The Community Forums

Interact with an entire community of cPanel & WHM users.
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Re IP the shared IP to prevent DDOS???

Discussion in 'General Discussion' started by Snowman30, Nov 3, 2004.

  1. Snowman30

    Snowman30 Well-Known Member
    PartnerNOC

    Joined:
    Apr 7, 2002
    Messages:
    681
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    DataCenter Provider
    I have a server which has been absolutely hammered for the past few hours now by some ^%$^%#$(&! who it appears is trying to flood the server.

    The datacentre came back to me with

    Plus a lot of good help but still the attack continues.

    its against someone on the shared IP but we cant keep the server up long enough to figure out who? plus as the IP's seem to be spoofed we cant block the attacker.

    The datacentre has added blackholed the main shared IP, which brought the server back up, and then added some rules to APF to limit the amount of SYN packets it will let through, and removed the blackhole and then the server went down again.

    They have said we should just ride it out for the next few hours.....

    Is there anything else we can do to prevent this???

    I had suggested using the IP migration tool to migrate all clients on the shared IP to a new IP but i dont know if that will work or cause more dramas

    anyone have any suggestions??? im running out of ideas and the cleints are runign out of patience
     
  2. mr.wonderful

    mr.wonderful BANNED

    Joined:
    Feb 1, 2004
    Messages:
    345
    Likes Received:
    0
    Trophy Points:
    0
    THere is nothing you can do about it. How are you going to blacklist hundreds of ips?
     
  3. katz_global

    katz_global Well-Known Member
    PartnerNOC

    Joined:
    Oct 18, 2003
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Hosting from: Panama, Hong Kong, Singapore, Malays
    your provider should have blocked the ip at the router for a day or two.

    The best thing for you to do is issue static ips to every site you think will be at risk. That way you will know right away who is being hit and can suspend the service and nullroute the ip.
     
  4. Snowman30

    Snowman30 Well-Known Member
    PartnerNOC

    Joined:
    Apr 7, 2002
    Messages:
    681
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    DataCenter Provider
    All very well and good if its not the default shared IP of the server...
     
  5. erick_paper

    erick_paper Well-Known Member

    Joined:
    Apr 19, 2005
    Messages:
    245
    Likes Received:
    0
    Trophy Points:
    16
    This is a shot in the dark, but did you manage to get this resolved? Three years down the line, it seems our technology to defend against such hooligans is just where it was many years ago. I have mod_evasive, ddos_deflate, and CSF/LFD syn blocking, but the synfloods continue to cripple my server. Any help?
     
  6. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    Are you using syn cookies? They're designed to defeat the syn flood technique, if I'm understanding correctly ...
     
Loading...

Share This Page