| Posted by evilc0d3r, 04-12-2009, 01:02 PM | | Hi.I have a vps and it is several days that some one is using ddos attack method to my vps.i had installed anti ddos or firewall,but those are useless.His attacks are such great that The server and all the vps are down now. One told me that I should check the ips and receive ips. The attacker is so skillful .please help and describe the best method to defeat him. Be sides the attacker use diffirenet ips in each attack,I block him by iptables but no use
. His attack occupy all the ram and I have to resetart the server
Now this time his attack lead to shutting all the vps down
|
| Posted by eth00, 04-12-2009, 01:13 PM | | What type of attack is he performing?
Depending on how large it is you may need your host to help out, or even they may be powerless.
Depending on the size it may be large enough to overload the main VPS server in which case you will be hard pressed to have a host keep your VPS online.
|
| Posted by evilc0d3r, 04-12-2009, 01:20 PM | | how can i undrestand which kind of attack that would be? Is there any command to undrestand the attak type?
Please give me a solution
|
| Posted by e-Sensibility, 04-12-2009, 01:28 PM | | If the hacker's botnet can take down your site with just single requests from each ip then there is really nothing that you can do. If, however, each ip is making multiple requests for your site(s) simultaneously then what you can do is set the threshold for abuse very low and bump all abusers to a table. Set your firewall up such that all ips on the abusers table get their packets dropped immediately. That might be your best shot of making a difference by yourself. As others have said, try your host too.
|
| Posted by Deem3n®, 04-12-2009, 02:58 PM | | A possible solution will be to write a script what will analyse the output of netstat and place most active ips to blacklist
|
| Posted by Ryan - HostATree, 04-12-2009, 03:02 PM | | Well it sounds like a firewall will be no help. You can set up a firewall to null and packets from that ip but by nulling them it will just overload your gateway. I would suggest that you contact the DC and have them block all requests from this IP. That is what we do when we have DDOS attacks that are too heavy for our firewalls and it ends it right away.
|
| Posted by evilc0d3r, 04-12-2009, 03:03 PM | | CAn anyone introduce such script like this?
|
| Posted by tickedon, 04-12-2009, 03:39 PM | | It can't be stopped by a script on your VPS.
It needs to be stopped "further up the chain", which means getting your host (and the DC possibly, if they aren't the same) involved.
|
| Posted by ServerManagement, 04-12-2009, 03:52 PM | | Take a look at the bandwidth graph to see how high the attacking traffic is.
|
| Posted by RioReyEd, 04-12-2009, 06:10 PM | | Search the web for DDoS protection. Most of the companies that specialize in this have an UNDER ATTACK button. Our company does as well and I can only speak for ourselves but I believe that all of us will jump quickly to assist.
|
| Posted by e-Sensibility, 04-12-2009, 06:18 PM | | This sort of functionality is built in at a lower level to many firewalling applications.
|
|
 Add to Favourites
 Print this Article
|
