Understanding DDOS Attacks
Aug 3, 2009
I want to understand the mechanics of a DDOS attack. I have been doing a lot of reading about them this weekend.
The way I am understanding it, a DDOS attack is done at the network level. It may be requesting that pages from a given website, or websites, are served up, but it basically will effect the entire network. So if 'page display' requests are made to a website(s) that is hosted at ABC Hosting (example only), to the tune of 15GBs then I have to assume that the network will be terribly degraded. If that is so, wouldn't other servers also get taken out?
I believe the architecture of the internet is something like this (example only):
Gnax --> Planet, SoftLayer, RackSpace, etc.. --> Reseller --> Smaller Reseller --> Me
If that is true, is each level along that route using their own networking system or are they all dependent on ones that major Data Center uses?
View 14 Replies
ADVERTISEMENT
Mar 9, 2008
I have a VPS that's on the awknet network and I'm receiving DNS DDoS and I don't think they have anything to stop these attacks, how can I prevent these?
View 4 Replies
View Related
Jun 25, 2008
one of my costumers server is getting ddos attacks. I solved syn and get attacks with litespeed web server but I have another problem. They started to do udp flood. I m losing connection to my server. I bought new server with 1 gbit port for solving it.
View 3 Replies
View Related
Mar 31, 2009
This is a quote from an unrelated thread in the Dedicated Server Forum, I didnt want to hijack the thread so thought I would bring my question over here:
Quote:
Originally Posted by HRDev Hady
I believe they use BurstNet, which isn't really a good choice for DDoS-prone sites as their Top Layer devices don't seem to handle attacks very well in my opinion. If you're running a DDoS prone site, you'd likely be better off with a DDoS-specialized provider such as Awknet, Staminus, or Black Lotus. But as mentioned, a lot of attacks can be stopped simply by proper tuning of your IP stack and some simple firewall rules.
My question is as a new Dedicated Server Owner what tuning and rules do I need to implement in order to protect me from these "small scale DDoS Attacks"?
I do not run a DDoS prone site(i hope not lol) but I want to secure myself as much as possible and have a headache free run other than the headaches I cause myself of course.
View 5 Replies
View Related
Jan 12, 2009
My current site has been taken offline since it was being ddos attacked, been with my current hosters for 3years at least, but with recent events they gave me the option to shift my site to a dedicated server or me to move of bascially. (impression I get now, since they seem to be taking longer to reply to my messages) I was being ddos attacked since I refused to give a copy of me software to the visitor at my forums/site.
ive been looking round site after site and I cant make up my mind who to shift too, also if that same idiot who ddos attacked me does it again before I can take any action, I would be in the same situation again.
I have multiple domains and all my sites in total are about 5gig in size, cpu usage is avergae and queries roughly about 15/17 the most, I currently pay £130.00 a yr
I have had few bad experiences with hosting companies but learnt along the way, and assumed my current hosters would be a reliable place to stay at. My sites been offline since friday and I would like to get it back up again asap. Last thing I want to do is rush into a hosting package and be stuck in a dud situation.
I would also like to take action upon the person who has been ddos attacking me, I managed to get hold of his details and I also have confirmation that they are correct, what can be done legally?
View 14 Replies
View Related
Mar 23, 2009
My sites are getting heavy DDoS attacks.
What's the best firewall? I'm currently using ACH software firewall but the attacks are getting so bad my site's are going down (apache is shutting down/locking) and sometimes my server even crashes.
Anyone recommend a better software firewall or a really cheap but good hardware firewall?
Could my host just use a router or something as the firewall or would that not do? I'm looking for something really affordable as a solution.
View 14 Replies
View Related
Mar 14, 2008
Some of my websites have been under a DDOS attack for about a month now. Is there any way I can find who is behind this attack and what their motive is?
How much does it cost to launch a DDOS attack and how long do they usually last?
View 14 Replies
View Related
Aug 22, 2008
i have a shared host
my site under ddos attacks!
i want to upgrade to Dedicated Server
i needed to Dedicated Server contains DDOS protection!
btw: Site visitors 2500 in day!
View 2 Replies
View Related
Nov 24, 2008
how to prevent my web servers from DoS attacks?
View 12 Replies
View Related
Jan 24, 2007
I know there is no device can protect you from ddos attacks, but I wonder which one is the best to help you reduce the attacks? It might be intelligent to "feel" the attacks? Brand names from Cisco, Foundry, Nokia...?
View 2 Replies
View Related
Mar 18, 2008
As many of you already know, not everyone has the money to spend on physical firewalls, for example a cisco firewall. I would like if everyone could share little tips and tricks towards securing a server they learned over time. Nothing in big detail. I thought if we all share our ideas, it would help quite alot of other people. For example, here is a good layout I believe. Please note this is towards a game server setup.
Shorewall Firewall - Block Unneeded Ports + Block Ping
Apache Web server - Installed with "mod_security"
SSH-Faker - Stop thoes bots from trying to gain access to SSH (Guessing Passwords)
DDoS Deflate - For me, does not really work. (I know, mainly for port 80 so webhosting) But still have it installed.
Bash Scripts Monitoring # of connections per ip with Netstat.
PSad - Monitoring and Reporting Port Scans (Optional automatic timed block)
VNStat - Monitor Current/Monthly/Yearly Bandwidth (Does not hog resources)
I'm guarenteed to of left alot out than just the above. If some of you could also share some simple things you do for securing a server, would be great.
View 8 Replies
View Related
Nov 24, 2008
Hosting providers and DDoS attacks!
Hello guys! I am looking for a reliable hosting provider! I mean the most important thing for me know is to be sure that my future hosting company will manage to protect my websites against DDoS attacks fully! What hosting company according to your opinion can be considered as the most stable hosting solution against DDoS attacs?
View 11 Replies
View Related
Apr 2, 2009
How does Hivelocity deal with DDos Attacks?
Do they have any similar protection to ThePlanet or Softlayer?
View 5 Replies
View Related
Jul 23, 2009
I believe that my site is being DDoSed against, and I'm wondering how I can prevent this from happening.
I'm running CentOS 5.3.
Are there any server side scripts of PHP scripts that could be used to dynamically block out IP's that are consuming too many resources on the VPS?
View 14 Replies
View Related
Jun 12, 2009
Let's say my site was getting DDOS'd. Let's say I suspected I knew the attacker's home IP address. Would there be anything I could do with this information to either end the attacks or penalize the attacker?
View 4 Replies
View Related
Jan 12, 2008
Can you restart the httpd to get the server online again while you are under an DDoS attack?
The reason for asking is that I was told that when restarting the httpd it should start to work again instantly, and so it seems.
But why? doesnt the attack "continue" after the restart?
View 14 Replies
View Related
May 19, 2009
My host tells me that they have security to stop DDoS attacks and stuff, however today my server load jumped to 17.12 and my site went down giving me a "Network Timeout" error.
My host tells me it's my fault that I am using too many resources. The MOST my site has been on load is 3.06 and that was around lunch time a few weeks back. It's 11:43 and the server load is 17.12? I think my host is pulling my leg. I have not added ANYTHING new to my site and have not changed anything in 3 days. The load has been fine till today.
I use In Motion Hosting.
View 14 Replies
View Related
Apr 21, 2008
I am about to get dedicated server with Gigenet.com.
Is this company good as they say they are?
How stable is it?
Can they really handle multi gig DDOS attacks?
View 6 Replies
View Related
May 21, 2007
One of the sites I run is a forum with a political component, and 4-5 times over the last week we've been seeing DoS attacks. They're not terribly sophisticated -- generally 1-3 compromised servers throwing packets my way -- but they're enough to clog my pipes and take my sites down.
What I'd like to do is put a new server up at a data center that's D(D)oS aware that can hopefully respond to these attacks automatically. My current provider has been giving solid support, but the best they can do is null route the affected IP, rather than filtering the incoming attack.
Can y'all name a few providers I should look into? Right now I'm just looking to move 1 box (or maybe a box and a firewall depending on the setup).
View 9 Replies
View Related
Dec 26, 2008
Can someone please recommend a hosting company that offers 24 hours toll free phone support with very good DDOS protection services?
Our server has been attacked for the past couple weeks and current host can just null route the IP being attacked but cannot offer anything beyond that...which does not help us. We are talking about large 3 GBPS attacks.
View 14 Replies
View Related
Nov 22, 2007
I want to use scp to backup files, however I find most tutorials confusing as to which computer is the remote and the local. Is the local the one you are logged into via ssh command, or the computer from which you logged into ssh.
Lets say I am on my Windows computer. I open up putty, and login to the ssh connection of a remote linux computer. What scp command do I enter into the ssh terminal to copy a file from D:�ackup of the windows computer to /home/backup of the linux computer?
View 3 Replies
View Related
Oct 22, 2007
I am getting ready to install APF, I have read multiple articles, but am still confused with the following parameters and what needs to be included in each:
IG_TCP_CPORTS
IG_UDP_CPORTS
EG_TCP_CPORTS
EG_UDP_CPORTS
These are the ports that I want to use:
21,22,25,53,80,110,143,443,465,873,993,995
How do I know what port goes in what parameter? How do I know if it goes in TCP or UDP and if it goes in Ingress or Egress?
What is the difference between TCP and UDP?
Is it ok to have a port listed in both TCP an UDP, and also in Ingress as well as in Egress?
View 6 Replies
View Related
Nov 7, 2007
having my own dedicated server. I have apf installed and I wanted to see how it blocked IPs so I had a friend, whoes IP I knew, help me. I added his IP to the deny_hosts.rules, thinking that would block him from my server, but it did not. Now, mind you, the way I added his IP was to simply use an editor and add his IP to the bottom of the list. Then I got to thinking, does teh apf only load the rules every so often? If so, how can I tell when or how often the rules load? ALso, do I need to add an IP using apr -d IPNUMBER in order for the apf to recognize it? I'd appreciate some info on how the apf works and how I can add IPs myself that I want to add and be sure that they are being blocked.
View 3 Replies
View Related
Jan 5, 2007
I am going to place my first physical server to a server room. I wish to use it also as an nameserver for my domains and I am missing some basic principle there. I can probably configure BIND etc, but how will the servers upper in the hierarchy learn that this is a nameserver for certain domains? To start with, I have several empty domains (they are not hosted and so far using nameservers of a big company).
View 3 Replies
View Related
Nov 7, 2008
it's come under my attention that dragonara.net has been ddosing me today since morning from the ip:
194.8.75.229
What's so ironic about it is that the ip is from a UK DDOS protection site so i'm expecting some email with their services in the next hour or so. Stay clear of them they are fakes and e-terrorists.
View 14 Replies
View Related
Dec 31, 2006
I am still trying to diagnose a problem some members have on my forums, when they load a page it will load a grey screen (my background color) and stop, after 15-30 seconds+ it will finally load the page
i opened a ticket with my server co and they forwared it to the NOC, NOC said it was apache config problem, server co said it was fixed and was due to apache log reaching 2GB limit, logrotate installed
same problem still existed, opened tk with server management co, they tweaked httpd.conf and disabled logs, problem still exists
I asked 3rd management co about it, changed some settings in httpd, said it may be due to ads on the sites, i took out the ads and a stat script
problem still exists, the thing is the problem exists with some users and not others, doing speed tests to the server shows it is very quick, load is low, no i/o wait and i just installed the second GB of memory so memory is fine
this is happeneing to users on seperate forums, one using vB, one using IPB, so it is server/ hardware related, AMD barton 3000, with 2GB ram, nowehere reaching the bandwidth limit or 10mbps port speed limit
any ideas? doing tracerts to the server shows a timeout before the sites IP address, every time, but doing a tracert OUT of the server shows no time outs....
View 14 Replies
View Related
Dec 13, 2006
One of the other message boards that I am on has a server at LayeredTech.
Now they said in there they had no issues whatsoever with the network. But when I did this tracert: .....
View 8 Replies
View Related
Nov 21, 2008
I have a basic understanding of their role and how they work in general (mapping domain names to ip addresses).
I'll start with my setup/scenario:
Plesk - (dedicated company server - serving parent site via WHMCS)
ResellerClub - (domain registrar)
Cpanel/WHM - (shared server)
1. What would be the recommendation for a new hosting provider when it comes to name server(s)?
2. Do most who have limited resources use the BIND service on each WHM shared server itself? So if you have umpteen shared servers you would have umpteen name servers, as well?
2a. If so is it preferred/recommended to ultimately use completely separate/dedicated server(s) for DNS services for all shared servers? What is common?
3. If using the WHM shared server itself is the common practice, what are its pros and cons?
View 6 Replies
View Related
Aug 24, 2007
For the last week or two my VPS keeps getting added to blacklists.
Yesterday I noticed that a website on the server was forward mail from a contact form to the clients AOL account, obviously scripts were completing the form on the website and that was being sent to AOL, who would of obviously blacklisted the IP.
I've stopped that now, but we're still getting black listed. I've had my VPS provider get exim to record the path that sent the e-mail, and there are no scripts on the server sending out mails that I should be worried about.
Some questions to help me.
How can you identify an outgoing e-mail? is it by the character '=>'? If so, is it normal for there to be e-mails being sent out:
2007-08-23 19:04:10 1IOH2K-00038j-Jg => /dev/null <shaun[at]sr8.co.uk> F=<aaron_straubegnvu[at]yahoo.com> R=central_filter T=**bypassed** S=0 QT=6s DT=0s
2007-08-23 19:04:10 1IOH2K-00038j-Jg Completed QT=6s
I'm puzzled as to why the server keeps being blacklisted, when I can't really see any problems in the log file?
The CBL website (which blacklisted us) says we were added at around 19:00GMT, so I've checked the logs for that time and can't really find much.
On the server there is one account with an autoresponder set as that person is away on holiday.
View 1 Replies
View Related
Jun 20, 2007
I recently went from dedicated to Dotster VPS to cut down on price and also because I do not have as many of clients I once had.
I chose their cPanel Premium
[url]
Soon after I realized via the Virtuozzo Panel, that I have limits on everything
.
I was pretty upset that none of these limits were posted anywhere on Dotsters site and its a surprise not welcomed.
I want to post some images so maybe you can tell me if their limits are reasonable or if they are way off.
[url]
I had them actually raise my diskinodes from 400/500k to 600/700k
and also my quotaugidlimit from 100 to 200.
For some reason I have 162 ugid's but i have only restored 23 or so accounts on this server, with no other special things running besides the standards. Shouldn't I be around under 100 ugid's?
So my main problems that I have is the folowing limits:
diskinodes: I have only 35 gigs used of the 50 allocated, their initial quota of 500,000 seemed low. now they bumped be to 700,000 and i'm almost there.
quotaugidlimit: for only having 23 accounts it's crazy to believe that I had to have their initial limit raise to 200. I have noticed a lot more users like #2121, #13232, #124312 and so on compaired to my dedicated server. My dedicated had about 5, this VPS shows about 30 or so.
kmemsize: their limit is 18,022,400 bytes, which I always seem to be reaching.
privvmpages: hard limit is 292,912 and i'm usually exceeding this one.
Here is a screenshot of my QoS:
[url]
Also, I noticed once I reach/exceed limits, the first things to be shutdown is my webmail and cpanel and so on, but the sites stay up Is there a way of setting up which resources are shut down in what order? To have mail up is the biggest request. I rather have ftp and cpanel down first.
I am really not happy with what is going on and gaining some user feedback would be great. I really wish Dotster had a complete breakdown of limits, before I bought.
View 6 Replies
View Related
Jul 15, 2007
A good amount of the threads in this forum are just people asking what co-location is.
View 3 Replies
View Related
