Page 1 of 2 12 LastLast
Results 1 to 25 of 30

Thread: DDoS Protection

  1. #1

    DDoS Protection

    I need a DDoS protection solution for one week until my server settles and the fing ddosers learn that it doesn;t work.

    can someone recommand me a solution thats less then $30 I install Dos_Defalte and Ddos_esisive no use. also tried APF.

  2. #2
    Join Date
    Feb 2004
    Posts
    390
    A ddos protection solution will probably cost you a few thousand dollars per month. I don't think you're going to find anything for $30. DDoS is not that cheap to mitigate unfortunately, otherwise everyone would be protected from it.

  3. #3
    so your saying small sites should be smashed by ddos?
    also I need it for temp not for everyday until this attack stops

  4. #4
    they are using over 800 different ips which are impossible to ban I have APF firewall which doesn't seem to do much other then protect ports whuch is doing a good job. dos_deflate is banning any connection over 60 and thats about it but thoses ips are only making 1 connection or more not sure If I ban manually I will be legit users

  5. #5
    Join Date
    Dec 2006
    Posts
    35
    Have you tried CSF + LFD? Or APF + BFD?

    http://www.webhostgear.com/60.html
    or
    http://www.configserver.com/cp/csf.html -> Install Instructions -> http://www.configserver.com/free/csf/install.txt

    Personally I like CSF + LFD.


    They might not stop it depending on how large it is but they can probably help.

    Edit: I almost forgot, you should probably install mod-evasive for PHP.
    http://www.webhostingtalk.com/showthread.php?t=481249

  6. #6
    Join Date
    Dec 2004
    Location
    New York, NY
    Posts
    10,710
    Quote Originally Posted by NhojOhl
    Have you tried CSF + LFD? Or APF + BFD?

    http://www.webhostgear.com/60.html
    or
    http://www.configserver.com/cp/csf.html -> Install Instructions -> http://www.configserver.com/free/csf/install.txt

    Personally I like CSF + LFD.


    They might not stop it depending on how large it is but they can probably help.

    Edit: I almost forgot, you should probably install mod-evasive for PHP.
    http://www.webhostingtalk.com/showthread.php?t=481249
    None of the above will help in any way whatsoever for the attack described.

  7. #7
    Join Date
    Feb 2004
    Posts
    390
    Quote Originally Posted by priceww
    so your saying small sites should be smashed by ddos?
    also I need it for temp not for everyday until this attack stops
    I'm not saying it's right, I'm saying that there isn't a solution for that kind of budget. Do you realize that devices like Toplayers that don't even block that well cost upwards of $100,000? DDoS requires some very complex filters to mitigate. People that write these filters are rare, and charge top dollar.

    So, like I said you are not going to find a cheap solution to DDoS. If there was a way to stop it for $30 I don't think Amazon and other big companies would have had a problem paying that to stop the attacks that have lost them millions in revenues.

  8. #8
    Join Date
    Nov 2000
    Location
    Holland
    Posts
    246
    I'd suggest doing a search for "ddos" to find threads in the offers forum for DDoS protected VPS. The servers in those offers are probably located at one of the providers specialized in DoS protection, such as Staminus, Gigeservers, SharkTech or Akwnet.

    I'm not sure if you can find such a VPS at $30 though, and the DoS protection provided probably isn't great. SYN floods and bandwidth based attacks will probably be mostly blocked, but more specific application level attacks might not.

  9. #9
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,525
    You absolutely, positively will not find an actually functional DDoS solution for less than three figures.

  10. #10
    How possible is it to track down the attacker? I mean, if you found a hacker that was well versed in the techniques, would it be possible for them to track them down?

  11. #11
    Join Date
    Nov 2005
    Location
    Denmark
    Posts
    189
    the problem with DDoS is that it usually comes from hundreds or thousands of "zombie" machines, and the attacker does not attack you with his own connection, but instead he gives commands to these zombies.

    The only way to track down the attacker is to either get access to one of these zombie machines and sniff it's connection until you find out where to commands come from, or you can try to find out how he infects.

    And even if you find that, he might still be hiding behind other hacked machines or chaining proxies, depending on his skill level. So it can be really hard to track him down
    Systems Developer/Programmer

  12. #12
    What exactly does the attack look like? udp based? icmp? tcp?

  13. #13
    Join Date
    Jan 2003
    Location
    Canada
    Posts
    5,073
    Quote Originally Posted by priceww
    I need a DDoS protection solution for one week until my server settles and the fing ddosers learn that it doesn;t work.

    can someone recommand me a solution thats less then $30 I install Dos_Defalte and Ddos_esisive no use. also tried APF.
    It seems to be work well enough that you're looking elsewhere?

    if you can give us an idea of how the attack is going down (eg. are they slamming apache, or are they just trying to saturate your bandwidth), from there, there are many users on this site that can at least give pointers.

    For any time i've had attacks, I always put my hosting at staminus and they kept all the bad people away

    What you could try todo that's free, though, is the following....

    On the dos-deflate site, they have a copy of the netstat command they run that builds out their list, you could run it and find out how many connections these IP's are.

    Eg...if all bots are making 50 connections each, but all your reg users are only making say 10, you could tell dos-deflate to lower it's threshhold to 50 or however many, and then you could knock the ip's out that way.

    As for dos-evasive, you can tell dos_evasive to actually hand off the ip's it marks as attackers to iptables, so then they're blocked that way. In the dos_evasive documents there is a part about "Extra" commands you can put in your httpd.conf

    Thanks,

    ~Francisco
    BuyVM - OpenVZ & KVM Based VPS Servers - Chat with us
    - All popular VPN methods supported
    - Affordable offloaded MySQL & DDoS protection
    - 5GB backup space, unmetered private LAN bandwidth & native IPv6 included. All with a strong serving of pony

  14. #14
    Join Date
    Jan 2006
    Location
    Jersey
    Posts
    2,971
    Quote Originally Posted by priceww
    I need a DDoS protection solution for one week until my server settles and the fing ddosers learn that it doesn;t work.

    can someone recommand me a solution thats less then $30 I install Dos_Defalte and Ddos_esisive no use. also tried APF.
    Gigenet provides top of the line DDoS Prtection. You can get it for cheap BUT you have to be ON their network.

    You can also get it outside their network but that will cost you around $2500 I believe.

    I dont know if its so serious that you will be willing to move to gigenet.
    Email: info ///at/// honelive.com

  15. #15
    Join Date
    Oct 2005
    Location
    Fleet Street
    Posts
    3,244
    You can also get it outside their network but that will cost you around $2500 I believe.
    I believe their ddosprotection.com service starts at $1000/m.

  16. #16
    Join Date
    Sep 2004
    Location
    Miami, FL
    Posts
    2,762
    I'm not sure why you're having problem with DDOS. Most DC's if not all will actually have some kind of DDOS protection installed. If you do get DDOSed, the people on the same network as you will also suffer and I'm sure the DC will not allow that to happen.

    But if you're looking at a personal level, then I guess you're gonna be looking at something with at least 4 figures. Sorry to say but $30 is not going to be doing much help at all.
    Aaron Ong
    Dedicated Servers - 100TB Servers - 100Mbps Unmetered Servers - Web Hosting - CDN Network
    Servers in Central, East/West Coast USA, EUROPE and ASIA
    Welltodo Century
    - www.welltodocentury.com

  17. #17
    Join Date
    May 2006
    Posts
    1,426
    yeah real ddos protection is very costly but you can be protected against most normal kids who sling 50-100mbit worth of ddos at many places. Awknet, staminus, sharktech, etc; (Im sure some can handle more then that, just a guess)
    When you get attacks bigger then that or you want want 100% protection from every level then you are looking at some big bucks, If you dont have something that profitable to protect then you probably will have to call it quits.

    Kids are getting bigger botnets now a days and 300mbit -1 gb attacks are almost commonplace.

    Another method you can use is try to find out who, what, where, and why your server is being ddosed and try to resolve it with the attacker and attacking parties. Doesn't work all the time, mostly they just wanna see the site or person offline forever but its worked for me more times then it didn't

  18. #18
    Join Date
    Nov 2005
    Posts
    346
    Quote Originally Posted by Anantha
    Gigenet provides top of the line DDoS Prtection. You can get it for cheap BUT you have to be ON their network.
    Wouldn't it make sense then to get some machines there and just use reverse proxies yourself? It's a bit more fiddling, but if it saves a lot, then it's worth it.

  19. #19
    Try contacting your current provider and ask if they offer such service. I think that would be cheaper if you dont want to move. Or try a ddos/proxy shield but thats a bit more pricey heh

    Other providers who offer dedicated servers with ddos protection are: awknet, gigeservers, staminus, etc, etc. Lots of topic about that, try searching them. I know awknet can stop gbit attacks.

  20. #20
    Join Date
    Jan 2007
    Posts
    41
    Quote Originally Posted by Groovy
    I know awknet can stop gbit attacks.
    Never! awknet have only 1 Gbits to Cogent.

    I had a lot "null routes" on awknet.

  21. #21
    Join Date
    Feb 2006
    Posts
    76
    Try sharktech.net

  22. #22
    Join Date
    May 2006
    Posts
    1,426
    Quote Originally Posted by XtAzY
    Try sharktech.net
    ya they dont even bother to packet sharktech anymore because it will go down without them wasting their bots, good suggestion.

    You got the cash - go gigeservers or staminus with secureport

    And about awknet, they arent really bad at all, had some null routes but I knew for a fact I was getting some crazy dns amp attacks from some kid on efnet that had to be 3+gbs

  23. #23
    Join Date
    Jan 2007
    Posts
    41
    Gigeservers has no Server. I have now a server on staminus. Very nice Webinterface with some features.

  24. #24
    Join Date
    Feb 2004
    Location
    here and there
    Posts
    767
    Quote Originally Posted by J-B[away]
    Never! awknet have only 1 Gbits to Cogent.

    I had a lot "null routes" on awknet.
    There are 2gbits of connectivity in DC1, but yes we had to nullroute your 1+ gbps attacks due to frequency and volume of traffic consumed. This is a major factor to why we're setting up DC2, where we can pull in bandwidth from other providers and avoid these nullroutes.
    Dedicated Servers, Virtual Machines, Colocation, BGP & IPs
    objx.net - AS33333 - Salt Lake, Utah
    awknet.com - AS17048 - Los Angeles, California

  25. #25
    Join Date
    Jan 2006
    Location
    Jersey
    Posts
    2,971
    Quote Originally Posted by Loktari
    Wouldn't it make sense then to get some machines there and just use reverse proxies yourself? It's a bit more fiddling, but if it saves a lot, then it's worth it.
    I'm not sure, if there is someway to get around and be out of their network and dont not pay the high fees, I'm sure they have some policies in place to prevent that.

    If they dont, it might just be inefficient because there are a lot of filters in place to begin with so if you do more "fiddling" over what is already been fiddled with then it might decrease the overall performance of your server.
    Email: info ///at/// honelive.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •