1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Help with DDOS issue

Discussion in 'Security' started by MG Mike, Sep 17, 2011.

  1. #1
    Hello my site has been getting DDOS'd heavily lately (almost everyday). I have the DDOS deflate script running on my server but it seems to be doing little or nothing. I also have the APF firewall on my server but i ohnestly dont know how to make a custom ip table rule that will block the DDOS attack.

    If its possible i would like a rule that automatically blocks and bans the attacking ip from accessing my server but i dont have any idea about how to do the rule myself.

    Please can somebody help me, thankyou.
     
    Solved! View solution.
    MG Mike, Sep 17, 2011 IP
  2. #2
    What this command output ?

    Try DDOS deflate script> http://deflate.medialayer.com/


    Or you can add this iptables script to limit Connections Per Second, it can help you to block ddos attack but if the attack is too large you need some hardware stuff...

    Source > http://www.cyberciti.biz/faq/iptables-connection-limits-howto/
     
    Boten, Sep 17, 2011 IP
  3. thephoneguy

    thephoneguy Greenhorn

    Messages:
    48
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    16
    #3
    It really depends. What is the result of the attack? What type of site are you hosting? do you have money for mitigation? what type of server do you have? How strong is the actual attack?
     
    thephoneguy, Sep 17, 2011 IP
  4. MG Mike

    MG Mike Peon

    Messages:
    5
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #4
    @thephoneguy The attack seems to be DDOS not dos as it comes from multi ips, i get a error from the mysql database something along the lines of "mysql_maximumconnections" cant remember exactly but i think its that. And the type of site is a gaming site.

    @boten
    How do i put that rule into my iptables as i have no experience in that field and i know very little about SSH.

    Also i have DDOS deflate allready running but it seems to do nothing.
     
    MG Mike, Sep 17, 2011 IP
  5. thephoneguy

    thephoneguy Greenhorn

    Messages:
    48
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    16
    #5
    if you want mike i can help over msn. PM me your msn and i can give you some pointers. I used to deal with a lot of ddos attacks.
     
    thephoneguy, Sep 17, 2011 IP
  6. Boten

    Boten Well-Known Member

    Messages:
    28
    Likes Received:
    0
    Best Answers:
    1
    Trophy Points:
    111
    #6
    Run this command in your console :

    And past the result here, this will allow us to see if it really is a DDoS attack, because in this case you should see some ip 's making more than > 100 simultaneous connections.

    To apply the script i gave you above, you have to create a bash file in your server, and make a chmood on it :
    #chmod +x ddos.sh
    And you run it by :
    #sh ddos.sh or ./ddos.sh

    And your iptables rules are ready.
     
    Boten, Sep 17, 2011 IP
  7. MG Mike

    MG Mike Peon

    Messages:
    5
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #7
    Boten you have been very helpfull and thanks for replying i have managed to block the attack now but the ips had way more then 100 connections each some where in the region of 200 to 300.

    How would i create a bash file on my server? i have really little SSH experience and am egar to learn more, thanks boten once again.
     
    MG Mike, Sep 17, 2011 IP
  8. Boten

    Boten Well-Known Member

    Messages:
    28
    Likes Received:
    0
    Best Answers:
    1
    Trophy Points:
    111
    #8
    I advice you to read some linux tutorials here > http://linuxcommand.org/ and here > http://linuxreviews.org/beginner/

    To create a file in the console you can do it with an editor :

    #nano ddos.sh
    Then you past the script i gave you (right click of your mouse)
    #chmod +x ddos.sh
    And you run it by :
    #sh ddos.sh or ./ddos.sh

    And your script is ready !
     
    Boten, Sep 18, 2011 IP
  9. MG Mike

    MG Mike Peon

    Messages:
    5
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #9
    Ok boten that seems to make more sense, what folder shall i put the script in or does it not matter?
     
    MG Mike, Sep 18, 2011 IP
  10. Boten

    Boten Well-Known Member

    Messages:
    28
    Likes Received:
    0
    Best Answers:
    1
    Trophy Points:
    111
    #10
    Generaly whatever folder will be okay (apart those for memory and file systems) but for more organization put it on /var/script.

    Don't forget to create the folder script on /var. (command : mkdir /var/script)
     
    Boten, Sep 18, 2011 IP
  11. MG Mike

    MG Mike Peon

    Messages:
    5
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #11
    ok boten thanks for your help :) youve been very helpfull.
     
    MG Mike, Sep 18, 2011 IP