Latest Announcemnent
New thread
Status
Not open for further replies.
accyuklad

accyuklad

Banned
Banned
2,638
2009
39
0
my site kept going offline and just did a netstat check and found 1 ip was doing 59 connections since i stopped that it working fine is there a easy way that i dont after keep doing a ban myself and use maybe install something in the vps to autoban at a certain connection

does apf and csf stop it anychance
 
14 comments
Search Technical and Security Tutorials for your answer

here is few other topics about DDOS
Code: 
[URL="http://www.wjunction.com/forumdisplay.php?f=48"]http://www.wjunction.com/showthread.php?t=45447[/URL]
[url]http://www.wjunction.com/showthread.php?t=155[/url]

or simple try Google
Code: 
http://www.google.com/search?q=How+to+prevent+DDos
 
In your case its just dos mate ! ddos is not same as dos .
ddos is when a botnet attacks you dos is when only one ip attacks you !
you can block it easily using firewall since its just a simple dos from a single ip !
 
I just received email notification that blah blah ip blocked due to 200 connection or 150 connection. i don't know what configuration hosting installed. could is there any clue to expose their configuration ?

note: notification show during SSH working.
 
There is no such thing as a true protected VPS when it comes to a ddos attack unless your paying $120~$170 even then your better off with a dedicated server.
 
I got DOS attack in my VPS.

I blocked the process "named". removed from the start up too.

configured firewall to block all incoming traffic on port 53.
Only using the server for http.

but still one problem existing,
Bandwidth usage is getting approx 1GB / minute.

This is making my bandwidth quota exceeding.

I there any solution in firewall or VPS level?
 
Thanks, Server police.

Will it arrest bandwidth utilizing issue?

As i have mentioned i have already configured iptables(firewall) to block port 53(domain).
I am not at all using the DNS service i have removed the DNS server too.

Also i am not trying to keep the service up by limiting the attack.
I am just wondering about the solution for Bandwidth Utilization.

Will this suitable?

Image 1 : Result of iftop - network monitoring tool, the marked IPs are consuming 1Gb / minute from my VPS
All are incoming traffic in port 53
245ivyc.jpg




Image 2: Snap of the firewall configuration. All incoming traffic in port 53 has blocked.
r0a1c5.jpg
 
With current firewall redirect all traffic to another ip. While doing so watch incoming traffic flow and note the ips.

Then if possible block the entire subnet of the ipblock or country code.

Hope it dies down or purchase a ddos reverse proxy to help you or use cloudflare.

If they are coming from port 53 you are being flooded by domain and not the ip of the domain.
 
Status
Not open for further replies.
Back
Top