Results 1 to 20 of 20

Thread: DDOS attack

  1. #1
    Join Date
    Feb 2006
    Location
    India
    Posts
    858

    DDOS attack

    Some of my websites have been under a DDOS attack for about a month now. Is there any way I can find who is behind this attack and what their motive is?

    How much does it cost to launch a DDOS attack and how long do they usually last?

    Thanks

  2. #2
    Join Date
    Apr 2005
    Posts
    1,711
    What are you hosting?

  3. #3
    Join Date
    Feb 2006
    Location
    India
    Posts
    858
    Nothing, mostly static HTML pages , a few forums (which are now offline).

  4. #4
    Join Date
    Apr 2005
    Posts
    1,711
    What kind of forums?

  5. #5
    Join Date
    Feb 2006
    Location
    India
    Posts
    858
    Standard PHPBB/SMF forums on non-controversial subjects. How does the content of the forums matter?

  6. #6
    Join Date
    Apr 2005
    Posts
    1,711
    Perhaps someone posted something someone didn't like, happens all the time. Stupid kids and their feelings.

  7. #7
    Join Date
    Feb 2008
    Posts
    269
    Quote Originally Posted by dnki View Post
    How much does it cost to launch a DDOS attack and how long do they usually last?

    Thanks
    Can't be sure about it but attacks from this scale wouldn't last for long time simply because the individuals who hire these botnets can not afford more attacks or because the people that are running the botnet want to launch an attack on some other target (big companies that are worth a lot of money/day for being online). And the usual case of course is extortion.

    Your case seems to me like some wannabe hacker kids trying to learn on your site.

  8. #8
    Join Date
    Feb 2006
    Location
    India
    Posts
    858
    Quote Originally Posted by ElTino View Post
    Your case seems to me like some wannabe hacker kids trying to learn on your site.
    I also think so, it is not very well thought out. If it is for extortion , do they contact the site owner?

  9. #9
    Join Date
    Feb 2004
    Location
    New Zealand
    Posts
    1,202
    How big is the attack?

    Have you logged the IP's that are flooding your server?

    Are you going to scan one of the attacking hosts and see if they are infected with a common bot and try to trace back the botnet master?

    Also, do you have any staff members on the forum that would " stir **** " ?

    Consider mod_dosevasive/evasive - Will block http crafted dDOS attacks.

    Really, we can't help you realistically because we don't have enough information regarding the attack.

    Best Regards,
    Logan
    DigitalGoods.info
    FREE Shared, Mega Resellers + Dedicated Servers

  10. #10
    Join Date
    Feb 2008
    Posts
    269
    Quote Originally Posted by dnki View Post
    I also think so, it is not very well thought out. If it is for extortion , do they contact the site owner?
    They sure do if they want to collect some money. Asking that question makes me think that no one has called you so far, which means that your case has a different nature.

  11. #11
    Join Date
    Feb 2006
    Location
    India
    Posts
    858
    Quote Originally Posted by ElTino View Post
    They sure do if they want to collect some money. Asking that question makes me think that no one has called you so far, which means that your case has a different nature.
    What could be the different nature of my case? No one has contacted me so far, my sites are fairly small
    Last edited by dnki; 03-17-2008 at 10:52 AM.

  12. #12
    Join Date
    Feb 2008
    Posts
    269
    Quote Originally Posted by dnki View Post
    What could be the different nature of my case? No one has contacted me so far, my sites are fairly small

    That's what I said. No one has called you so far which means that that the attack was not an extortion attempt.

  13. #13
    Join Date
    Feb 2006
    Location
    India
    Posts
    858
    Then what kind of attack can it be?

  14. #14
    Join Date
    May 2006
    Location
    San Francisco
    Posts
    7,200
    Quote Originally Posted by dnki View Post
    Then what kind of attack can it be?
    There are a lot of people on the internet who do what they do... just for the heck of it.

  15. #15
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,512
    Quote Originally Posted by LoganNZ View Post
    How big is the attack?

    Have you logged the IP's that are flooding your server?

    Are you going to scan one of the attacking hosts and see if they are infected with a common bot and try to trace back the botnet master?

    Also, do you have any staff members on the forum that would " stir **** " ?

    Consider mod_dosevasive/evasive - Will block http crafted dDOS attacks.

    Really, we can't help you realistically because we don't have enough information regarding the attack.

    Best Regards,
    Logan
    I recommend against using any of these Apache mods. Instead, purchase Litespeed httpd. It is much better suited to handle low level DDoS attacks.

  16. #16
    Join Date
    Feb 2004
    Location
    New Zealand
    Posts
    1,202
    Quote Originally Posted by IRCCo Jeff View Post
    I recommend against using any of these Apache mods. Instead, purchase Litespeed httpd. It is much better suited to handle low level DDoS attacks.
    litespeed is just a band-aid. It doesn't fix anything, it replaces apache with a smaller daemon and memory footprint.

    The apache mods that i suggested, have worked perfectly for my clients...
    DigitalGoods.info
    FREE Shared, Mega Resellers + Dedicated Servers

  17. #17
    Join Date
    Jan 2006
    Location
    Europe
    Posts
    50

    Thumbs up

    Quote Originally Posted by LoganNZ View Post
    litespeed is just a band-aid. It doesn't fix anything, it replaces apache with a smaller daemon and memory footprint.

    The apache mods that i suggested, have worked perfectly for my clients...
    Hehe sounds original, LoganNZ. mod_evasive won't stop any _real_ ddos attack. Thouse modules is just for prevention. It only works against small attacks from script kiddies, as someone posted before ;] Anyway, dkni - you should try them.


  18. #18
    Join Date
    Feb 2003
    Posts
    286
    Found this the other day, looks interesting:

    http://deflate.medialayer.com/

  19. #19
    Join Date
    Feb 2008
    Posts
    269
    Quote Originally Posted by dnki View Post
    Then what kind of attack can it be?
    Apart from the extortion scenario a ddos attack could be performed by an individual or a company that is your competition in some way. Could be someone who's just trying to prove himself or gain authority among the hacking society, it could also be the case that this was initiated by some attacker who has the knowledge to do it and he's just enjoying himself. The things that drive an attacker to launch attacks could be various.

  20. #20
    Join Date
    Nov 2004
    Location
    Australia
    Posts
    1,683
    Sure this is a DDOS? If it was a real DDOS your server would be dead in the water, they're almost impossible to defend against. Without knowing numbers of IP ranges, volume of packets/data and how often the IPs change it's impossible for us to say.

    mod_dosevasive will help a little if the IPs are not changing. You'd be better off blocking the packets at a lower level though and for that you should use Configserver's CSF which will block misbehaving IPs in the kernel, before they get to your httpd and waste cpu cycles. Not as effective on non-cpanel machines but it will still help. CSF also blocks certain known evil-hacker-controlled IP ranges, updated on a daily basis. If your attacks come from certain IPs, or certain IP ranges, just block the ranges (eg if it's Nigeria, just block the whole country, etc).

    Litespeed may help if you're under serious attack, but I doubt it from what you say and I wouldn't waste your time with it. The lower level kernel firewalling is the way to go for a first step, then add in the other things.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •