I have a box on LeaseWeb and it now under heavyfire dDos.
It is getting 100Mbps of incoming traffic. It still responsive under ssl and nginx still response.
My server is CentOS 5.
What the steps i should do? Contact my hosting? Installing a firewall?
it's come under my attention that dragonara.net has been ddosing me today since morning from the ip:
194.8.75.229
What's so ironic about it is that the ip is from a UK DDOS protection site so i'm expecting some email with their services in the next hour or so. Stay clear of them they are fakes and e-terrorists.
My server is getting ddossed everyday, all are at the same time -> 4 am since tuesday.
Cacti is showing 60~70mbit on that time.
Server 'crashed' on thursday (nearly 70mbit), it got back up but the ips (4 out of 5) were not working. Couldnt ping it. So I gave it a reboot and it worked again.
I used to get alot of Brute Force attacks, after I changed port and not allow root login etc etc on Monday, I dont get any attacks anymore ...
yesterday untill now my vps is down many times. and i need restart it by hypervm to up it.
today i finde that my bw dicrease 100gb.
i don know whats problem going on.
i thibk that my server is under ddos, but csf.mode securety and apache status. they dont shoe me that i am under ddos
Someone is trying to attack our server (I think so). When running apache status there are a LOT of connections from one network, all requesting the same page. But running: netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n does show any of these IP's. So script blocking ddos attacks wont work. Anyone know what can I do about this?
View 14 Replies View RelatedHello, I want to buy a dedicate server which support DDOS,ACK,SYN .....
I can provide 500usd most
My friend introduce dragonara.net for me, but they don't support world of warcraft website.
Can you introduce one similar with dragonara ?
You can see details of dragonara provide
dragonara.net/ddos-protection.html
protect from all types of DDoS, which can be
TCP SYN Flood
Tribe Flood Network and Tribe Flood Network 2000
TCP SYN-ACK Reflection Flood (DRDoS)
HTTP Flood Attack
ICMP Echo Request Flood
TCP ACK Flood
UDP Flood Attack
UDP Flood Attack (Trinoo)
Features of Dragonara DDoS Mitigation service* Up to 14 Gbit/s or 10,000,000 PPS ddos attack mitigation* Automatic attacks detection* Full transparency, no <click here to continue> links* Multi-Gigabit protection* SEO friendly* ALL TCP BASED PROTOCOLS SUPPORTED (HTTP, SSL, DNS, UDP protocol support)* Load Balancing to the Customer's Server Farm* Advertise your network block /prefix using BGP
Individual 10gb+ DDoS Protection Suite.Full Managed DDoS Protection with 100% uptime guarantee for Corporate clients.We use 95% burstable billing scheme.SLA agreement;1000 mbit/s included (can be upgraded);Web Caching Service (optional);10+ Gig Protection Available;Money Back Guarantee.
Available for Customers - using Dragonara Colocation services- with own remote DC infrastructure. Clean traffic sent using GRE / OpenVPN / IPSec tunnels.We use 95% burstable billing scheme.SLA agreement; 10+ Gig Protection Available;Money Back Guarantee.ASK / 24 hours setup
My hosting provider will shut down my server because it was used by a hacker for DoS attacks.
((outging 2090kbits/sec, incoming 29kbits/sec )
Server got Freebsd 6.2 , apache 2.2, php4.4.7 ,ipfw installed
To be more specific, somehow the hacker can upload a script "udp.pl" into the /tmp directory and then execute it through "perl udp.pl".
The script "udp.pl" does mass flooding on the IP they specify.
The header of udp.pl code is attached at the bottom.
After I deleted "udp.pl"
secured /tmp (noexec,nosuid,rw)
chkrootkit/ rootkit hunter, Checked /etc/passwd for new users and users with UIDs of 0 other than root. Checked for the presence of SUID/SGID root files. nothing found.
installed mod_security2
installed Suhosin
Currently Still have lots of outgoing traffic via port 80 (outging 390kbits/sec, incoming 19kbits/sec )
find nothing suspicius process by using "lsof, top" .....
Budget: $120-175. Decent amount of IPs (32+ preferable)
Need it relatively soon.
GodsHost/Awknet is out of stock completely.
Staminus is out of stock except for $700 servers.
Gigeservers has a $150 setup fee that I don't really like, but if desperate, maybe.
Sharktech is **** and there is no way I will even consider them.
DDoS protected meaning nothing too large scale - I just need basic protection against 12 year olds that have pbots.
Any other ideas?
If my server is suffering an attack, how can i filter out and know which website exactly to isolate?
View 10 Replies View Relatedi have windows 03 server getting ddosed many times. attack was upto 2gbit so any way to stop it?
Would a higher connection speed/bandwidth limit help? And about load balancing, would more servers help prevent the DDoS?
is this DDOs attack : .....
View 5 Replies View RelatedI see what IPs are attacking them? OS: CentOS
View 9 Replies View Relatedmy server is being ddosed and the network utilisation is at 40% of 1gpbs
i asked to softlayer to check and they said my programs/services is taking that much bandwidth
any1 can help me?
if my server is under dos attack wat can i do?
because the bandwidth used is about 50gb/hr
i have problem when using ddos deflate for ddos protection in my server,
i get this message,
Quote:
Banned the following ip addresses on Tue Aug 4 13:12:37 WIT 2009
67.21.44.60 with 4011 connections
ddos deflate is blocking my server ip, what's wrong?
: 67.21.44.60 not real my server ip just for sample
My server was hit with flood recently, to the point where I was unable to log in via SSH. Running 'netstat' command showed I was getting flooded with thousands of http requests from China/Saudi Arabia/Korea. I installed APF firewall and added those countries to deny list.
Next day I was hit from Russia and Romania and some others. By reading some posts on this site, on top of APF, I have also installed Dos Deflate. It was working for couple of hours, but then it stopped working. I could not even log in via SSH. My provider told me that APF was using all of the "conntrack" connections. I have increased conntrack connections to 130,000 (I have 4 Gigs of RAM on my server). Is that possible? (I have about 300 IP ranges in my APF deny list).
Next day, I was got hit by different attack: there was 11 Mbps of malicious traffic on average sent to my server. My provider put me behind firewall to mitigate against that kind of attack.
Currently, I am both behind the hardware firewall and I have APF and Dos Deflate running. However my server is not accessible.
When I request, I can log in for couple of minutes, but then I get kicked out.
I have been getting ddossed for the last month, my host has tried many things on my server that are commonly suggested around here, however we have over 40 000 connections hitting the server from this attack and it keeps rising.
I am on LiteSpeed.
I also have NetScreen 50 firewall which helped for a little while, however the server still keeps going down.
I am spending $420 a month on my hosting for my dedicated server
Now it is costing me an extra $400 a month to have Netscreen firewall running which is a waste of money as it can not effectively keep the server running and i'm not sure if I can even effectively afford that much money a month, however I might need to spend a little more if need to just get the server running finally.
basically I need some options as to what I can do. I would like to stay with my host, they have been good to me, however if my options are better suited to changing then let me know. I just really need to get my server running great asap and to keep it running great when i'm away from the internet.
today i have DDos Attack in my server in port :80
what is the better way to secure my server from DDos Attack
i have two server one for running apache and second is sql server.Now come to problem.
I have a very strange type of ddos attacks on my httpd server and due to these attacks my apche server failed many times (10 to 15 times)in a day.
When i checked max http connection use by a single ip then i am surprised to see that my remote sql server ip is using maximum of http connections and behind this there is some other ips whose doing the same.
I installed media layer it seems to work fine for me but suddenly he blocked my remote sql server ip due to using maximum http connection lolz its very strange any body please help me out of this problem.
I`am creating a VPS company and im searching for a DEDICATED SERVER with good DDoS protection.
My Budget max is: $320,00
Is for IRC use,so my costumers need something strong,i also need others options than staminus-gige-awknet-sharktech.
Datacenter in California USA will be better,
View 8 Replies View RelatedI have a client who's server has got DDOS attack. It causes the network disruption and DC wants to turn off the server. My client feels it stupid to turn off the server just like that.
can large attacks prevented server side?
I`am starting a irc company and i need help on some things:
1 - How can i prevent my clients to send DDOS on my server?
2 - How can i increase security ?
3 - Some one have a good firewall or iptables rule for ddos protection (software)
4 - Some one have the scripts like `getegg` `getpsybnc` ?
After being hit by a DDoS (managed to evade it for a while, but it's still painful due to downtimes) I'm looking for a DDoS-protected server somewhere in Europe. I don't care about the exact location, it just has to be outside Canada and the USA. I do not require a lot of traffic - using just about 1.5GBs per day, diskspace also is not an issue, so the main things is the DDoS protection, connection availability and the general level of service.
Searching through this forum, I've found the only possible option for a DDoS-protected being DataPipe (contacted and awaiting for a quote already). Have I missed something else? Are there any alternative good hosters with reliable networks and protection in the EU?
i set a new server with some setting,
i want to test if it can handle how many connection or burst bandwidth,
i want to use other server(s) to test with it,
can i use any way to do this work?
Our customer wants some type of DDOS protection for their e-commerce website.
I'm trying to decide between 20mbps or 100mbps DDOS server protection (proxy shield) Do you think that 20mbs DDOS server protection is worthy? It costs >$1000 and it seems to handle only low attacks...?
They have a limited budget so... I will go for 100mbps (>$2000) protection only if I have to...
We want buy something around:
2 x Xeon 2.8Ghz // good Core 2 Duo/Quad
2GB RAM // 3-4
150 GB SATA
And connection... normally we use around 15 Mb at peaks/day but recently we got attacking by DDoS above 100 Mb.
We need some true protection or resisting on port 1 Gbps before attackers got bored.
No protection via null routing (like 'the planet' like to 'protect').
staminus.net want 800$ for this/month. We can afford around 500$/month.
I have a question related DDOS attack. My hosting provider told me that my Server was DDos attacked few days ago. But in those days my server worked fine only apache server was down. The strange fact is that in the same day with this "DDOS attack" one of theyr admins worked something on SSL section of my server and during this operation the SSL hosts were down and httpd worked slow.
Inthe passed 3 months httpd worked very slow and after 2-3 restarts of httpd service the load droped down below 3.00 . I believe theyr httpd service was already with problems and that SSL configuration cause that apache failure in that day with "ddos attack"
I repeat in that day ONLY ssl hosts worked fine and non SSL hosts were down.
It's possibile on DDOS attack that load to be unde 0.5 , SSL hosts to work fine, FTP, Mail and other stuf to work like there is nobody on server (VERY FAST)?
I need dedi server hosting with ddos protetion in Hong Kong datacenter that could also provide ddos protection/mitigation service. Preferably the network can provide good latency within my database server in my country-Singapore.
Does anyone have any suggestion for good company there?
I'm looking for a host that specializes in DDoS protection. The ideal server would have decent ram (2GB),high traffic speeds, not much disk space, only around 10 GB at tops and of course 24/7 uptime with live support.
Any hosts meet the required criteria?
I am looking for a DDOS protected server ( IRC ).
What are your recommendations?
I already contacted Gige, but they are not answering.
At this moment server is with Theplanet, but their Cisco guard is not doing good job at all.
Server also used to be @ Softlayer, but they nullroute IP as soon as that specific IP is attacked.
I also looked @ Staminus, see that they offer up to 500mbps protection for $200 a month, which is okay, but i would like to see other options as well.
I am using DDOS Deflate
[url]
I have a problem with NO_OF_CONNECTIONS.
The default is 150
For example, if a website has 200 thumbnails in one page, then the user will get banned.
But in my case, each time a user have only 1 connection(He only access 1 flv file each time).
So, is that safe for me to decrease the number to 20.
I can see a lot of IP having more than 80 connections, which I think they are ddos attack.
