The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

bad ddos attack over 200 ips

Discussion in 'General Discussion' started by perfect-games, Oct 26, 2005.

  1. perfect-games

    perfect-games Well-Known Member

    Joined:
    Nov 11, 2004
    Messages:
    100
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    alberta
    hi , i have big problem with ddos and who ever doing this i unable to ping point the ip and block it via roughter.

    i tryied installing apf but when i run apf --start
    i unable to access my sites or server

    please help how can i block ips

    or how can i run apf and still get access to my server.

    any suggestions ?

    and if any one needs root access to solve this please be my guest as i unable to do anything


    thanks

    steve
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    The only realistic way to block a true DDOS attack is to do so using a router product that includes such protection. Many of the large popular datacenters offers such protection these days. I would suggest contacting your NOC. By the time the traffic has reached the server, it's too late really.
     
  3. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    Installing APF is not a prime solution for your problem. I suggest hiring a sys admin to fix this probelm for you.
     
  4. Zaf

    Zaf Well-Known Member

    Joined:
    Aug 22, 2005
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    16
    This little script might help a bit to get you over this DDoS problem:

    Installation:
    wget http://www.inetbase.com/scripts/ddos/install.ddos
    chmod 0755 install.ddos
    ./install.ddos

    If you dont like what it is doing you can even uninstall it cleanly.

    Uninstallation:
    wget http://www.inetbase.com/scripts/ddos/uninstall.ddos
    chmod 0755 uninstall.ddos
    ./uninstall.ddos


    Briefly, this script counts the number of tcp & udp connections made to your server from various unique ips. It blocks the ips exceeding N connections (100 by default). It uses APF by default, but can be configured to use iptables from the config file. It auto unbans the ip after 500 secs by default and you may change that too. This script auto adds itself as a cron and runs every 5 mins and you may even change the cron file which is /etc/cron.d/ddos.cron to run every minute if you are heavily DoSed at this moment.
     
Loading...

Share This Page