DDoS Prevention .....
May 13, 2009
I have searched for prevention methods and explanations on what DoS's and DDoS's are capable of. I was hoping someone could shed some light on free alternatives that would help reduce these attacks or help to make me aware if one were to occur.
Linux Distro: CentOS 5.3
I am not running apache or any web related services on my machine.
I run a dedicated server for the sole purpose of hosting a few game servers. I have already contacted my provider and they offered a $599 /mo plan for prevention. This is unreasonable and I simply cannot afford it. I have been threatened with a DDoS because one of my administrators banned a player constantly creating drama, stress, and breaking rules.
I simply cannot afford a gigantic bandwidth bill and this scare tactic has made me a little weary. Is there anything I can do to reduce the damage?
View 8 Replies
ADVERTISEMENT
Mar 23, 2009
My host has told me that my forum is coming under a DDOS attack. Once was on Friday March 20th and again today (monday march 23). Before those two, there are attacks almost every week, sometimes twice a week.
The host installed DoS-Deflate. It started blocking legitimate traffic and had to be removed.
The operating system is Linux CentOS, the forum software is VBulletin. The server is a VPS with 1 gig of memory.
Besides DoS-Deflate, what other options are out there?
View 7 Replies
View Related
May 20, 2009
any experience with the DDoS prevention feature provided by SoftLayer?
View 6 Replies
View Related
May 21, 2007
I have a VPS from hostforweb.com , and my vps every week under ddos attack and 80-150 connection login to apache...
how can i prevention from ddos attack?
View 3 Replies
View Related
Apr 27, 2008
I would like to know what are the best ways in preventing a UDP D/DoS Attack. DDoS-Deflate and most programs like that are just for TCP connections, and most of the time only for port 80. What is the best option out there for protection (linux wise) for UDP attacks. I was using shorewall before but it did not do so well so I just switched now to CSF [url] with WebMin and seems to be working ok. Even though thoes are both firewalls, they seem to have some protection against UDP Attacks. Please note this is a server that just hosts some game servers, no webhosting. What would be my best option here?
View 3 Replies
View Related
Jan 10, 2007
I have linux server and like to put somekind of DDOS prevention/protection... what kind of device do I need to purcahse to do this?
can anyone advise on this?
View 3 Replies
View Related
Oct 27, 2008
Today my server was down cause it was overloaded and when i restart my server its running how to stop such problem in the future
View 10 Replies
View Related
May 12, 2008
i am seeing a lot of Local file inclusion (LFI) and mysql injection attacks quite often directed to php scripts.
what is the way to prevent them? would installing mod_security to apache work?
View 6 Replies
View Related
May 21, 2008
if anyone knows a script that is url rewrite mods that can fix this hotlink issue by having the link url change every 20 minute.
View 2 Replies
View Related
Jun 4, 2008
one of my clients seems to be attracting unwanted attention, it seems as if bots or something along those lines are attempting to exploit my box, while they are unsuccessful it would seem. I was wdonering if there was a rule I could put in Mod_Security that would ban them for attempting to
GET "/awstatsf/logger.php?action=log&type=Hybrid&host=hacked101&"
View 0 Replies
View Related
Dec 23, 2007
I recently initiated "Hot Link Prevention" on one of my web sites on my Dedicated server (via CPanel). It woks well in re-directing hotlinked images to a small image that says "Unauthorized Hotlink Image." This of course prevents other web sites from leaching my bandwidth. However, I have had a number of people complain that when they visit my forum, they don't get my site's images, but instead see the Unauthorized Hotlink Image. The common thread seems to be the people with the problem are using Security Software. In one case, a guy is using Norton Confidential. Another guy is using some Security software provided by his ISP. I'm guessing that this security software is somehow messing with the Referer in tehir browser and confusing my server into thinking the images are being hotlinked from some other site. Short of turning off Hot Link Prevention, does anyone have any suggestions to tell the folks...are there settings in their Security Software for example that will prevent the problem when they visit my site?
View 4 Replies
View Related
Nov 7, 2008
it's come under my attention that dragonara.net has been ddosing me today since morning from the ip:
194.8.75.229
What's so ironic about it is that the ip is from a UK DDOS protection site so i'm expecting some email with their services in the next hour or so. Stay clear of them they are fakes and e-terrorists.
View 14 Replies
View Related
Oct 8, 2009
I am looking for some good ddos protection providers, via protected dns. I've searched on internet, but most of them are really expensive.
Please tell me some ddos protection providers what could help me.(gige is too expensive btw).
And I found some ddos protection scripts. How can a script protected a server from ddos? A sript like CSF or DDoS deflate?
View 12 Replies
View Related
Apr 9, 2009
I've been getting VERY high packet loss to my VPS for around 10-15 minute periods over the past month or so (No patterns or specific times, totally random when it occurs) with my provider's Parallels Business Automation control panel reporting "Server is down" along with the VZCP on the node being inaccessible. I opened a ticket with my provider and they told me that they experienced a DDoS attack on the node my VPS was hosted on.
However, I get the feeling that they are giving me some crap to stop my pestering them about the packet loss all the time (I mainly use my VPS for providing VoIP services which use UDP so the packet loss is devastating).
Anyone got any views on this?
Also they keep offering to move me to a diffrent node but they say they can only do that by giving me a new IP address and I would have to backup all the data and restore it manually, myself. Any views on this as well?
View 5 Replies
View Related
Jun 6, 2009
I'm experiencing a significant UDP DDoS at the moment which is aimed at port 80 on my server, it's currently crippling Apache, but only on port 80, https (443) is fine. I've told iptables it drop UDP packets sent to port 80 and have also completely blocked most of the attacking IPs, this has helped, but the webserver is still periodically unresponsive.
View 11 Replies
View Related
Jun 9, 2008
We are getting ddosed badly.. Last night httpd reached max clients and httpd wasnt able to start up.
View 3 Replies
View Related
Feb 4, 2008
we had a bad ddos to on of the sites we were hosting, the ip of the ddos was blocked in apf and iptables, but for some reason it still got through we had to have it blocked in the router, we installed CSF into our server hoping for a better firewall does anybody know why apf could not hold back the ip im open to suggestions,
View 2 Replies
View Related
Dec 9, 2008
I have got pretty big problems with my VPS, some of my sites getting DDoS'd a log. I have no idea why and who DDoSing them
I have csf, apf and DDoS Delfate installed but it seems they can't take those attacks down. I know for mod_evasive but it works only on small attacks, I getting pretty strong attacks
I need some way to configure csf better, what I need to edit in /etc/csf.conf to block IPs if the same IP trying to connect to server more that 10 times. I need everything what I could edit for csf to block IPs faster
About DDoS Deflate, he is configured to works with apf, can I configure it to works with csf and how? How to configure DDoS Deflate better, to block IPs faster
Also, another problem with csf is that when I restart csf(service csf restart) he unblock all blocked IPs and I have to block them again
How to see blocked IPs by iptables?
I running lighttpd at the moment but I thinking to change it with Litespeed(free edition), what do you think about it?
I hope I will get some help here. Aslo,would be interesting to hear how do you guys protecting your servers from DDoS(if you getting DDoSed
View 10 Replies
View Related
May 27, 2007
we have a 100mbut connection and with a normal traffic we use about 40-50mbit but from friday seem that we are under attack this is the stats from the fastethernet
inbound 20427 ucast pkts/s
outbound 5547.5 ucast pkts/s
inbound 85793.9 Kbit/s
outbound 8211.98 Kbit/s
we have reach also for 4 hours 100mbit and all the server was offline, we have contact the datacenter and they say that not is a ddos attack because the traffic come fom our server and not from outside the net, so look as we have a hacked server that is making all this traffic, how can w found the problem? we have about 130 server on this connection
View 2 Replies
View Related
Aug 18, 2007
If you were under a DDos attack, what commands would you execute to confirm this?
Is it normal for high traffic sites with 3,000 concurrent apache connections from running this command?
netstat -n | grep :80 |wc -l
View 13 Replies
View Related
Dec 28, 2007
what would happen if you changed the server IP to 127.0.0.1?
View 4 Replies
View Related
May 29, 2009
My server is using too many httpd process..I think iam under DDOs attack..I executed the following command..
netstat -an | grep :80 | sort
and the result is this
tcp 0 1491 ::ffff:95.211.10.169:80 ::ffff:213.215.100.110:2263 LAST_ACK
tcp 0 1493 ::ffff:95.211.10.169:80 ::ffff:85.207.126.231:52694 LAST_ACK
tcp ....
View 14 Replies
View Related
May 29, 2008
The DC installed Squid. It manages the load fine but the php code on my page is cached and doesn't work.
Is there a way to get squid to not cache php? in that httpd can directly call php while squid does everything else?
View 1 Replies
View Related
Apr 16, 2009
Hey guys If there was a way to have the ips of the dedi change constantly would this help prevent ddos attacks or would there be no difference if the domain was being attacked.
View 2 Replies
View Related
Nov 6, 2007
OK well today I found out my server was being DDOS'ed
And I know which domain is being attacked with hundreds of IP's. I am running Cpanel / WHM but I have no idea how I can stop this?
Any ideas or suggestions? Maybe redirect the DNS? to a invalid ip? But I'm not sure how i can go about doing that?
View 9 Replies
View Related
Sep 16, 2007
I have a problem with a customer. For the last 48 hours he has been receiving a massive DDoS at his server. I tried blocking the darn IPs but they keep coming and with several hundreds of connections each:
104 78.157.168.98
125 83.226.157.91
126 89.103.109.65
131 89.12.150.23
135 84.251.196.78
135 86.122.0.135
135 91.127.235.86
154 84.24.14.41
160 193.216.140.101
331 89.151.8.78
419 78.0.103.64
Apache has over 14000 connections. I tried using mod_evasive but didn't do anything and the server has been out without httpd for hours now. Any advices? This is a Hsphere server (I hate it personally) with 4GB RAM and a dual optero 246. I have the mexclients setting at 550.
View 14 Replies
View Related
Aug 4, 2009
I have a windows server, and today it has a large inbound traffic, so I tried to disable all web service, and after that, the result of netstat -an shows no connection at all, but the server still has large inbound traffic,
Do you have any idea about this?
What should I do now?
View 8 Replies
View Related
Mar 19, 2008
Our server is in attack since 4 days. Http port busy all the time.
When I type :
netstat -na | grep ":80" | awk '{print $5}' | cut -d. -f1-4 | cut -d: -f1 | sort -n| uniq -c | sort -n | tail -5
It shows :
[root@ ~]# netstat -na | grep ":80" | awk '{print $5}' | cut -d. -f1-4 | cut
-d: -f1 | sort -n| uniq -c | sort -n | tail -5
2 65.19.130.24
2 83.149.120.9
4 204.15.73.243
35 222.254.103.142
5128
[root@ ~]#
I wonder the hidden IP of 5128 ??? How to know it?
View 8 Replies
View Related
Jul 28, 2009
A user joined our live chat and said if we didn't cancel a domain on our server, he will send us a DDOS attack, and he did so and also did this morning.
Is there anything I can do to prevent this or possibly punish him?
View 12 Replies
View Related
Jun 21, 2007
The server getting slow with high I/O diskwait then normal, although load is not high.
here is the output of: netstat -anp |grep 'tcp|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n .................
View 6 Replies
View Related
