can also get it outside their network but that will cost you around $2500 I believe.

    I dont know if its so serious that you will be willing to move to gigenet.
    Email: info ///at/// honelive.com

  15. #15
    Join Date
    Oct 2005
    Location
    Fleet Street
    Posts
    3,243
    You can also get it outside their network but that will cost you around $2500 I believe.
    I believe their ddosprotection.com service starts at $1000/m.

  16. #16
    Join Date
    Sep 2004
    Location
    Miami, FL
    Posts
    2,762
    I'm not sure why you're having problem with DDOS. Most DC's if not all will actually have some kind of DDOS protection installed. If you do get DDOSed, the people on the same network as you will also suffer and I'm sure the DC will not allow that to happen.

    But if you're looking at a personal level, then I guess you're gonna be looking at something with at least 4 figures. Sorry to say but $30 is not going to be doing much help at all.
    Aaron Ong
    Dedicated Servers - 100TB Servers - 100Mbps Unmetered Servers - Web Hosting - CDN Network
    Servers in Central, East/West Coast USA, EUROPE and ASIA
    Welltodo Century
    - www.welltodocentury.com

  17. #17
    Join Date
    May 2006
    Posts
    1,398
    yeah real ddos protection is very costly but you can be protected against most normal kids who sling 50-100mbit worth of ddos at many places. Awknet, staminus, sharktech, etc; (Im sure some can handle more then that, just a guess)
    When you get attacks bigger then that or you want want 100% protection from every level then you are looking at some big bucks, If you dont have something that profitable to protect then you probably will have to call it quits.

    Kids are getting bigger botnets now a days and 300mbit -1 gb attacks are almost commonplace.

    Another method you can use is try to find out who, what, where, and why your server is being ddosed and try to resolve it with the attacker and attacking parties. Doesn't work all the time, mostly they just wanna see the site or person offline forever but its worked for me more times then it didn't

  18. #18
    Join Date
    Nov 2005
    Posts
    346
    Quote Originally Posted by Anantha
    Gigenet provides top of the line DDoS Prtection. You can get it for cheap BUT you have to be ON their network.
    Wouldn't it make sense then to get some machines there and just use reverse proxies yourself? It's a bit more fiddling, but if it saves a lot, then it's worth it.

  19. #19
    Try contacting your current provider and ask if they offer such service. I think that would be cheaper if you dont want to move. Or try a ddos/proxy shield but thats a bit more pricey heh

    Other providers who offer dedicated servers with ddos protection are: awknet, gigeservers, staminus, etc, etc. Lots of topic about that, try searching them. I know awknet can stop gbit attacks.

  20. #20
    Join Date
    Jan 2007
    Posts
    41
    Quote Originally Posted by Groovy
    I know awknet can stop gbit attacks.
    Never! awknet have only 1 Gbits to Cogent.

    I had a lot "null routes" on awknet.

  21. #21
    Join Date
    Feb 2006
    Posts
    76
    Try sharktech.net

  22. #22
    Join Date
    May 2006
    Posts
    1,398
    Quote Originally Posted by XtAzY
    Try sharktech.net
    ya they dont even bother to packet sharktech anymore because it will go down without them wasting their bots, good suggestion.

    You got the cash - go gigeservers or staminus with secureport

    And about awknet, they arent really bad at all, had some null routes but I knew for a fact I was getting some crazy dns amp attacks from some kid on efnet that had to be 3+gbs

  23. #23
    Join Date
    Jan 2007
    Posts
    41
    Gigeservers has no Server. I have now a server on staminus. Very nice Webinterface with some features.

  24. #24
    Join Date
    Feb 2004
    Location
    here and there
    Posts
    746
    Quote Originally Posted by J-B[away]
    Never! awknet have only 1 Gbits to Cogent.

    I had a lot "null routes" on awknet.
    There are 2gbits of connectivity in DC1, but yes we had to nullroute your 1+ gbps attacks due to frequency and volume of traffic consumed. This is a major factor to why we're setting up DC2, where we can pull in bandwidth from other providers and avoid these nullroutes.

    Awknet - DDoS Mitigation, Upstream ACLs/Filtering, Unmanaged Dedicated Servers, BGP IP Transit & More!

  25. #25
    Join Date
    Jan 2006
    Location
    Jersey
    Posts
    2,965
    Quote Originally Posted by Loktari
    Wouldn't it make sense then to get some machines there and just use reverse proxies yourself? It's a bit more fiddling, but if it saves a lot, then it's worth it.
    I'm not sure, if there is someway to get around and be out of their network and dont not pay the high fees, I'm sure they have some policies in place to prevent that.

    If they dont, it might just be inefficient because there are a lot of filters in place to begin with so if you do more "fiddling" over what is already been fiddled with then it might decrease the overall performance of your server.
    Email: info ///at/// honelive.com

  26. #26
    Join Date
    Oct 2004
    Location
    Latvia
    Posts
    105
    Good old iptables plus some scripts may help you. But only if you have enough knowledge in TCP/IP and so on.

  27. #27
    Join Date
    Oct 2005
    Location
    Fleet Street
    Posts
    3,243
    Good old iptables plus some scripts may help you. But only if you have enough knowledge in TCP/IP and so on.
    Please read the thread before posting

  28. #28
    Join Date
    Jul 2006
    Location
    Detroit, MI
    Posts
    1,955
    Quote Originally Posted by priceww
    so your saying small sites should be smashed by ddos?

    Yes. This is the cost of provding a higly-reliable website. I get the imrpession you thought you could get this on the cheap. It's a shame all these budget-hosts have screwed up the expectations of so many.

  29. #29
    Join Date
    Dec 2002
    Location
    Emerald Cove, Unformed
    Posts
    1,599
    One by one. Log all the ips (zombies or not), tracert and look up the ISP's security contact information. Report the ips and the times used and length of time. The ISP has one week to either cut off the subscriber or have the subscriber fix their machines. If they do not do that, you can take the ISP to court.

    If everybody did this, there would be less zombie machines to contend with and less dos attacks from criminals.

    That works for the USA, but what about other countries? If their ISPs refuse to do anything, block out the country. If that country's government is too lazy to do it's job, it doesn't have the right to exist.

    Some people say report to the FBI, but it's a joke.
    1. Mmmmm food...

  30. #30
    Join Date
    Dec 2004
    Location
    New York, NY
    Posts
    10,574
    The ISP has one week to either cut off the subscriber or have the subscriber fix their machines. If they do not do that, you can take the ISP to court.
    The cost of handling the matters through court will often exceed the cost of just getting proper protection.

    just my $0.02

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •