Latest Announcemnent
New thread

DDOS (layer 7) - how to stop it?

Status
Not open for further replies.
C

charmed

Active Member
111
2010
18
0
Hello,

since yesterday. My site is not loading although server and kloxo run just fine. I have contacted my host and they told me that I'm being DDOs'd by layer 7 flood.

Is there any way how to stop it? I'm VPS user and I have CSF, IPTables and DDOS Deflate.

Thank you in advance
 
7 comments
Apache - centos 5

__________________
Added after 6 minutes:

My host just saved me.

"I installed nginx in front of Apache and used it to block WordPress user-agents.
Please note nginx ins't officially supported under Kloxo, and it broke domains / subbdomains adding from Kloxo."

Few days earlier... my site got syn flood attack and now ddos. I wonder if it was targeted by someone or just random...
 
Last edited:
yeah you should switch from apache2 to nginx because you can take apache2 easily down with slowloris or arme attacks.
nginx is immune against such attacks.

but if you got a tcpflood attack you have to figure out if it's only one or a few server(you can block them easily with iptables) or is it a whole botnet which attacks you?!
i think against a tcp/udp flood you can't do pretty much yourself.....close all unecessary ports or switch to a ddos protected host.
or try some software firewalls maybe they get the job done.


best regards
 
Hello,

now I am under another DDOS attack. Multiple IPs are connecting to website. There are "waves". Is there way how to stop it?
 
If you have specific pages attacked ,then try to redirect this pages. Just find a page with a bunch of attacking popups and redirect to it.
P.s
Recently got a problem with spam posts on my blog ,2-3 pages was spammed with 1000s of msgs daily. When i integrated a capcha plugin ,my site went down. (Resource limit was reach)
I have transfered to a new better host, but the problem was the same. Finaly i have disabled the capcha plugin and redirected the 3 most spammed posts.
 
Have you solved your problem? It was xmlrpc.php attack come from Ecatel and Heztner network user. Use firewall to block these ip.

162.243.0.0/16
5.9.0.0/16
46.4.0.0/16
78.46.0.0/15
85.10.192.0/18
88.198.0.0/16
91.220.49.0/24
91.233.8.0/22
136.243.0.0/16
138.201.0.0/16
144.76.0.0/16
148.251.0.0/16
176.9.0.0/16
176.102.168.0/21
178.63.0.0/16
185.12.64.0/22
185.50.120.0/23
188.40.0.0/16
193.25.170.0/23
193.110.6.0/23
193.223.77.0/24
194.42.180.0/22
194.42.184.0/22
194.145.226.0/24
197.242.84.0/22
212.114.58.0/23
213.133.96.0/19
213.169.144.0/22
213.239.192.0/18
80.82.64.0/24
80.82.65.0/24
80.82.66.0/24
80.82.67.0/24
80.82.68.0/24
80.82.69.0/24
80.82.70.0/24
80.82.76.0/24
80.82.77.0/24
80.82.78.0/24
80.82.79.0/24
89.248.160.0/21
89.248.168.0/24
89.248.169.0/24
89.248.170.0/23
89.248.172.0/23
89.248.174.0/24
93.174.88.0/21
94.102.48.0/20
104.166.102.0/24
104.166.116.0/24
104.166.118.0/24
188.72.98.0/24
188.72.103.0/24
188.72.106.0/24
188.72.117.0/24
 
Use fail2ban and create some jails for apache. It will automatically ban IP's using iptables if they connect multiple times accessing invalid resources.

Also, tune apache to handle more traffic and if you can, increase the bandwidth allocated to your server
 
Status
Not open for further replies.
Back
Top