DDOS Protection. Need Help

Hello guys. I need some help to secure my linux server againt DDOS attacks.

Can you anyone suggest me what to do.

thanks in advance.

 

Chances are, you will not be able to modify the server in any way to protect it completely from a DDoS attack, so it's not guaranteed. You can harden it all you want, but unless you are hosting your server with a provider that advertises attack protection, a provider such as CloudFlare, Staminus, BlackLotus, Awknet, or any provider that will allow GRE tunneling of a remote IP to host your website through, any effort to secure an existing server's network stack will not be very effective.

 

Okay. thanks. sounds good to me..

 

Install and setup CSF Firewall. It somehow helps

http://configserver.com/cp/csf.html

 

Thanks Jesse27..

 

Install CSF.
Configure csf.conf to DENY_IP to around 100
Check time to around 5 seconds

If you think attack is coming from 1 country, put that in deny country option and if you still need help, i can probably give it a shot.

 

Please ignore any advice given regarding ConfigServer Firewall. While it's a great product to maintain security policies and do basic integrity checking, it will not do anything to prevent or mitigate a Distributed Denial of Service attack. Chances are, it will exhaust iptables resources due to ipt_recent memory usage, and will crash your server.

 

You need to check the connections on the server (http hits) and if found any IP from which you get lot of hits then you can check that IP whether it is from your network or other.Block the IP from which you get lot of hits on your server.

 

check the domlogs (/usr/local/apache/domlogs) directory and find out the file that is bigger in size.Most probably the domain under attack should top the list.

 

i think that you need to configure the net set up. so do it using a network...

 

depends howbig attack you are receiving, herden server can help you only if attack is under your port bandwidth, otherwise you need Host who provide DDos protection.

 

Contact your uplink provider and ask if they have any DDos protection. Also check the logs, and see if the attacks come from a set of IP/class and ask your uplink provider to null routed them.
There is not much you can do at your end since you're flooded and don't have enough bandwidth or the right equipment to handle it.