SavkeUltras
Active Member
hahahhabuy on knownsrv.com they can block all the ddos.
hahahhabuy on knownsrv.com they can block all the ddos.
Stay away from knownsrv and keito0015 who will block it, when there is no one from support to do it?
Sep 5 04:39:40 hosted named[1479]: client 50.7.182.148#63778: no more recursive clients: quota reached
Sep 5 04:39:44 hosted named[1479]: client 50.7.180.203#42796: no more recursive clients: quota reached
Sep 5 04:39:51 hosted named[1479]: client 50.7.182.148#58579: no more recursive clients: quota reached
Sep 5 04:39:56 hosted named[1479]: client 50.7.182.148#1365: no more recursive clients: quota reached
Sep 5 04:39:59 hosted named[1479]: client 50.7.180.203#34503: no more recursive clients: quota reached
Sep 5 04:40:02 hosted named[1479]: client 50.7.180.203#55253: no more recursive clients: quota reached
Sep 5 04:40:17 hosted named[1479]: client 50.7.182.147#56478: no more recursive clients: quota reached
Sep 5 04:40:18 hosted named[1479]: client 50.7.182.147#63839: no more recursive clients: quota reached
Sep 5 04:40:18 hosted named[1479]: unexpected RCODE (REFUSED) resolving 'qha.cc/ANY/IN': 217.70.177.40#53
Sep 5 00:06:02 hosted named[1479]: client 81.2.194.154#18146: no more recursive clients: quota reached
Sep 5 00:06:23 hosted named[1479]: client 81.2.194.154#3004: no more recursive clients: quota reached
Sep 5 00:06:26 hosted named[1479]: client 81.2.194.154#31181: no more recursive clients: quota reached
Sep 5 00:06:28 hosted named[1479]: client 81.2.194.154#2110: no more recursive clients: quota reached
Sep 5 00:06:31 hosted named[1479]: client 81.2.194.154#28282: no more recursive clients: quota reached
Sep 5 00:06:33 hosted named[1479]: client 81.2.194.154#43216: no more recursive clients: quota reached
Sep 5 00:06:37 hosted named[1479]: client 81.2.194.154#65036: no more recursive clients: quota reached
Sep 5 00:06:40 hosted named[1479]: client 81.2.194.154#37833: no more recursive clients: quota reached
Sep 5 00:06:42 hosted named[1479]: unexpected RCODE (REFUSED) resolving 'qha.cc/ANY/IN': 217.70.177.40#53
Sep 4 23:43:13 hosted named[1479]: unexpected RCODE (REFUSED) resolving 'qha.cc/A/IN': 217.70.177.40#53
Sep 4 23:43:19 hosted named[1479]: client 98.158.196.55#35771: no more recursive clients: quota reached
Sep 4 23:43:22 hosted named[1479]: client 98.158.196.55#16456: no more recursive clients: quota reached
Sep 4 23:43:24 hosted named[1479]: client 98.158.196.55#39362: no more recursive clients: quota reached
Sep 4 23:43:24 hosted named[1479]: client 98.158.196.55#27322: no more recursive clients: quota reached
Sep 4 23:43:25 hosted named[1479]: client 98.158.196.55#27339: no more recursive clients: quota reached
Sep 4 23:43:27 hosted named[1479]: client 98.158.196.55#26218: no more recursive clients: quota reached
Sep 4 23:43:27 hosted named[1479]: client 98.158.196.55#36512: no more recursive clients: quota reached
Sep 4 23:43:28 hosted named[1479]: client 98.158.196.55#48973: no more recursive clients: quota reached
Sep 4 23:43:29 hosted named[1479]: client 98.158.196.55#36542: no more recursive clients: quota reached
Sep 4 23:43:30 hosted named[1479]: client 98.158.196.55#33303: no more recursive clients: quota reached
So how to protect it ? Any way ?
12:20:04.077654 IP 70.42.74.6.34892 > SERVER_IP.domain: 50032+ [1au] ANY? anonsc.com. (39)
12:20:04.077974 IP 98.247.26.97.26435 > SERVER_IP.domain: 27690+ [1au] ANY? anonsc.com. (39)
12:20:04.130103 IP 24.0.197.47.11858 > SERVER_IP.domain: 34704+ [1au] ANY? anonsc.com. (39)
12:20:04.132698 IP 70.42.74.6.54053 > SERVER_IP.domain: 7152+ [1au] ANY? anonsc.com. (39)
12:20:04.147091 IP 70.42.74.6.28713 > SERVER_IP.domain: 34470+ [1au] ANY? anonsc.com. (39)
12:20:04.179792 IP 24.0.197.47.61909 > SERVER_IP.domain: 1426+ [1au] ANY? anonsc.com. (39)
12:20:04.290341 IP 70.42.74.6.65385 > SERVER_IP.domain: 24818+ [1au] ANY? anonsc.com. (39)
12:20:04.291292 IP 70.42.74.6.34608 > SERVER_IP.domain: 15632+ [1au] ANY? anonsc.com. (39)
12:20:04.298682 IP 70.42.74.6.5760 > SERVER_IP.domain: 60184+ [1au] ANY? anonsc.com. (39)
12:20:04.307632 IP 98.247.26.97.8101 > SERVER_IP.domain: 30734+ [1au] ANY? anonsc.com. (39)
12:20:04.342588 IP 98.247.26.97.9743 > SERVER_IP.domain: 45290+ [1au] ANY? anonsc.com. (39)
12:20:04.480128 IP 98.247.26.97.44544 > SERVER_IP.domain: 44396+ [1au] ANY? anonsc.com. (39)
12:20:04.717342 IP 24.0.197.47.46291 > SERVER_IP.domain: 42316+ [1au] ANY? anonsc.com. (39)
12:20:04.723512 IP 24.0.197.47.50114 > SERVER_IP.domain: 63588+ [1au] ANY? anonsc.com. (39)
12:20:04.768361 IP 70.42.74.6.12584 > SERVER_IP.domain: 2786+ [1au] ANY? anonsc.com. (39)
12:20:04.771870 IP 70.42.74.6.56370 > SERVER_IP.domain: 53752+ [1au] ANY? anonsc.com. (39)
12:20:04.772143 IP 70.42.74.6.8933 > SERVER_IP.domain: 59158+ [1au] ANY? anonsc.com. (39)
12:20:04.828781 IP 98.247.26.97.22758 > SERVER_IP.domain: 42422+ [1au] ANY? anonsc.com. (39)
12:20:04.882267 IP 24.0.197.47.47484 > SERVER_IP.domain: 32712+ [1au] ANY? anonsc.com. (39)
12:20:04.999185 IP 70.42.74.6.64324 > SERVER_IP.domain: 15406+ [1au] ANY? anonsc.com. (39)
12:20:05.078169 IP 70.42.74.6.63323 > SERVER_IP.domain: 21464+ [1au] ANY? anonsc.com. (39)
12:20:05.240673 IP 98.247.26.97.43817 > SERVER_IP.domain: 41582+ [1au] ANY? anonsc.com. (39)
12:20:05.318407 IP 70.42.74.6.38759 > SERVER_IP.domain: 53372+ [1au] ANY? anonsc.com. (39)
12:20:05.318710 IP 70.42.74.6.18556 > SERVER_IP.domain: 32558+ [1au] ANY? anonsc.com. (39)
12:20:05.767678 IP 70.42.74.6.56097 > SERVER_IP.domain: 35026+ [1au] ANY? anonsc.com. (39)
12:20:05.767825 IP 70.42.74.6.22977 > SERVER_IP.domain: 62040+ [1au] ANY? anonsc.com. (39)
12:20:05.768079 IP 70.42.74.6.61877 > SERVER_IP.domain: 20846+ [1au] ANY? anonsc.com. (39)
12:20:05.920332 IP 70.42.74.6.40384 > SERVER_IP.domain: 46418+ [1au] ANY? anonsc.com. (39)
12:20:05.977361 IP 70.42.74.6.7259 > SERVER_IP.domain: 57550+ [1au] ANY? anonsc.com. (39)
12:20:05.977655 IP 70.42.74.6.39132 > SERVER_IP.domain: 26738+ [1au] ANY? anonsc.com. (39)
12:20:05.978117 IP 70.42.74.6.44650 > SERVER_IP.domain: 62442+ [1au] ANY? anonsc.com. (39)
12:20:05.980383 IP 70.42.74.6.28070 > SERVER_IP.domain: 48428+ [1au] ANY? anonsc.com. (39)
12:20:06.042466 IP 70.42.74.6.7407 > SERVER_IP.domain: 40030+ [1au] ANY? anonsc.com. (39)
12:20:06.042885 IP 70.42.74.6.28819 > SERVER_IP.domain: 60778+ [1au] ANY? anonsc.com. (39)
12:20:06.043542 IP 70.42.74.6.travsoft-ipx-t > SERVER_IP.domain: 59726+ [1au] ANY? anonsc.com. (39)
12:20:06.047155 IP 70.42.74.6.37987 > SERVER_IP.domain: 33874+ [1au] ANY? anonsc.com. (39)
tcpdump -n udp dst port 53|grep ANY > ddos.log
cat ddos.log|awk {'print $3'}|cut -d: -f 1|cut -d. -f -4|sort|uniq -c|sort -nk 1
347 109.131.217.16
690 98.247.26.97
696 98.102.13.82
709 217.23.11.166
714 178.18.84.225
Oke so whats now ??
How can i block whole anonsc.com thing ??
12:20:04.077654 IP 70.42.74.6.34892 > SERVER_IP.domain: 50032+ [1au] ANY? anonsc.com. (39)
12:20:04.077974 IP 98.247.26.97.26435 > SERVER_IP.domain: 27690+ [1au] ANY? anonsc.com. (39)
12:20:04.130103 IP 24.0.197.47.11858 > SERVER_IP.domain: 34704+ [1au] ANY? anonsc.com. (39)
12:20:04.132698 IP 70.42.74.6.54053 > SERVER_IP.domain: 7152+ [1au] ANY? anonsc.com. (39)
12:20:04.147091 IP 70.42.74.6.28713 > SERVER_IP.domain: 34470+ [1au] ANY? anonsc.com. (39)
12:20:04.179792 IP 24.0.197.47.61909 > SERVER_IP.domain: 1426+ [1au] ANY? anonsc.com. (39)
12:20:04.290341 IP 70.42.74.6.65385 > SERVER_IP.domain: 24818+ [1au] ANY? anonsc.com. (39)
12:20:04.291292 IP 70.42.74.6.34608 > SERVER_IP.domain: 15632+ [1au] ANY? anonsc.com. (39)
12:20:04.298682 IP 70.42.74.6.5760 > SERVER_IP.domain: 60184+ [1au] ANY? anonsc.com. (39)
12:20:04.307632 IP 98.247.26.97.8101 > SERVER_IP.domain: 30734+ [1au] ANY? anonsc.com. (39)
12:20:04.342588 IP 98.247.26.97.9743 > SERVER_IP.domain: 45290+ [1au] ANY? anonsc.com. (39)
12:20:04.480128 IP 98.247.26.97.44544 > SERVER_IP.domain: 44396+ [1au] ANY? anonsc.com. (39)
12:20:04.717342 IP 24.0.197.47.46291 > SERVER_IP.domain: 42316+ [1au] ANY? anonsc.com. (39)
12:20:04.723512 IP 24.0.197.47.50114 > SERVER_IP.domain: 63588+ [1au] ANY? anonsc.com. (39)
12:20:04.768361 IP 70.42.74.6.12584 > SERVER_IP.domain: 2786+ [1au] ANY? anonsc.com. (39)
12:20:04.771870 IP 70.42.74.6.56370 > SERVER_IP.domain: 53752+ [1au] ANY? anonsc.com. (39)
12:20:04.772143 IP 70.42.74.6.8933 > SERVER_IP.domain: 59158+ [1au] ANY? anonsc.com. (39)
12:20:04.828781 IP 98.247.26.97.22758 > SERVER_IP.domain: 42422+ [1au] ANY? anonsc.com. (39)
12:20:04.882267 IP 24.0.197.47.47484 > SERVER_IP.domain: 32712+ [1au] ANY? anonsc.com. (39)
12:20:04.999185 IP 70.42.74.6.64324 > SERVER_IP.domain: 15406+ [1au] ANY? anonsc.com. (39)
12:20:05.078169 IP 70.42.74.6.63323 > SERVER_IP.domain: 21464+ [1au] ANY? anonsc.com. (39)
12:20:05.240673 IP 98.247.26.97.43817 > SERVER_IP.domain: 41582+ [1au] ANY? anonsc.com. (39)
12:20:05.318407 IP 70.42.74.6.38759 > SERVER_IP.domain: 53372+ [1au] ANY? anonsc.com. (39)
12:20:05.318710 IP 70.42.74.6.18556 > SERVER_IP.domain: 32558+ [1au] ANY? anonsc.com. (39)
12:20:05.767678 IP 70.42.74.6.56097 > SERVER_IP.domain: 35026+ [1au] ANY? anonsc.com. (39)
12:20:05.767825 IP 70.42.74.6.22977 > SERVER_IP.domain: 62040+ [1au] ANY? anonsc.com. (39)
12:20:05.768079 IP 70.42.74.6.61877 > SERVER_IP.domain: 20846+ [1au] ANY? anonsc.com. (39)
12:20:05.920332 IP 70.42.74.6.40384 > SERVER_IP.domain: 46418+ [1au] ANY? anonsc.com. (39)
12:20:05.977361 IP 70.42.74.6.7259 > SERVER_IP.domain: 57550+ [1au] ANY? anonsc.com. (39)
12:20:05.977655 IP 70.42.74.6.39132 > SERVER_IP.domain: 26738+ [1au] ANY? anonsc.com. (39)
12:20:05.978117 IP 70.42.74.6.44650 > SERVER_IP.domain: 62442+ [1au] ANY? anonsc.com. (39)
12:20:05.980383 IP 70.42.74.6.28070 > SERVER_IP.domain: 48428+ [1au] ANY? anonsc.com. (39)
12:20:06.042466 IP 70.42.74.6.7407 > SERVER_IP.domain: 40030+ [1au] ANY? anonsc.com. (39)
12:20:06.042885 IP 70.42.74.6.28819 > SERVER_IP.domain: 60778+ [1au] ANY? anonsc.com. (39)
12:20:06.043542 IP 70.42.74.6.travsoft-ipx-t > SERVER_IP.domain: 59726+ [1au] ANY? anonsc.com. (39)
12:20:06.047155 IP 70.42.74.6.37987 > SERVER_IP.domain: 33874+ [1au] ANY? anonsc.com. (39)