DOS protection/Help

Discussion in 'Suggestions' started by Andrew, Jun 14, 2007.

  1. Andrew

    Andrew Happy Customer(Linux Rox)

    Well,

    Many of us here know what a DOS attack is. I am basicly making a suggestion that there should be under knowledge database, a few things that can show how to protect our self from DOS attacks. My VPS was DOS attacked, where the person actually contacted my customer, and told him to surrender his domain or he was going to be DOS attacked. Apparently during his attack Apache kept failing and I was stuck with no control over the VPS. I would like to know if the KnownHost staff can provide pointers on finding IP's of these DOS attackers, maybe programs that might help prevent this from happening again. I asked staff to give me IPS, which they did, and ended up catching this guy by his ISP. It would be a big plus if KH can provide help and links, infomration and anything else to help prevent or protect from DOS attacks

    Thank You,
    Andrew
     
  2. KH-Joel

    KH-Joel KH Sales Staff Member

    I will pass this along as a suggestion. One helpful hint is to check our forums as this has been discussed before. In general, DDOS's can happen so the best way to avoid it is to make sure scripts have no security holes and your applications are kept up to date.

    Thanks,
    Joel
     
  3. Andrew

    Andrew Happy Customer(Linux Rox)

    Well,

    It is kinda hard for you secure all scripts, even your customers scripts. This is why there gots to be some DOS protection software.
     
  4. computervitals

    computervitals New Member

    Ther are a few things you can do to help
    1: SSH enabled
    2: install APF
    3: install dos deflate
    http://blog.medialayer.com/projects-ddos-deflate/
    (doesnt stop, but will help)
    4: When being ddos'd log into your VPS
    go to "system Processes" and look for:
    /usr/local/apache/bin/httpd -DSSL

    Select every single one, you may have to click on the "80" per page. Once selected scroll to the top and select SIGKILL and push Send signal button.
    Do this untill every one of the httpd is gone.

    Wait a minute then log into your SSH
    Run this command
    netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
    THis will show you the active connections to the server, anything above 50 I ban.

    Since APF is installed to ban the ip you would type this:
    apf -d 234.234.234.234 Banned comment here
    Replace the ip with the IP you want to ban The "banned comment here" you can change to what you like, Its kinda a note.

    Now type
    service httpd stop
    service httpd start

    Now keep refreshing the netstat command and see if the ddos attack keeps comming, any IP's that climb real high, use the apf -d command to ban them.

    ONce cleared. type these (if you have WHM/Cpanel)
    service cpanel stop
    service cpanel start

    now log into WHM and restart your services
     
  5. ppc

    ppc Moderator



    Thank you very much Computervitals for that informative tutorial.

    Just wanted to clarify one point "log into your VPS" in step 4 was referring to your Virtuozzo Power Panel.

    To login: yourdomainname.com:4643

    "System Processes" is located under the "VPS Services Tab"

    Regards,
     
  6. Nneel

    Nneel New Member

    interesting thing...
    what about server load? cpu ?
    shall this script consume resources?
     

Share This Page