DOS protection/Help

Andrew

Happy Customer(Linux Rox)
Well,

Many of us here know what a DOS attack is. I am basicly making a suggestion that there should be under knowledge database, a few things that can show how to protect our self from DOS attacks. My VPS was DOS attacked, where the person actually contacted my customer, and told him to surrender his domain or he was going to be DOS attacked. Apparently during his attack Apache kept failing and I was stuck with no control over the VPS. I would like to know if the KnownHost staff can provide pointers on finding IP's of these DOS attackers, maybe programs that might help prevent this from happening again. I asked staff to give me IPS, which they did, and ended up catching this guy by his ISP. It would be a big plus if KH can provide help and links, infomration and anything else to help prevent or protect from DOS attacks

Thank You,
Andrew
 
I will pass this along as a suggestion. One helpful hint is to check our forums as this has been discussed before. In general, DDOS's can happen so the best way to avoid it is to make sure scripts have no security holes and your applications are kept up to date.

Thanks,
Joel
 
I will pass this along as a suggestion. One helpful hint is to check our forums as this has been discussed before. In general, DDOS's can happen so the best way to avoid it is to make sure scripts have no security holes and your applications are kept up to date.

Thanks,
Joel

Well,

It is kinda hard for you secure all scripts, even your customers scripts. This is why there gots to be some DOS protection software.
 
Ther are a few things you can do to help
1: SSH enabled
2: install APF
3: install dos deflate
http://blog.medialayer.com/projects-ddos-deflate/
(doesnt stop, but will help)
4: When being ddos'd log into your VPS
go to "system Processes" and look for:
/usr/local/apache/bin/httpd -DSSL

Select every single one, you may have to click on the "80" per page. Once selected scroll to the top and select SIGKILL and push Send signal button.
Do this untill every one of the httpd is gone.

Wait a minute then log into your SSH
Run this command
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
THis will show you the active connections to the server, anything above 50 I ban.

Since APF is installed to ban the ip you would type this:
apf -d 234.234.234.234 Banned comment here
Replace the ip with the IP you want to ban The "banned comment here" you can change to what you like, Its kinda a note.

Now type
service httpd stop
service httpd start

Now keep refreshing the netstat command and see if the ddos attack keeps comming, any IP's that climb real high, use the apf -d command to ban them.

ONce cleared. type these (if you have WHM/Cpanel)
service cpanel stop
service cpanel start

now log into WHM and restart your services
 


Thank you very much Computervitals for that informative tutorial.

4: When being ddos'd log into your VPS
go to "system Processes" and look for:
/usr/local/apache/bin/httpd -DSSL

Select every single one, you may have to click on the "80" per page. Once selected scroll to the top and select SIGKILL and push Send signal button.
Do this untill every one of the httpd is gone.

Just wanted to clarify one point "log into your VPS" in step 4 was referring to your Virtuozzo Power Panel.

To login: yourdomainname.com:4643

"System Processes" is located under the "VPS Services Tab"

Regards,
 
Top