The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DDOS Attact Please Help Me

Discussion in 'General Discussion' started by winteruk, Feb 28, 2007.

  1. winteruk

    winteruk Registered

    Joined:
    Feb 28, 2007
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    hi i have a file storage server but all the time when i have about 1500 request in apache server getting down i don't know it about DDOS or cpu load i have dual core 6300 on server i don't know really about linux server i try to limit the user how cant have download more than 1 file in same time but i couldn't find any option in WHM Is any one can help me over here?
     
  2. bmcpanel

    bmcpanel Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    546
    Likes Received:
    0
    Trophy Points:
    16
    Not sure what your problem is exactly, but, if you are a victim of a DOS attack, then view your logs in

    /var/log
    /usr/local/apache/logs
    /usr/local/cpanel/logs

    and locate the offending IP. Once you find the offender, run the following at the ssh command line....

    /sbin/route add -host 255.12.255.12 reject

    whereas "255.12.255.12" is the offending IP.

    Of course, if you have a firewall, you may also block the IP there.
     
  3. winteruk

    winteruk Registered

    Joined:
    Feb 28, 2007
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    I Don't Have Firewall Can U Please Recommend Some Good Firewall which Can Limit the apache as well.
     
  4. mickalo

    mickalo Well-Known Member

    Joined:
    Apr 16, 2002
    Messages:
    765
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    N.W. Iowa
    do a search on "firewall" and you'll get about 500+ hits :) ... search box is your friend.

    Mickalo
     
  5. voidsecurity

    voidsecurity Member

    Joined:
    Mar 1, 2007
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    Try installing APF and BFD


    Best Regards
     
  6. winteruk

    winteruk Registered

    Joined:
    Feb 28, 2007
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Thanks Guys
     
  7. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    Don't install APF and BFD, they are years out of date and BFD is a little unstable and will probably cause you problems.

    Instead, install the up-to-date and regularly maintained CSF from www.configserver.com/cp/csf.html - it includes a WHM interface and can be auto-updated, and is a lot smarter at detecting problems than BFD.
     
  8. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    I am not sure why you always insist on this? APF and BFD are still good firewall-related applications. In addition, what makes you say that "BFD is a little unstable"? Remember that APF and/or BFD, like many other applications, are NOT 100% compatible with every server.
     
  9. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    APF + BFD are fantastic, and were complete ground breakers at the time they were done, but haven't been maintained for 18 months or so (even the website seems to be down a lot). In the past I had problems with BFD and had to disable it - it was blocking things incorrectly and caused several other problems. I've also heard that Ryan has stated he thinks BFD is unstable. Again, these were great in their day, many kudos to Ryan for the great ideas in them and a first implementation.

    I like the configserver firewall because:
    1. it can be very easily updated (csf -u, or from WHM)
    2. it has a WHM interface - and it runs particularly well on cpanel machines
    3. it is cautious about what it blocks and can ignore current users (ie those who have used POP recently)
    4. it has an active current maintainer, who is responsive when bugs are encountered
    5. it runs on nearly all server based Linuxes - Redhat most, RHE, Centos, Debian sarge, Ubuntu, Fedora Core v1-6, OpenSuse 10 - notable exception being FreeBSD
    6. it checks for many, many more security red flags than does the older BFD
    7. it prevents a number of flood/DOS situations, and by default blocks the worst of the worst spammers (DSHIELD and Spamhaus DROP)

    Having said all that, I guess if you were running a different control panel there might conceivably be a reason to consider APF instead, but I'd need persuading. In this case, this is a post in the cpanel forums and CSF is optimized around cpanel so it'd be crazy not to run it -- unless you had FreeBSD I guess.

    Am I missing something? (I could well be, no sarcasm intended, I'm half asleep as I write!)
     
  10. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    The APF vs CSF debate is taking away from the OP's problem. winteruk - did you get your problem solved?
     
  11. bmcpanel

    bmcpanel Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    546
    Likes Received:
    0
    Trophy Points:
    16
    I have also had a better experience with CSF firewall by Chirpy (APF/BFD had high resource usage). In fact, I recently hired a company to manage two of my cpanel servers and they suggested an APF install. I turned them down and told them to keep the CSR firewall active.

    Anyway, winturk, how are things coming?
     
  12. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    I think we are missing the point, and the the concept of Linux firewalling. Bart Eers wrote a very good article about Basic Firewall functionality and I encourage every body to read it before they jump to any conclusion about a software firewall: http://www.linuxexposed.com/index.php?option=com_content&task=view&id=111&Itemid=54

    Bart contends, "No matter how complex the firewall is, in its most simple form, a firewall allows and disallows access to specific services based on host addresses, networks, or other such trigger criteria.

    If the services that you want to allow or disallow access to are running on a server connected to a trusted network or LAN, you can use either TCP wrappers or iptables to set up your local server-side service access control (personal firewall). That said, TCP wrappers is really not considered to be a true hardened firewall grade form of access control because incoming data is allowed past the networking stack into what's called user space. This is where many Internet worms and attacks are launched to strike, and this in turn means that you can still be cracked if your TCP wrappers-based system is attacked with a known TCP wrappers exploit. Armed with this knowledge, if you have a single server on an untrusted network or directly on the Internet and you wish to run a serious single host-based firewall configuration, iptables should be your only real choice for a real firewall."

    Hope this helps! :)
     
  13. IPSecureNetwork

    IPSecureNetwork Well-Known Member

    Joined:
    May 28, 2005
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    6
    DDoS Attacks

    If the problem its a real DDoS attack. all the linux or windows firewalls doesnt works, you will need a phisical firewall added in your DataCenter, or you must ask to your provider about firewalls with DDoS prevention services.

    i will recommend you 2 excelents providers against DDoS attacks.

    IPSecurenetwork.com
    and Sharktech.net

    the best protection against DDoS attacks.

    you will need more than a firewall by soft .. belive me .. if someone want attack you ... the load average created by your local firewall will be block the entire CPU .. thats why all the best providers have a datacenter with DDoS protections by Hardware.

    I hope this help you.

    Best Regards.
     
  14. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    I have an excellent custom script that protects from DDoS attacks. It recently stopped a nasty attack to one of my clients. The server was basically dead, some IPs had over 4,000 + connections and they were flooding all ports. Once the solution was setup and configured, the attackers were fended off and you could actually get to their websites again.
     
  15. IPSecureNetwork

    IPSecureNetwork Well-Known Member

    Joined:
    May 28, 2005
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    6
    ramprage ... i dont think one single script can stop any kind of real ddos attack... is not a mistery ... the only way to deal with ddos attacks is with a hard firewall and a good good Bandwidht... no other way ... even if the attack is stopped in your box.. a real ddos attack will consume all the bandwidth and your box will disappear from the internet anyway.. think that...
     
  16. wzd

    wzd Well-Known Member

    Joined:
    Dec 16, 2005
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    With the amount of zombie attacks there out daily if someone really wants to take you down you're going to have problems stopping them unless you have some sort of server redundancies and you can route people elsewhere for clients mission critical services,

    I'd be interested in taking a look at the script that rampage has made although i agree with the general consensus that a hardware firewall is needed to prevent high cpu load from just rejecting connections you still gotta send a RST or what? :P

    Generally speaking if you want to stop a DDOS attack you have to go to the origin and the command center (controller of the infected zombie IPs) and cut off the head

    Although i've been hearing rumours about P2P zombie networks (no longer controlled by say a single ircd) - The "cut off the head theory" might not work too well here,
     

Share This Page