Results 1 to 16 of 16
  1. #1
    Join Date
    Jun 2009
    Posts
    37

    if 1 website were to get attacked

    if i were to have 1 website get have a DDoS attack to it, would it knock out my server for a while, and can i recover the server by restarting it?

  2. #2
    Join Date
    Jun 2009
    Location
    Event Horizon
    Posts
    19
    Quote Originally Posted by geeksmart View Post
    if i were to have 1 website get have a DDoS attack to it, would it knock out my server for a while, and can i recover the server by restarting it?
    Yes, it would. You can recover by a restart but you got to take measures to prevent the attack from happening again.

  3. #3
    Join Date
    Jun 2009
    Posts
    37
    Quote Originally Posted by brain_damage View Post
    Yes, it would. You can recover by a restart but you got to take measures to prevent the attack from happening again.
    maybe a proxy?

  4. #4
    Join Date
    Aug 2005
    Location
    UK
    Posts
    654
    Quote Originally Posted by brain_damage View Post
    Yes, it would. You can recover by a restart but you got to take measures to prevent the attack from happening again.
    Restarting a machine that is being attacked by DDoS would have absolutely zero effect. As soon as it come back up, the DDoS would continue.

    Why would you think otherwise?

  5. #5
    Join Date
    Jun 2009
    Posts
    37
    Quote Originally Posted by Xeentech View Post
    Restarting a machine that is being attacked by DDoS would have absolutely zero effect. As soon as it come back up, the DDoS would continue.

    Why would you think otherwise?
    what could i do to prevent it. Is there software that allows a certain amount of traffic to get to the server?

  6. #6
    Join Date
    Jun 2009
    Location
    Event Horizon
    Posts
    19
    Quote Originally Posted by Xeentech View Post
    Restarting a machine that is being attacked by DDoS would have absolutely zero effect. As soon as it come back up, the DDoS would continue.

    Why would you think otherwise?
    I don't think otherwise. That's why I said you got to take measures to prevent it from happening. Maybe I phrased it the wrong way.

  7. #7
    install mod_evasive this will resolve this isssue for DDOS attack

  8. #8
    Join Date
    Oct 2007
    Location
    Moldova
    Posts
    103
    Quote Originally Posted by linux-engineer View Post
    install mod_evasive this will resolve this isssue for DDOS attack
    mod_evasive is good but this wont stop big DDos or some special DDos attack.

    You have to configrure firewall and limit number of connections per IP address to your web server port.

  9. #9
    Join Date
    Nov 2004
    Location
    Australia
    Posts
    1,683
    mod_evasive good? Have you actually ever used it or seen it help a DDOS?!?!?? You can't be serious.

    Lots of hopelessly bad advice in this thread. Lots of good advice to be found by Googling and doing some reading.

    DDOSes aint simple to fight. There are a number of things you can do (like SYN flood hardening, etc). At the end of the day it's better not to annoy people enough to DDOS you.

  10. #10
    Join Date
    Jun 2009
    Posts
    37
    Quote Originally Posted by brianoz View Post
    mod_evasive good? Have you actually ever used it or seen it help a DDOS?!?!?? You can't be serious.

    Lots of hopelessly bad advice in this thread. Lots of good advice to be found by Googling and doing some reading.

    DDOSes aint simple to fight. There are a number of things you can do (like SYN flood hardening, etc). At the end of the day it's better not to annoy people enough to DDOS you.
    yeah, but if 1 website were to be DDoSed, then my server of 500 is websites is knocked down.

  11. #11
    Join Date
    Oct 2005
    Location
    Austin, TX
    Posts
    260
    That is correct, and in reality the best way to fight a DDoS attack is to harden your server to handle connections the best. Next to that, is just get as much bandwidth as you can... the most effective DDoS attacks just flood your port with UDP packets, they don't even care about connections to Apache or anything. If you suspect a site might get DDoS attacked, the best thing to do is set them on their own IP, of "dangerous sites" or something, and have that ip null routed once an attack starts. I'd be careful though who you make angry.. because it can cost you a lot of money in the end with bandwidth charges if you get DDoSed hard.
    Cody McLain
    Founder of PacificHost / AptHost

  12. #12
    Join Date
    Aug 2008
    Location
    Shoreline WA
    Posts
    160
    In the case of 1 site on server with 500 other sites, the first thing I would suggest doing is to set them on their own VPS or other server so that it does not effect your other sites. Then you can mitigate it a defensive measure that matches what ever kind of DDOS is happening. Some DDOS attacks can not even be fully mitigated by an end user, or even by a specific hosting provider. Be sure to communicate with your host what you are doing, so that they can help you take what ever actions need to be taken with that in mind.
    Jonathan Kinney
    Data Systems Specialist
    Advantagecom Networks, Inc.
    http://www.simplywebhosting.com

  13. #13
    Join Date
    Jun 2009
    Posts
    37
    Quote Originally Posted by Jonathan Kinney View Post
    In the case of 1 site on server with 500 other sites, the first thing I would suggest doing is to set them on their own VPS or other server so that it does not effect your other sites. Then you can mitigate it a defensive measure that matches what ever kind of DDOS is happening. Some DDOS attacks can not even be fully mitigated by an end user, or even by a specific hosting provider. Be sure to communicate with your host what you are doing, so that they can help you take what ever actions need to be taken with that in mind.
    I could not read this clearly. Did you want me to give 1 vps per website, or have a backup vps?

  14. #14
    Join Date
    Feb 2008
    Posts
    829
    DoS attacks happen at a very low layer, and happen by IP not by hostname, so you could actually block every single port in your firewall and you'd still be under attack as the damage is done as soon as the (millions of) packets hit your server.

    Unfortunatly there's not much you can do about it, and based on my own research the law wont hardly do anything about it, unless you're a super mega corporation like the RIAA or microsoft. The law wont care about individuals. You need a hardware DDoS mitigation service/device and you'll pay more for that.

    A crappy DDoS attack that only attacks at the port level can then be blocked by software based solutions like some special iptables script that detects hammering or something and blocks the IP. A real DDoS attack will send tons of syn packets which is at lower level of the osi model.

  15. #15
    Join Date
    Oct 2005
    Location
    Austin, TX
    Posts
    260
    Red Squirrel, your correct on most of your facts, not all though. Though it is true they really wont care. IC3, FBI, ect.. wont do anything unless theres over $10,000 in proven damage. And then they might not if your some small company. It costs too much to track these people.

    About the syn packets, there actually not the bad ones, you can filter them out easier actually. The UDP packets are the harsh ones.

    UDP is a simpler message-based connectionless protocol. Connectionless protocols do not set up a dedicated end-to-end connection. Communication is achieved by transmitting information in one direction from source to destination without verifying the readiness or state of the receiver.
    This means that unlike TCP packets and such, theres no .. return required, so they can just send a lot more packets without caring about a response. There "forced" packets. These are the ones that hurt the most and are nearly impossible to filter if enough hit you.
    Cody McLain
    Founder of PacificHost / AptHost

  16. #16
    Join Date
    Mar 2009
    Location
    /home/khunj
    Posts
    432
    Quote Originally Posted by ZinkHosting View Post
    This means that unlike TCP packets and such, theres no .. return required, so they can just send a lot more packets without caring about a response. There "forced" packets. These are the ones that hurt the most and are nearly impossible to filter if enough hit you.
    SYN floods work like this too

Similar Threads

  1. Banks Website Attacked at Sites Hosting Company.
    By hosting guru in forum Web Hosting Lounge
    Replies: 7
    Last Post: 04-16-2009, 02:05 PM
  2. being attacked
    By alex905 in forum Hosting Security and Technology
    Replies: 10
    Last Post: 09-20-2006, 09:47 AM
  3. get ATTACKED!!
    By charts in forum Hosting Security and Technology
    Replies: 6
    Last Post: 07-08-2005, 03:43 AM
  4. Attacked From ...
    By NetGeek in forum Web Hosting
    Replies: 18
    Last Post: 06-23-2002, 03:45 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •