The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

My server is getting his hard with a dos attack, how can I stop?

Discussion in 'General Discussion' started by BianchiDude, Feb 12, 2006.

  1. BianchiDude

    BianchiDude Well-Known Member
    PartnerNOC

    Joined:
    Jul 2, 2005
    Messages:
    619
    Likes Received:
    0
    Trophy Points:
    16
    My server is getting his hard with a dos attack, how can I stop?

    I have mod_dosevassive, and apf & bfd installed, what else can I do?
     
  2. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    Add Anti DOS rules in /etc/apf/ad/ad.rules
    To activate these rules, set USE_AD="1" in the /etc/apf/conf.apf
    Reduce the LRATE="45" if interested in seeing activities in log files.
     
  3. 24x7team

    24x7team Well-Known Member

    Joined:
    Jan 16, 2006
    Messages:
    67
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    really tough to find
    Lastly you can change the server main IP instaed, assuming attack on the main IP....
     
  4. BianchiDude

    BianchiDude Well-Known Member
    PartnerNOC

    Joined:
    Jul 2, 2005
    Messages:
    619
    Likes Received:
    0
    Trophy Points:
    16
    # cat /etc/apf/ad/ad.rules | wc -l
    0

    ad.rules is blank, is that normal?
     
  5. DigiCrime

    DigiCrime Well-Known Member

    Joined:
    Nov 27, 2002
    Messages:
    399
    Likes Received:
    0
    Trophy Points:
    16
    Ive found that re-iping the entire server helps, buys you some time but wouldnt do it unless its a last resort :eek:
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Local software firewall solutions are usually a bad idea against a persistant DOS attack and especially a DDOS attack as your firewall will quickly become a serious performance hit and can make it unbootable. For that reason I would definitely not recommend enabling antidos feature of APF.

    The best, and only sensible, way to block DOS/DDOS attacks is at the router/firewall used by your NOC. Most modern NOCs provide such protection with their server packages these days as it is in their interest to protect their own network. If you don't have such a responsible provider, then renumbering may be your only choice as mentioned.
     
  7. BianchiDude

    BianchiDude Well-Known Member
    PartnerNOC

    Joined:
    Jul 2, 2005
    Messages:
    619
    Likes Received:
    0
    Trophy Points:
    16
    Why is it better to block it at the router/firewall?
     
  8. celliott

    celliott Well-Known Member

    Joined:
    Jan 2, 2006
    Messages:
    460
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    United Kingdom
    Because then it is the hardware stopping all of these connections before they even reach your server, therefore it has no impact on server performance or load.
     
  9. BianchiDude

    BianchiDude Well-Known Member
    PartnerNOC

    Joined:
    Jul 2, 2005
    Messages:
    619
    Likes Received:
    0
    Trophy Points:
    16
    How does it know which ones to stop?
     
  10. ShockHosts

    ShockHosts Well-Known Member

    Joined:
    Nov 25, 2005
    Messages:
    123
    Likes Received:
    0
    Trophy Points:
    16
    Yeah... I wouldn't change the Main IP... I did it, and I ended up not using the server again... :mad:
     
  11. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Packet inspection and predictive algorithms - which is certainly off-topic for these forums.
     
Loading...

Share This Page