Re IP the shared IP to prevent DDOS???

Snowman30

Well-Known Member
PartnerNOC
Apr 7, 2002
679
0
316
cPanel Access Level
DataCenter Provider
I have a server which has been absolutely hammered for the past few hours now by some ^%$^%#$(&! who it appears is trying to flood the server.

The datacentre came back to me with

The server is currently experiencing a DDoS from spoofed source IPs that are doing a synflood on your server - effectively throwing so many packets at it, that the server is unable to do anything else.
Plus a lot of good help but still the attack continues.

its against someone on the shared IP but we cant keep the server up long enough to figure out who? plus as the IP's seem to be spoofed we cant block the attacker.

The datacentre has added blackholed the main shared IP, which brought the server back up, and then added some rules to APF to limit the amount of SYN packets it will let through, and removed the blackhole and then the server went down again.

They have said we should just ride it out for the next few hours.....

Is there anything else we can do to prevent this???

I had suggested using the IP migration tool to migrate all clients on the shared IP to a new IP but i dont know if that will work or cause more dramas

anyone have any suggestions??? im running out of ideas and the cleints are runign out of patience
 

katz_global

Well-Known Member
PartnerNOC
your provider should have blocked the ip at the router for a day or two.

The best thing for you to do is issue static ips to every site you think will be at risk. That way you will know right away who is being hit and can suspend the service and nullroute the ip.
 

erick_paper

Well-Known Member
Apr 19, 2005
245
0
166
This is a shot in the dark, but did you manage to get this resolved? Three years down the line, it seems our technology to defend against such hooligans is just where it was many years ago. I have mod_evasive, ddos_deflate, and CSF/LFD syn blocking, but the synfloods continue to cripple my server. Any help?