Anyone have any advice for this type of attack? My webhost tried ip banning but it isn't stopping the bot from overloading my server.
Create firewall rule and deny all form the subnet attacking. Can you see in the logs how it is attacking and from where? Many ways to stop the attack but without logs I really can't see what's going on.
The best way to attempt to mitigate this issue is to have your host null route the attacking network(s) at their edge router. You should also be contacting the attacking network(s) abuse handle and provide them with the details of the issue. They may or may not take any action but if they don't you can always contact their upstream provider.
install mod_evasive on your apache to protect from ddos attacks. see this it would help if you install a firewall (CSF/APF) against brute force attacks. dont leave it open!
The only good protection against massive and sophisticated attacks is to hire a company that specializes in DDoS mitigation. Mind you that you do not want to contact such company when the attack is taking place, because the emergency fees are quite dear! Make sure you deploy such a service before the attack even reaches your network edge!!!
Have Iptables on your box ? Dos Attack generaly come from many "zombie" computer. They generaly use ICMP¨, UDP protocole tu attack you. My Advice, Drop ICMP Packet from any kind, this will then turn off the ping reply from your server + tracert and some other things. Close all port that you dont run service on from 10000 to 65365 cause there'r generaly unused and allway open on major box. and all other under that are unused. Instead of block the ip that attack come from, block the traffic protocole they use to down you.
Hi, I should point out that while making software changes (i.e. iptables, mod_evasive, etc.) can reduce the amount of server load that the DDoS attack can cause but is absolutely pointless if the DDoS attack is large enough to saturate your up-link. For example if your (or your host or their upstream provider) link is 10Mbit/s and an you are getting a 12Mbit/s DDoS then it really doesn't matter what you do on the server as little, if any, legitimate traffic will get through anyway.
Of course. If it gets out of hand, contact your IDC and have them null route the offending IP(s) at their Edge routers. Note, if it's too bad to null route their ips, some null route YOURS until the attack stops. You have been warned (hence I have never contacted the IDC). If you are forced, null route your own IP (drop the binding to the interface) and shift everyone to a new IP.
If it gets terrible then ask you dc to null route the server until it stops. If it is so bad that the server doesn't respond anyway then you have nothing to lose.