DDoS attack

Hello,

I see that a number of IPs send "post" commend to my index.php but i am trying to find out what exactly they are trying to post and into which form on that page.

Can anyone please advice ?

 

hello
first this no are a DDoS attack !
real DDoS attack put down big sites !

well 2 options or kids ( using premade tools to find vuln applications ) or spammers try to make email injection !

all have a lot spammers and kids !

 

This is indeed considered as DDoS,its setup a smart way and can kill any dual xeon based server in minutes

 

maybe DOS but not DDOS

 

DDoS is a Distributed DoS. Since there is a number of IPs, it can be considered as DDoS. Usually DDoS hits site IP with junk packets, not using some http post requests.

There might be some reasonable explanation (bad scripts or some broken cron job) or it could actually be some kind of abusive attack. Try banning the IPs (if the amount of addresses/ranges is not too high). Try banning the request or user agent pattern. Try contacting the hoster, if its a large and serious one, they could solve it for you by setting temporal filters.

 

if posts requests put down a server , need sysadmin make a better config some sites have zillion of requests and work fine all time !

 

And some websites have 100 requests and turn down any server,forum websites for example

 

look have many forms to prevent this mod evasive is one if have more to x requests ban the ip , sorry but get and posts requests are used only by kid and spammers if make a good config all are ok !

the problem are the real attacks !
lite kids and stupids spammers only use premade tools no have a brain , look in your logs all are the same requests and the same users agents !

install mod evasive , mod security add good rules !

 

Yes, it IS a DOS attack and not DDOS because if it was, then you would rather say here, my site is down.

DDOS can birn ANY server down within minutes as someone one dial up can behave like user os 10 MBPS connection...

Use mod_evasive by zdirski* or whatever, thats excellent. Works like a charm...

 

1)DDoS wont burn your server,no matter hwo big the attack is at some point your server will go down and thats it,it will be unresponsive be it 100+ or 1000+ mbps,anything above 10 mbps will get it down easy

2)I have mod_evasive installed but its not a good diea to leave it enabled forever,its banning googlebat and similat legit SE bots,if you tune it to dospagecount 100+ to not ban legit bots then it will not ban also bad bots,it will help but not an ideal solution for httpd low bandwidth attacks