1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

DDOS Protection. Need Help

Discussion in 'Security' started by UnHide, Dec 22, 2012.

  1. #1
    Hello guys. I need some help to secure my linux server againt DDOS attacks.

    Can you anyone suggest me what to do.

    thanks in advance.
    SEMrush
     
    UnHide, Dec 22, 2012 IP
    SEMrush
  2. zacharooni

    zacharooni Well-Known Member

    Messages:
    345
    Likes Received:
    20
    Best Answers:
    4
    Trophy Points:
    120
    #2
    Chances are, you will not be able to modify the server in any way to protect it completely from a DDoS attack, so it's not guaranteed. You can harden it all you want, but unless you are hosting your server with a provider that advertises attack protection, a provider such as CloudFlare, Staminus, BlackLotus, Awknet, or any provider that will allow GRE tunneling of a remote IP to host your website through, any effort to secure an existing server's network stack will not be very effective.
     
    zacharooni, Dec 23, 2012 IP
  3. UnHide

    UnHide Peon

    Messages:
    30
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Okay. thanks. sounds good to me..
     
    UnHide, Dec 23, 2012 IP
  4. Jesse27

    Jesse27 Active Member

    Messages:
    145
    Likes Received:
    8
    Best Answers:
    1
    Trophy Points:
    90
    #4
    Jesse27, Dec 25, 2012 IP
  5. UnHide

    UnHide Peon

    Messages:
    30
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Thanks Jesse27..
     
    UnHide, Dec 25, 2012 IP
  6. wpimdbautomator

    wpimdbautomator Greenhorn

    Messages:
    38
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    16
    #6
    Install CSF.
    Configure csf.conf to DENY_IP to around 100
    Check time to around 5 seconds

    If you think attack is coming from 1 country, put that in deny country option and if you still need help, i can probably give it a shot.
     
    wpimdbautomator, Dec 28, 2012 IP
  7. zacharooni

    zacharooni Well-Known Member

    Messages:
    345
    Likes Received:
    20
    Best Answers:
    4
    Trophy Points:
    120
    #7
    Please ignore any advice given regarding ConfigServer Firewall. While it's a great product to maintain security policies and do basic integrity checking, it will not do anything to prevent or mitigate a Distributed Denial of Service attack. Chances are, it will exhaust iptables resources due to ipt_recent memory usage, and will crash your server.
     
    zacharooni, Dec 28, 2012 IP
  8. BreezeHost

    BreezeHost Member

    Messages:
    139
    Likes Received:
    1
    Best Answers:
    1
    Trophy Points:
    28
    #8
    You need to check the connections on the server (http hits) and if found any IP from which you get lot of hits then you can check that IP whether it is from your network or other.Block the IP from which you get lot of hits on your server.
     
    BreezeHost, Dec 30, 2012 IP
  9. hostechsupport

    hostechsupport Well-Known Member

    Messages:
    413
    Likes Received:
    23
    Best Answers:
    7
    Trophy Points:
    138
    #9
    check the domlogs (/usr/local/apache/domlogs) directory and find out the file that is bigger in size.Most probably the domain under attack should top the list.
     
    hostechsupport, Dec 30, 2012 IP
  10. Achiever

    Achiever Active Member

    Messages:
    2,194
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    80
    #10
    i think that you need to configure the net set up. so do it using a network...
     
    Achiever, Dec 30, 2012 IP
  11. mohsinrizwan

    mohsinrizwan Active Member

    Messages:
    90
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    60
    #11
    depends howbig attack you are receiving, herden server can help you only if attack is under your port bandwidth, otherwise you need Host who provide DDos protection.
     
    mohsinrizwan, Jan 30, 2013 IP
  12. anika

    anika Active Member

    Messages:
    147
    Likes Received:
    5
    Best Answers:
    0
    Trophy Points:
    90
    #12
    Contact your uplink provider and ask if they have any DDos protection. Also check the logs, and see if the attacks come from a set of IP/class and ask your uplink provider to null routed them.
    There is not much you can do at your end since you're flooded and don't have enough bandwidth or the right equipment to handle it.
     
    anika, Jan 30, 2013 IP