Portal Home > Knowledgebase > Articles Database > ddos attack help please


ddos attack help please




Posted by xserverx, 07-04-2010, 06:53 AM
Hello I have ddos attack on my server from little Ips , this Ips make too many connections to apache , I have been block those Ips but the problem the connections to apache won't to be dropped immediately , its take long time to get it dropped . is there a methode can I drop all connections from that Ip once my iptable block that Ip ?

Posted by AttackerNET, 07-04-2010, 07:18 AM
Hello, Try to tweak your apache config file and add some filtering rules to your firewall, If you can't do this by yourself just let your sysadmin take care of it immediately or hire someone knowledgeable in this arena. Sincerely,

Posted by Aigen_tech, 07-04-2010, 07:34 AM
Stop apache for some time after you have blocked the ip. Also make sure that keepalive is turned off in the apache conf file. Turning keepalive off will help to get the ips disconnected faster.

Posted by madaboutlinux, 07-04-2010, 07:50 AM
Lowering down the TimeOut value in the Apache configuration will help. Block the IPs, edit the apache configuration and set "TimeOut" to say 10 (seconds) and stop the httpd service.

Posted by ServerCabinCRM, 07-04-2010, 08:30 AM
Installing CSF Firewall and Configure it that will stop the attack, and also you will be able to block the IPs using CSF. OR you could install DDoS Deflate http://deflate.medialayer.com/ That should stop the attack too.

Posted by SimplexWebs, 07-04-2010, 08:41 AM
I take it you have APF or CSF installed? From my experience, CSF's connection tracking module is your best friend in such situations. While it's not very practical to have it set to a sensitive setting all the time, it can prove very effective when under small attacks. You'll want to set CT to something like CT_LIMIT = 150 CT_INTERVAL = 5 That way CSF will search for IP's with 150~ connections every 5 seconds and will ban them for the specified time. PM me if you need further help! Good luck.

Posted by mixmox, 07-04-2010, 04:32 PM
good option defalte is very good script that can help you to find ip and ban them

Posted by HD-Sam, 07-04-2010, 05:28 PM
Another option is to install LiteSpeed. It can definitely help with ddos attacks.

Posted by xserverx, 07-04-2010, 06:51 PM
I have removed apf and I install csf , I make necessary httpd setting changes but the problem still exist I see that the connection still exist for some time after I killall -kill httpd maybe I need to tweak sysctl.conf !! this what netstat give : any idea ?

Posted by PeakVPN-KH, 07-05-2010, 01:35 AM
Looks like you simply need to block: 77.31.66.103 It doesn't appear to be a ddos attack, looks like 1 IP from the netstat. No established connections since you killed Apache.

Posted by madaboutlinux, 07-05-2010, 02:23 AM
Agreed. Since the attack is from a single IP, just block it. If it starts again from the same subnet, just block the subnet.

Posted by techdept, 07-05-2010, 03:13 AM
Please use the following command . You will get the ip's ie which IP tried to access your server more times netstat -an | grep :80 | awk '{print($5)}' | cut -f1 -d":" | sort | uniq -c | sort -n just block the IP which has accessed more time. You can block the IP by csf -d



Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Alternative to cPanel (Views: 250)


Language:

Customer Testimonials

John Doe
It's a great service with fantastic support. It's definately good value for your money. Overall rating, 10 out of 10.
Mike Smith
Much better than my previous hosting company - I also got help with migration at no extra cost. Friendly support too.
Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.