Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : DDOS attacks for 24 hours. Nothing can do but wait?!

[wula]

My server has been under DDOS attacks for 24 hours.

I reported to the hosting company's technical support.

They blocked a few IP addresses, but the situation was also not improved at all.

Latter they told me that all I can do is to wait till the DDOS attacks come to an end on their own.

Is there anything I can do besides wait? My server has been unable to access for 24 hours, and I simply have to blow a gasket.

[Srv24x7]

The Type of DDOS attack should be recoginzed. I am sure the server needs some fine tuning to reduce the amount of attack.

[wula]

Quote:

Originally Posted by Srv24x7

The Type of DDOS attack should be recoginzed. I am sure the server needs some fine tuning to reduce the amount of attack.

How? which aspects shall I focus on?

[Srv24x7]

Is the attack on port 80 ? Have you installed a firewall ? Your kernel should handle syncookies packet if they are flooding on port 80.

[Steven]

We really need to know the type of attack before members can offer solutions or suggestions.

[wula]

Quote:

We really need to know the type of attack before members can offer solutions or suggestions.

It's kind of sync flooding...

[madaboutlinux]

Quote:

Originally Posted by wula

It's kind of sync flooding...

Right, but what is the density of the attack is. If it's a light weight SYN attack, you can configure CSF firewall and use the SYN FLOOD option to mitigate it.

You can enable syncookies and increase backlog queue using /etc/sysctl.conf. Backlog queue is used to support more connections in the half-open state but it reserves additional memory resources so you have to make sure your server have enough memory else it will impact on system performance.

If the attack is too heavy, CSF OR APF won't help and you will have to look for a Hardware firewall.

[wula]

Quote:

If the attack is too heavy, CSF OR APF won't help and you will have to look for a Hardware firewall.

According to tech support, the attack is VERY heavy. So shall I buy a hardware firewall or the hosting company will do some settings?

[madaboutlinux]

Quote:

Originally Posted by wula

According to tech support, the attack is VERY heavy. So shall I buy a hardware firewall or the hosting company will do some settings?

If the attack is too heavy CSF or APF can't do anything. "Proxy Sheild" firewall offered by Gigenet is very effective in such situations but it's too costly. Check what your hosting company has to say as they are the one who are investigating and knows better.

[inspiron]

The doss attack normally targets HTTP. Its always good to have filtering system for apache. So get installed mod_security it work. Update Apache to the latest version.

[madaboutlinux]

mod_security? Are you sure? Mod Security only comes in to play once the 3 way handshake is completed...

[BTCentral - Ben]

Christmas is obviously a prime time for DoS/DDoS attacks - maybe because people assume there will not be anyone about to do something about it?

We've just had a DoS attack too - luckily just a small scale one from one IP and CSF took care of it temporarily, then I just permanently banned the IP.
CSF is great for fending off small attacks, though as others have said unfortunately it can not do much for large scale ones.

Hope yours ends soon!

[wula]

Quote:

Christmas is obviously a prime time for DoS/DDoS attacks - maybe because people assume there will not be anyone about to do something about it?

We've just had a DoS attack too - luckily just a small scale one from one IP and CSF took care of temporarily, then I just permanently banned the IP.
CSF is great for fending off small attacks, though as others have said unfortunately it can not do much for large scale ones.

Hope yours ends soon!

You're lucky. The attack flood here suspends for a few hours. But not sure whether it comes back again.