• Howdy! Welcome to our community of more than 130.000 members devoted to web hosting. This is a great place to get special offers from web hosts and post your own requests or ads. To start posting sign up here. Cheers! /Peo, FreeWebSpace.net

Protecting Yourself From a DDOS Attack?

Hostexc

New Member
i was wondering if there was anything i can install on my dedicated server to prevent ddos attacks from taking down the server causing downtime.
wanted to know what other hosts had to say on the situation and what they have done.
 

James

Always moving..
NLC
It's not software which will block these attacks. And you can filter out bit by bit, but that only does so much.

The least you can do is install a hardware firewall. When things get bad, you need a security expert.

You might be better off in asking somebody who many have the knowledge on how to temporarily deal with DDOS on your server. If you don't know much about it though, better not to try.
 

utcrazy

Wo ist mein handy
NLC
I reccomend BFD and APF at the very least for firewalls, it's pretty easy stuff to do, if you want real security, get the server hardened by a company.
 

serverorigin

ServerOrigin.Com
NLC
In either case. Harden the server all you want, if you want to stop the DDOS attacks you need a datacenter prepared for them. I invite anyone to show me successful server uptimes with attacks like these I will list below. ECSPortal receives these attacks on a daily basis by the hundreds. Our uptime has been 99.5% for the last year minus updates/reboots.

Here are a few just the last few days:
Attack Destination: 72.20.21.21
Start Time: [Mon Sep 18 15:30:48 2006]
End Time: [Mon Sep 18 15:31:00 2006]
Rate: 3,102,234 KiloBits Per Second

Attack Destination: 72.20.21.18
Start Time: [Mon Sep 18 15:31:20 2006]
End Time: [Mon Sep 18 15:31:32 2006]
Rate: 3,291,081 KiloBits Per Second

Attack Destination: 72.20.21.28
Start Time: [Tue Sep 19 05:37:44 2006]
End Time: [Tue Sep 19 07:14:08 2006]
Rate: 125,883 KiloBits Per Second

Attack Destination: 72.20.21.28
Start Time: [Fri Sep 22 03:59:20 2006]
End Time: [Fri Sep 22 04:00:16 2006]
Rate: 170,353 KiloBits Per Second

Attack Destination: 72.20.21.28
Start Time: [Mon Sep 25 09:09:40 2006]
End Time: [Mon Sep 25 09:09:40 2006]
Rate: 45,334 KiloBits Per Second

Attack Destination: 72.20.21.28
Start Time: [Mon Sep 25 10:46:32 2006]
End Time: [Mon Sep 25 10:46:40 2006]
Rate: 290,709 KiloBits Per Second

Attack Destination: 72.20.21.21
Start Time: [Mon Sep 25 15:14:12 2006]
End Time: [Mon Sep 25 15:14:28 2006]
Rate: 4,619,860 Packets Per Second

Attack Destination: 72.20.21.18
Start Time: [Mon Sep 25 15:15:12 2006]
End Time: [Mon Sep 25 15:15:24 2006]
Rate: 1,860,494 Packets Per Second

If you feel you will / are receiving massive attacks by not just a few IP addresses (bot attacks). I would recommend Staminus.net/Gigeservers. We have been itching to try some of the Cisco Guard / Arbornet stuff with ThePlanet but prior testing has shown that most custom configured Linux based routers will eat Cisco alive as a firewall device. The biggest issue is that many datacenters/providers but DDOS protection on a slight backburner. This is exactly why they do not allow IRC/IRCd hosting in most datacenters. (Fastservers.net - perfect example. When we went to them about DDOS protected servers... They said, "Oh we aren't capable of handling large scale attacks and anyone needing to run IRC where you may attract those kinds of attacks... We'd say go to Staminus".

Now in these cases you have to take into mind what kind of site you are running. If you have a site with Warez/Porn/Script Kiddies/Proxies. You most definitely better have good DDOS protection. If your server will be running normal business customers etc. Any datacenter should be fine and just install APF/BFD.

If you want this kind of protection, it will come with a pricetag though.
 
Last edited:

serverorigin

ServerOrigin.Com
NLC
Did forget to mention though:

On a server side of things you can install:
APF/BFD/Mod_Evasive
ModSec/Dos-Deflate

Although, without knowledgable configuration of these....They are not nearly as effective. Also, the issue with server side protection in most cases is that by the time the server is hit, it is so bogged down the cron jobs won't even run....If they do, they can't scan the log files from the already massive load of trying to distinguish packets and going through connections of 1k+ via netstat or however it may pull the connection info.

A perfect example would be, a VPS we had hosted at an Internap facility which has "ddos protection" but very minimal. Even though the VPS was unmanaged we installed APF/BFD/Mod-Evasive/ModSec and a custom configuration on the node due to the amount of traffic/attacks this forum was receiving on a daily basis. The problem still came down to the fact that the VPS or the node didn't have the power to block large scale attacks. I see many hosts here offering 'DDOS Protection' but I would do some research first as to where their datacenter is and really what kind of experience they have in DDOS Mitigation. 9/10 situations though, not to down folks on what they call DDOS protection but many companies have NO IDEA what real DDOS attacks can do and never had one. Until they do, they shouldn't offer DDOS Protection. The attacks I listed above are some of the smaller ones we have had over time, and just those kinds of attacks from 1-3 machines can lock up a server with just software related protection. I would also suggest doing some searching on WHT for more information. Good luck in your search.
 
Last edited:
i was wondering if there was anything i can install on my dedicated server to prevent ddos attacks from taking down the server causing downtime.
wanted to know what other hosts had to say on the situation and what they have done.
Did you try using Dos Deflate? It really works good and small software thats why takes little load. I think you should try it. Search on google with ddos.sh and select the first result :)

Regards
 

JodoHost

New Member
Attack Destination: 72.20.21.18
Start Time: [Mon Sep 18 15:31:20 2006]
End Time: [Mon Sep 18 15:31:32 2006]
Rate: 3,291,081 KiloBits Per Second

You had a DDOS attack of 3.2 gbps hit you?
Well.. I really do not know what you are talking about. Almost no CISCO router would be able to handle that. A juniper might.

DDOS mitigation equipment that can handle such a large attack is priced at close to $100K.

Also, getting 3.2gpbs of traffic must be very expensive. I wonder what network provider would allow that to keep flowing. Good network providers such as InterNAP will temporarily shut down incoming traffic so you do not get charged a huge amount of money.
 

serverorigin

ServerOrigin.Com
NLC
Staminus.Net handles all of it. They run only linux based routers and that is why they can handle it otherwise most Cisco routers would dump with that kind of load.

This traffic is never charged to us as it is blocked.

Actually larger than that at times... But you also must keep in mind some of this traffic will get queued and come in a burst that may seem larger than it would normally be. These are as close as it gets to the actual traffic incoming. Here is our log since September:
Attack Destination: 72.20.21.30
Start Time: [Fri Sep 8 17:04:44 2006]
End Time: [Fri Sep 8 17:05:12 2006]
Rate: 129,398 Packets Per Second

Attack Destination: 72.20.21.21
Start Time: [Fri Sep 8 19:55:44 2006]
End Time: [Fri Sep 8 19:58:12 2006]
Rate: 605,799 KiloBits Per Second

Attack Destination: 72.20.21.21
Start Time: [Fri Sep 8 22:45:16 2006]
End Time: [Fri Sep 8 22:45:24 2006]
Rate: 291,527 Packets Per Second

Attack Destination: 72.20.21.21
Start Time: [Sat Sep 9 09:05:48 2006]
End Time: [Sat Sep 9 09:07:40 2006]
Rate: 78,838 Packets Per Second

Attack Destination: 72.20.21.21
Start Time: [Sat Sep 9 12:40:52 2006]
End Time: [Sat Sep 9 12:50:16 2006]
Rate: 461,661 KiloBits Per Second

Attack Destination: 72.20.21.20
Start Time: [Sat Sep 9 13:14:52 2006]
End Time: [Sat Sep 9 13:15:04 2006]
Rate: 168,421 Packets Per Second

Attack Destination: 72.20.21.21
Start Time: [Sat Sep 9 16:04:08 2006]
End Time: [Sat Sep 9 16:07:44 2006]
Rate: 309,678 KiloBits Per Second

Attack Destination: 72.20.21.21
Start Time: [Sun Sep 10 15:00:24 2006]
End Time: [Sun Sep 10 15:12:08 2006]
Rate: 235,262 KiloBits Per Second

Attack Destination: 72.20.21.21
Start Time: [Tue Sep 12 00:53:24 2006]
End Time: [Tue Sep 12 00:59:16 2006]
Rate: 267,812 KiloBits Per Second

Attack Destination: 72.20.21.18
Start Time: [Tue Sep 12 17:34:40 2006]
End Time: [Tue Sep 12 17:41:12 2006]
Rate: 208,205 KiloBits Per Second

Attack Destination: 72.20.21.18
Start Time: [Wed Sep 13 23:01:16 2006]
End Time: [Wed Sep 13 23:03:44 2006]
Rate: 42,141 KiloBits Per Second

Attack Destination: 72.20.21.28
Start Time: [Sat Sep 16 17:02:48 2006]
End Time: [Sat Sep 16 17:19:28 2006]
Rate: 21,453 KiloBits Per Second

Attack Destination: 72.20.21.21
Start Time: [Mon Sep 18 10:36:48 2006]
End Time: [Mon Sep 18 10:37:04 2006]
Rate: 2,892,642 KiloBits Per Second

Attack Destination: 72.20.21.18
Start Time: [Mon Sep 18 10:37:00 2006]
End Time: [Mon Sep 18 10:37:08 2006]
Rate: 2,015,486 KiloBits Per Second

Attack Destination: 72.20.21.21
Start Time: [Mon Sep 18 15:30:48 2006]
End Time: [Mon Sep 18 15:31:00 2006]
Rate: 3,102,234 KiloBits Per Second

Attack Destination: 72.20.21.18
Start Time: [Mon Sep 18 15:31:20 2006]
End Time: [Mon Sep 18 15:31:32 2006]
Rate: 3,291,081 KiloBits Per Second

Attack Destination: 72.20.21.28
Start Time: [Tue Sep 19 05:37:44 2006]
End Time: [Tue Sep 19 07:14:08 2006]
Rate: 125,883 KiloBits Per Second

Attack Destination: 72.20.21.28
Start Time: [Fri Sep 22 03:59:20 2006]
End Time: [Fri Sep 22 04:00:16 2006]
Rate: 170,353 KiloBits Per Second

Attack Destination: 72.20.21.28
Start Time: [Fri Sep 22 11:55:32 2006]
End Time: [Fri Sep 22 11:55:36 2006]
Rate: 122,144 KiloBits Per Second

Attack Destination: 72.20.21.21
Start Time: [Sun Sep 24 16:06:52 2006]
End Time: [Sun Sep 24 16:07:00 2006]
Rate: 3,673,736 KiloBits Per Second

Attack Destination: 72.20.21.18
Start Time: [Sun Sep 24 16:07:56 2006]
End Time: [Sun Sep 24 16:08:04 2006]
Rate: 1,541,587 KiloBits Per Second

Attack Destination: 72.20.21.28
Start Time: [Mon Sep 25 09:09:40 2006]
End Time: [Mon Sep 25 09:09:40 2006]
Rate: 45,334 KiloBits Per Second

Attack Destination: 72.20.21.28
Start Time: [Mon Sep 25 10:46:32 2006]
End Time: [Mon Sep 25 10:46:40 2006]
Rate: 290,709 KiloBits Per Second

Attack Destination: 72.20.21.21
Start Time: [Mon Sep 25 15:14:12 2006]
End Time: [Mon Sep 25 15:14:28 2006]
Rate: 1,619,860 Packets Per Second

Attack Destination: 72.20.21.18
Start Time: [Mon Sep 25 15:15:12 2006]
End Time: [Mon Sep 25 15:15:24 2006]
Rate: 1,860,494 Packets Per Second

Attack Destination: 72.20.21.18
Start Time: [Wed Sep 27 10:41:21 2006]
End Time: [Wed Sep 27 10:42:25 2006]
Rate: 2,398,488 KiloBits Per Second

Attack Destination: 72.20.21.21
Start Time: [Wed Sep 27 10:41:25 2006]
End Time: [Wed Sep 27 10:42:17 2006]
Rate: 2,895,830 KiloBits Per Second

Attack Destination: 72.20.21.28
Start Time: [Thu Sep 28 01:44:29 2006]
End Time: [Thu Sep 28 01:44:29 2006]
Rate: 49,674 KiloBits Per Second

Attack Destination: 72.20.21.28
Start Time: [Thu Sep 28 05:22:53 2006]
End Time: [Thu Sep 28 05:22:57 2006]
Rate: 36,664 KiloBits Per Second

Attack Destination: 72.20.21.28
Start Time: [Thu Sep 28 07:14:25 2006]
End Time: [Thu Sep 28 07:14:29 2006]
Rate: 122,125 KiloBits Per Second

Attack Destination: 72.20.3.254
Start Time: [Sun Oct 1 05:07:33 2006]
End Time: [Sun Oct 1 05:07:33 2006]
Rate: 30,745 KiloBits Per Second

Attack Destination: 72.20.21.28
Start Time: [Mon Oct 2 03:52:33 2006]
End Time: [Mon Oct 2 03:52:37 2006]
Rate: 135,314 KiloBits Per Second

Attack Destination: 72.20.21.28
Start Time: [Sat Oct 7 16:54:37 2006]
End Time: [Sat Oct 7 17:06:41 2006]
Rate: 27,174 KiloBits Per Second

Attack Destination: 72.20.21.21
Start Time: [Sun Oct 8 09:15:59 2006]
End Time: [Sun Oct 8 09:32:47 2006]
Rate: 645,551 KiloBits Per Second
 
Last edited:

InfiniteTech

New Member
Wow thats hard to prevent. One host I know off that get regular DDoS blows is that Dedihostplus.com He gets about 3-5Gbps every day!

Ask them on to prevent it!
 

serverorigin

ServerOrigin.Com
NLC
hehe that's why there is a market though :) Someone has to do it. Course, we host tons of IRCd servers which is where the DDOS attacks come from.
 

Darknight

Premium
Premium Member
NLC
In either case. Harden the server all you want, if you want to stop the DDOS attacks you need a datacenter prepared for them. I invite anyone to show me successful server uptimes with attacks like these I will list below. ECSPortal receives these attacks on a daily basis by the hundreds. Our uptime has been 99.5% for the last year minus updates/reboots.

Here are a few just the last few days:
Attack Destination: 72.20.21.21
Start Time: [Mon Sep 18 15:30:48 2006]
End Time: [Mon Sep 18 15:31:00 2006]
Rate: 3,102,234 KiloBits Per Second

Attack Destination: 72.20.21.18
Start Time: [Mon Sep 18 15:31:20 2006]
End Time: [Mon Sep 18 15:31:32 2006]
Rate: 3,291,081 KiloBits Per Second

Attack Destination: 72.20.21.28
Start Time: [Tue Sep 19 05:37:44 2006]
End Time: [Tue Sep 19 07:14:08 2006]
Rate: 125,883 KiloBits Per Second

Attack Destination: 72.20.21.28
Start Time: [Fri Sep 22 03:59:20 2006]
End Time: [Fri Sep 22 04:00:16 2006]
Rate: 170,353 KiloBits Per Second

Attack Destination: 72.20.21.28
Start Time: [Mon Sep 25 09:09:40 2006]
End Time: [Mon Sep 25 09:09:40 2006]
Rate: 45,334 KiloBits Per Second

Attack Destination: 72.20.21.28
Start Time: [Mon Sep 25 10:46:32 2006]
End Time: [Mon Sep 25 10:46:40 2006]
Rate: 290,709 KiloBits Per Second

Attack Destination: 72.20.21.21
Start Time: [Mon Sep 25 15:14:12 2006]
End Time: [Mon Sep 25 15:14:28 2006]
Rate: 4,619,860 Packets Per Second

Attack Destination: 72.20.21.18
Start Time: [Mon Sep 25 15:15:12 2006]
End Time: [Mon Sep 25 15:15:24 2006]
Rate: 1,860,494 Packets Per Second

If you feel you will / are receiving massive attacks by not just a few IP addresses (bot attacks). I would recommend Staminus.net/Gigeservers. We have been itching to try some of the Cisco Guard / Arbornet stuff with ThePlanet but prior testing has shown that most custom configured Linux based routers will eat Cisco alive as a firewall device. The biggest issue is that many datacenters/providers but DDOS protection on a slight backburner. This is exactly why they do not allow IRC/IRCd hosting in most datacenters. (Fastservers.net - perfect example. When we went to them about DDOS protected servers... They said, "Oh we aren't capable of handling large scale attacks and anyone needing to run IRC where you may attract those kinds of attacks... We'd say go to Staminus".

Now in these cases you have to take into mind what kind of site you are running. If you have a site with Warez/Porn/Script Kiddies/Proxies. You most definitely better have good DDOS protection. If your server will be running normal business customers etc. Any datacenter should be fine and just install APF/BFD.

If you want this kind of protection, it will come with a pricetag though.
Oi you
http://www.freewebspace.net/forums/showthread.php?t=2177410
I susgest fixing this.
 
Last edited:

Darknight

Premium
Premium Member
NLC
ok...
if you say so :)
PS this is not what i really think I just think its easyer to reply with what I did :)
 

InfiniteTech

New Member
Did you try using Dos Deflate? It really works good and small software thats why takes little load. I think you should try it. Search on google with ddos.sh and select the first result

Regards
Hadrick thanks. I need something like this for small DDoS attacks.
 
Top