Results 1 to 5 of 5
  1. #1
    Join Date
    Oct 2004
    Posts
    76

    My DDos-Deflate is going crazy

    So, i opened up my email only to get spamming with over 600 email's from my server. I dont think my server is being DDOS'd but this is strange. And there seems to be a bug.. its saying BANNED NUMBER of Number and not, "ip here with X numbers f connections: The emails consist of:


    Banned the following ip addresses on Fri Oct 23 14:35:01 CDT 2009

    250 with 250 connections
    Banned the following ip addresses on Fri Oct 23 12:58:01 CDT 2009

    363 with 363 connections
    Banned the following ip addresses on Fri Oct 23 12:38:01 CDT 2009

    253 with 253 connections
    Banned the following ip addresses on Fri Oct 23 09:12:01 CDT 2009

    162 with 162 connections
    Anyone else had this problem before? It seems my server is trying to ban itself since 162 is what i believe to be my server ip with that amount of connections. It started @ 9am and still going on now. I checked my CSF log and its showing my server is trying to PING some outside ip address @ 224.0.0.251
    Last edited by Twista; 10-23-2009 at 11:46 PM.
    GottaDeal.com - Hot Deals & Coupon Codes. Why Pay Retail?http://www.gottadeal.com/images/bann...eal-234x60.gif

  2. #2
    Join Date
    Aug 2002
    Location
    Seattle
    Posts
    5,512
    You're running ddos deflate *and* csf?

  3. #3
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,750
    You can set the LF_NETBLOCK in csf.conf as a measure against DDOS.

    Have a check of the server for IP connections and see if the reporting by dos_deflate is legitimate.

    Code:
    netstat -plan |awk {'print $5'} |cut -d: -f 1|sort|uniq -c|sort -nk 1
    David | www.cliffsupport.com
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

  4. #4
    Twista, did you ever figure out this problem because I'm getting it, too.

    Banned the following ip addresses on Mon Jan 4 15:30:01 CST 2010

    107 with 107 connections

    I'm using it with APF. Any ideas?

  5. #5
    Join Date
    May 2009
    Posts
    12
    Quote Originally Posted by beggers View Post
    Twista, did you ever figure out this problem because I'm getting it, too.

    Banned the following ip addresses on Mon Jan 4 15:30:01 CST 2010

    107 with 107 connections

    I'm using it with APF. Any ideas?

    I think you are running IPV6 in your system, try to add "--inet" after "netstat -ntu" in the file of /usr/local/ddos/ddos.sh

    It should look like:
    netstat -ntu --inet | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr > $BAD_IP_LIST

    Good luck.

Similar Threads

  1. csf, ddos deflate... mails
    By Ticko0 in forum Hosting Security and Technology
    Replies: 1
    Last Post: 05-12-2009, 09:22 AM
  2. DDoS Deflate issue with ddos -c
    By iseree in forum Hosting Security and Technology
    Replies: 4
    Last Post: 10-11-2008, 09:01 AM
  3. apf and ddos deflate
    By asciid in forum Hosting Security and Technology
    Replies: 7
    Last Post: 09-13-2008, 02:24 AM
  4. CSF and DDOS Deflate
    By smrtalex in forum Hosting Security and Technology
    Replies: 11
    Last Post: 03-01-2008, 03:22 AM
  5. apf and DDoS Deflate
    By rezag in forum Hosting Security and Technology
    Replies: 2
    Last Post: 01-17-2008, 06:01 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •