I know there is no device can protect you from ddos attacks, but I wonder which one is the best to help you reduce the attacks? It might be intelligent to "feel" the attacks? Brand names from Cisco, Foundry, Nokia...?
View 2 RepliesI have a VPS that's on the awknet network and I'm receiving DNS DDoS and I don't think they have anything to stop these attacks, how can I prevent these?
View 4 Replies View Relatedone of my costumers server is getting ddos attacks. I solved syn and get attacks with litespeed web server but I have another problem. They started to do udp flood. I m losing connection to my server. I bought new server with 1 gbit port for solving it.
View 3 Replies View RelatedThis is a quote from an unrelated thread in the Dedicated Server Forum, I didnt want to hijack the thread so thought I would bring my question over here:
Quote:
Originally Posted by HRDev Hady
I believe they use BurstNet, which isn't really a good choice for DDoS-prone sites as their Top Layer devices don't seem to handle attacks very well in my opinion. If you're running a DDoS prone site, you'd likely be better off with a DDoS-specialized provider such as Awknet, Staminus, or Black Lotus. But as mentioned, a lot of attacks can be stopped simply by proper tuning of your IP stack and some simple firewall rules.
My question is as a new Dedicated Server Owner what tuning and rules do I need to implement in order to protect me from these "small scale DDoS Attacks"?
I do not run a DDoS prone site(i hope not lol) but I want to secure myself as much as possible and have a headache free run other than the headaches I cause myself of course.
I want to understand the mechanics of a DDOS attack. I have been doing a lot of reading about them this weekend.
The way I am understanding it, a DDOS attack is done at the network level. It may be requesting that pages from a given website, or websites, are served up, but it basically will effect the entire network. So if 'page display' requests are made to a website(s) that is hosted at ABC Hosting (example only), to the tune of 15GBs then I have to assume that the network will be terribly degraded. If that is so, wouldn't other servers also get taken out?
I believe the architecture of the internet is something like this (example only):
Gnax --> Planet, SoftLayer, RackSpace, etc.. --> Reseller --> Smaller Reseller --> Me
If that is true, is each level along that route using their own networking system or are they all dependent on ones that major Data Center uses?
My current site has been taken offline since it was being ddos attacked, been with my current hosters for 3years at least, but with recent events they gave me the option to shift my site to a dedicated server or me to move of bascially. (impression I get now, since they seem to be taking longer to reply to my messages) I was being ddos attacked since I refused to give a copy of me software to the visitor at my forums/site.
ive been looking round site after site and I cant make up my mind who to shift too, also if that same idiot who ddos attacked me does it again before I can take any action, I would be in the same situation again.
I have multiple domains and all my sites in total are about 5gig in size, cpu usage is avergae and queries roughly about 15/17 the most, I currently pay £130.00 a yr
I have had few bad experiences with hosting companies but learnt along the way, and assumed my current hosters would be a reliable place to stay at. My sites been offline since friday and I would like to get it back up again asap. Last thing I want to do is rush into a hosting package and be stuck in a dud situation.
I would also like to take action upon the person who has been ddos attacking me, I managed to get hold of his details and I also have confirmation that they are correct, what can be done legally?
My sites are getting heavy DDoS attacks.
What's the best firewall? I'm currently using ACH software firewall but the attacks are getting so bad my site's are going down (apache is shutting down/locking) and sometimes my server even crashes.
Anyone recommend a better software firewall or a really cheap but good hardware firewall?
Could my host just use a router or something as the firewall or would that not do? I'm looking for something really affordable as a solution.
Some of my websites have been under a DDOS attack for about a month now. Is there any way I can find who is behind this attack and what their motive is?
How much does it cost to launch a DDOS attack and how long do they usually last?
i have a shared host
my site under ddos attacks!
i want to upgrade to Dedicated Server
i needed to Dedicated Server contains DDOS protection!
btw: Site visitors 2500 in day!
how to prevent my web servers from DoS attacks?
View 12 Replies View RelatedAs many of you already know, not everyone has the money to spend on physical firewalls, for example a cisco firewall. I would like if everyone could share little tips and tricks towards securing a server they learned over time. Nothing in big detail. I thought if we all share our ideas, it would help quite alot of other people. For example, here is a good layout I believe. Please note this is towards a game server setup.
Shorewall Firewall - Block Unneeded Ports + Block Ping
Apache Web server - Installed with "mod_security"
SSH-Faker - Stop thoes bots from trying to gain access to SSH (Guessing Passwords)
DDoS Deflate - For me, does not really work. (I know, mainly for port 80 so webhosting) But still have it installed.
Bash Scripts Monitoring # of connections per ip with Netstat.
PSad - Monitoring and Reporting Port Scans (Optional automatic timed block)
VNStat - Monitor Current/Monthly/Yearly Bandwidth (Does not hog resources)
I'm guarenteed to of left alot out than just the above. If some of you could also share some simple things you do for securing a server, would be great.
Hosting providers and DDoS attacks!
Hello guys! I am looking for a reliable hosting provider! I mean the most important thing for me know is to be sure that my future hosting company will manage to protect my websites against DDoS attacks fully! What hosting company according to your opinion can be considered as the most stable hosting solution against DDoS attacs?
How does Hivelocity deal with DDos Attacks?
Do they have any similar protection to ThePlanet or Softlayer?
I believe that my site is being DDoSed against, and I'm wondering how I can prevent this from happening.
I'm running CentOS 5.3.
Are there any server side scripts of PHP scripts that could be used to dynamically block out IP's that are consuming too many resources on the VPS?
Let's say my site was getting DDOS'd. Let's say I suspected I knew the attacker's home IP address. Would there be anything I could do with this information to either end the attacks or penalize the attacker?
View 4 Replies View RelatedCan you restart the httpd to get the server online again while you are under an DDoS attack?
The reason for asking is that I was told that when restarting the httpd it should start to work again instantly, and so it seems.
But why? doesnt the attack "continue" after the restart?
My host tells me that they have security to stop DDoS attacks and stuff, however today my server load jumped to 17.12 and my site went down giving me a "Network Timeout" error.
My host tells me it's my fault that I am using too many resources. The MOST my site has been on load is 3.06 and that was around lunch time a few weeks back. It's 11:43 and the server load is 17.12? I think my host is pulling my leg. I have not added ANYTHING new to my site and have not changed anything in 3 days. The load has been fine till today.
I use In Motion Hosting.
I am about to get dedicated server with Gigenet.com.
Is this company good as they say they are?
How stable is it?
Can they really handle multi gig DDOS attacks?
One of the sites I run is a forum with a political component, and 4-5 times over the last week we've been seeing DoS attacks. They're not terribly sophisticated -- generally 1-3 compromised servers throwing packets my way -- but they're enough to clog my pipes and take my sites down.
What I'd like to do is put a new server up at a data center that's D(D)oS aware that can hopefully respond to these attacks automatically. My current provider has been giving solid support, but the best they can do is null route the affected IP, rather than filtering the incoming attack.
Can y'all name a few providers I should look into? Right now I'm just looking to move 1 box (or maybe a box and a firewall depending on the setup).
Can someone please recommend a hosting company that offers 24 hours toll free phone support with very good DDOS protection services?
Our server has been attacked for the past couple weeks and current host can just null route the IP being attacked but cannot offer anything beyond that...which does not help us. We are talking about large 3 GBPS attacks.
Last year my web host stated that my site was over utilizing allowed resources for my plan. Specifically, they state that I was overusing the CPU. At the time, I had to upgrade my plan in order to stay online. I would like to move to a new host, but the prospective hosts are all suggesting a dedicated server because of my CPU usage. I don't want to pay that kind of money, so I would really like to curb the CPU problem. Does anyone know how to reduce the CPU of a Wordpress blog? I tried posting this question over at Wordpress.org, but I haven't received a single reply.
View 11 Replies View RelatedMy server details
Intel 2.4 Ghz P4 Celeron
os-redhat
RAM-2GB DDR
harddisk-160+50Gb
bandwith-3000Gb
now iam haveing more that 0.50-1.20 cpu useage,also cpu useage is also increased i hosted only 6 site out what only one site use MSQL all other site are plain download site,how to reduce the cpu load can u figure me out this issue also give me some tips to reduce the cpu usage
13438 nobody 15 0 42276 22m 13m R 22 2.2 1:51.94 httpd
10620 nobody 16 0 41928 16m 8468 S 19 1.7 0:28.54 httpd
11397 nobody 15 0 41524 12m 4784 S 18 1.3 0:06.04 httpd
10745 nobody 15 0 42376 14m 5316 S 17 1.4 0:06.62 httpd
The values in bold are the CPU percentage taken up by each apache process.
So i had to need to each apache process,who can i reduce it?what config i have to change to reduce it?
we have a dual xeon 2.8G +2G ram CPANEL server normally load is well under2 and stable
we also use Incremental Backup and choose Per Account Only for MySQL backup
This server mainly hosts a big site, whose SQL is 1.2G big
Everytime server is running backup, load burst to 7 and accessing to website hanged. We are thinking to change SQL backup method to Entire MySQL Directory , but was told while it is processing SQL server will be stopped ?? wil Entire MySQL Directory reduce server load while processing SQL backup?
apparently the sysctl commands / config does not work for VPS's. any way to reduce the time_wait period? got nearly 900 connections in that state!
View 0 Replies View RelatedI have smokeping monitoring my game servers and so far in the little time that it has been running all my game servers have been encountering an average of 4 to 10% packet loss. Are there are tweaks i can run on the server computer to reduce packet loss? (registry modifications, etc.)
I downloaded a TCP tweak program called "TCP Optimizer" is it safe to run on a Windows 2003 Server OS?
The colo connection is an OC 192 and i have a 100Mbit ethernet card.
Here are my current TCP settings:
Quote:
[SYSTEMCurrentControlSetServicesTcpipParameters]
TcpWindowSize=-1
GlobalMaxTcpWindowSize=-1
EnablePMTUDiscovery=-1
EnablePMTUBHDetect=-1
SackOpts=-1
DefaultTTL=-1
TcpMaxDupAcks=-1
Tcp1323Opts=-1
DisableUserTOSSetting=-1
DefaultTOSValue=-1
[SYSTEMCurrentControlSetServicesAfdParameters]
DefaultReceiveWindow=-1
[SoftwareMicrosoftWindowsCurrentVersionInternet Settings]
MaxConnectionsPerServer=-1
MaxConnectionsPer1_0Server=-1
[SYSTEMCurrentControlSetServicesICSharingSettingsGeneral]
InternetMTU=-1
[SOFTWAREMicrosoftWindowsCurrentVersionExplorerRemoteComputerNameSpace{D6277990-4C6A-11CF-8D87-00AA0060F5BF}]
{D6277990-4C6A-11CF-8D87-00AA0060F5BF}=-1
[SYSTEMCurrentControlSetServicesDnscacheParameters]
MaxNegativeCacheTtl=-1
NegativeCacheTime=-1
NetFailureCacheTime=-1
NegativeSOACacheTime=-1
[SOFTWAREPoliciesMicrosoftWindowsPsched]
NonBestEffortLimit=-5
[SYSTEMCurrentControlSetServicesTcpipServiceProvider]
LocalPriority=499
HostsPriority=500
DnsPriority=2000
NetbtPriority=2001
[SystemCurrentControlSetServicesLanmanServerParameters]
SizReqBuf=-1
[SYSTEMCurrentControlSetServicesNdisWanParametersProtocols]
ProtocolMTU=-2
[SYSTEMCurrentControlSetServicesTcpipParametersInterfaces{D63AC0FA-D2C9-4D83-B057-31A353516AB3}]
MTU=-1
TcpWindowSize=-1
[SYSTEMCurrentControlSetServicesPschedParametersAdapters{D63AC0FA-D2C9-4D83-B057-31A353516AB3}]
NonBestEffortLimit=-2
[SYSTEMCurrentControlSetServicesTcpipParametersInterfaces{8190D94A-3B2D-45C4-998D-312E99D6061D}]
MTU=-1
TcpWindowSize=-1
[SYSTEMCurrentControlSetServicesPschedParametersAdapters{8190D94A-3B2D-45C4-998D-312E99D6061D}]
NonBestEffortLimit=-2
How to reduce downtime - multiple name servers ?
Say I have two different hosting accounts at two different web hosts. One at host1.com and another at host2.com. In both the hosts I keep the same files. I use an external registrar and use the name servers for one of my domains as follows:
ns1.host1.com
ns1.host2.com
ns2.host1.com
ns2.host2.com
What would happen in that case, if say host1 is down sometime? Will the name servers point to host2.com?
If this could work, then the probability of downtime of a site would become almost 0 .
Google will like this ?
Another question is how to easily sincronize both cpanel accounts?
Few months ago I bought new small VPS box (OpenVZ, 128 MB RAM) in order to place there a new monitoring node of my site monitoring system. Such small amount of RAM is a challenge for operating system optimisation techniques (OpenVZ doesn’t have “swap” as Xen does).
First of all I discovered that apache2-mpm-worker (Apache implementation that uses threads) consumes more memory (100MB) than the classic version that use separate processes (20MB). I had to switch to apache2-mpm-prefork version then.
Next unpleasant suprise: small Python app eats 100MB of virtual memory! I checked that virtual (not resident) memory is taken into account by VPS. I applied some tools to locate memory bottleneck, but without success. Next I added logs with current memory usage to track call that causes big memory consumption. I tracked the following line:
server = WSGIServer(app)
is guilty for high memory increase. After few minutes of googling I located problem: default stack size for a thread. Details:This line creates few threads to handle concurrent calls
Stack size is counted towards virtual memory
Default stack size is very high on Linux (8MB)
Every thread uses separate stack
=> multi threaded application will use at least number_of_threads * 8MB virtual memory!
First solution: use limits.conf file. I altered /etc/security/limits.conf file and changed default stack size. But I couldn’t make this change to alter Python scripts called from Apache (any suggestions why?).
Second (working) solution: lower default stack size using ulimit. For processes launched from Apache I altered /etc/init.d/apache2 script and added:
ulimit -s 256
Now every thread (in apache / Python application) will use only 128 kB of virtual memory (I lowered VSZ from 70 MB to 17 MB this way). Now I have additional space to enlarge MySQL buffers to make DB operations faster.
There’s even better place to inject ulimit system-wide: you can insert this call in:
/etc/init.d/rc
script. Then ulimit will be applied to all daemons (as Apache) and all login sessions. I reduced virtual memory usage by 50% this way.
Note: you may increase stack size on stack overflow errors. In my opinion 256 kb is safe option for most systems, you may increase if in doubt. Still memory savings are big.
its 2am night here, and my sites are down....now there is no way i have too much traffic at midnight, also all my websites are new !
this is happening consistently since today morning and im getting no support apart from jargon filled replies from customer care
how do i tweak apache settings and what settings do i make to avoid this ?
im wondering what will happen after few months when my websites actually have good traffic coming in ?
We have checked your server. Please see the load average and process list given below:
The value 4.42 was the CPU load average at the time. A normal load should be below 1.00. I could see that Apache service is causing high load in your server.
So you can tweak Apache in order to reduce the CPU load. Please check and let us know if you need any further assistance.
++++++++++++++++++
[root@chi07 ~]# vzctl exec 18403 w
03:16:20 up 2 min, 0 users, load average: 4.42, 1.42, 0.50
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
1) Use PHP as isapi module
2) Open Internet Information Services (IIS) Manager > Right Click On "Web Sites" select properties > Click Service Tab > Open HTTP Compression > Select Compress Application Files and Compress Static Files
3) Use eAccelerator (PHP accelerator, optimizer, and dynamic content cache) with This options;
eaccelerator.shm_size="64"
eaccelerator.cache_dir="c: mpmmcache"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"
eaccelerator.keys = "shm"
eaccelerator.sessions = "shm"
eaccelerator.content = "shm"
4) Don't load this extensions,
extension=php_mbstring.dll
extension=php_domxml.dll
extension=php_xslt.dll
Only use this Extensions in php.ini
extension=php_sqlite.dll
extension=php_curl.dll
extension=php_gd2.dll
extension=php_gettext.dll
extension=php_iconv.dll
extension=php_imap.dll
extension=php_mssql.dll
extension=php_sockets.dll
extension="eaccelerator.dll"
upload_tmp_dir= "C:WINDOWSTemp"
This Settings tested on Windows Server 2003 SP2 IIS6 with PHP v4.4.7