1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Dealing with DDOS

Discussion in 'Site & Server Administration' started by gibigbig, Feb 10, 2015.

  1. #1
    Recently a project I'm working on has come under heavy DDOS attacks. Cloudflare is not enough to stop it. It seems to be a UDP/TCP type ddos attack but thats all the information I have.

    All online support seems to suggest is "invest in more dense network that has the bandwidth to withstand it".

    What say you?
     
    gibigbig, Feb 10, 2015 IP
  2. zacharooni

    zacharooni Well-Known Member

    Messages:
    346
    Likes Received:
    20
    Best Answers:
    4
    Trophy Points:
    120
    #2
    Do you have any exposed (non-orangecloud) or MX records on the same server as the website?
     
    zacharooni, Feb 10, 2015 IP
  3. gibigbig

    gibigbig Well-Known Member

    Messages:
    114
    Likes Received:
    0
    Best Answers:
    1
    Trophy Points:
    133
    Digital Goods:
    1
    #3
    It currently only has 1 website on the server.
    Not sure what you mean by exposed. Can you elaborate please?
     
    gibigbig, Feb 10, 2015 IP
  4. sarahk

    sarahk iTamer Staff

    Messages:
    28,494
    Likes Received:
    4,457
    Best Answers:
    123
    Trophy Points:
    665
    #4
    They're really getting past Cloudflare? wow!
    @digitalpoint - is there a setting in Cloudflare that might not be right?
     
    sarahk, Feb 10, 2015 IP
  5. digitalpoint

    digitalpoint Overlord of no one Staff

    Messages:
    38,333
    Likes Received:
    2,613
    Best Answers:
    462
    Trophy Points:
    710
    Digital Goods:
    29
    #5
    If they are attacking your server IPs directly, I'd change your IPs and also block all traffic to your servers except CloudFlare IPs. I'd say it would be very difficult for someone to DDoS attack your servers through CloudFlare, so I'm guessing they know your direct IPs.
     
    digitalpoint, Feb 10, 2015 IP
  6. zacharooni

    zacharooni Well-Known Member

    Messages:
    346
    Likes Received:
    20
    Best Answers:
    4
    Trophy Points:
    120
    #6
    This may be an application level attack if it's orangeclouded, and still getting past. Can you post some of /var/log/messages or apache access log to Pastebin?
     
    zacharooni, Feb 10, 2015 IP
  7. sarahk

    sarahk iTamer Staff

    Messages:
    28,494
    Likes Received:
    4,457
    Best Answers:
    123
    Trophy Points:
    665
    #7
    I'm guessing shared hosting?
     
    sarahk, Feb 10, 2015 IP
  8. Alexbizz

    Alexbizz Active Member

    Messages:
    195
    Likes Received:
    12
    Best Answers:
    0
    Trophy Points:
    60
    #8
    Option 1: Use Myracloud.
    Option 2: Use other dedicated IP
     
    Alexbizz, Feb 10, 2015 IP
  9. niknar1900

    niknar1900 Active Member

    Messages:
    147
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    75
    #9
    Have you thought of using Hiawatha instead of Apache? (Assuming you're using Apache in the first place)
     
    niknar1900, Feb 13, 2015 IP
  10. gibigbig

    gibigbig Well-Known Member

    Messages:
    114
    Likes Received:
    0
    Best Answers:
    1
    Trophy Points:
    133
    Digital Goods:
    1
    #10
    Everything seems to be set up correctly.
    Changing IP's seems to have worked. Haven't gotten an attack yet.
    I don't have those logs any more unfortunately, but it was basically a lot of connection time outs, sockets temporarily unavailable etc..
    No it's dedicated. 4GB ram. Dedicated processors and other hardware, etc..
    Seems to have fixed it, thanks.
    Nope, nGinx all the way!
     
    gibigbig, Feb 15, 2015 IP