vb.org Archive
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Big Board Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=172)
-   -   High server loads, and Possible DDOs attacks (https://vborg.vbsupport.ru/showthread.php?t=164596)

scoutz 12-08-2007 01:17 PM
litespeed is much faster then apache, my serverload went from 0.5-1.0 average to 0.0x-0.2. I would suggest to just try the free trial, you'll be satisfied :)

dtv100 12-08-2007 01:33 PM
Quote:
Originally Posted by scoutz (Post 1397377)
litespeed is much faster then apache, my serverload went from 0.5-1.0 average to 0.0x-0.2. I would suggest to just try the free trial, you'll be satisfied :)

you could try Lighttpd and is free .

scoutz 12-08-2007 02:03 PM
Quote:
Originally Posted by dtv100 (Post 1397384)
you could try Lighttpd and is free .
lighttpd doesn't offer the security features litespeed does.

dtv100 12-08-2007 03:13 PM
Quote:
Originally Posted by scoutz (Post 1397395)
lighttpd doesn't offer the security features litespeed does.
yes after read a little I agree but dont see my self paying for every core in cpu if I understand right .
for now apache2 is my option maybe later if I get a extra box to test would try the free version of litespeed.

AngelBlue 12-08-2007 08:59 PM
Quote:
Originally Posted by dtv100 (Post 1396950)
you could try to install and setup :
MODsecurity + MODsecurity Rules+MODevasive+KISS My Firewall
Quote:
Originally Posted by Alfa1 (Post 1397158)
Block any service that is not publicly needed for all IP's except your own. (pop3, ftp can easily be used to flood your server with requests) Close any service that you do not need or is not essential. Analyse the logs after every attack and try to prevent the same event happening again. In your position it is wise to trade in functionality for security.
Block IP's that make too many requests. Auto-Kill certain processes at times when your server is under heavy weather.
I have been in the same situation for a long time. My server has much lower specs than yours. On any given day my server is running on 300%, so it has been easy to bring down until it was locked down. Measures like these are not optimal as they will cause errors on your site, but at least your site will be hard to bring down by flooding it with requests.

A large DDoS however is hard to stop. best thing you can have is a host that picks up the phone 24/7 and is on the case swiftly. Look into Anti-DDoS hosting or getting a hardware Anti-DDoS firewall.
Good advice.

Jafo232 12-10-2007 03:06 AM
You should take a look at your log server log and watch the attack while it is in progress. A lot of times the attack will go after a specific part of the site. Example, an attack constantly hitting the search.php file. If you can find a pattern, writing up a perl script to automatically ban the attacking IP's (using IPTables); it can render small to medium attacks harmless.

TECK 12-16-2007 05:56 PM
Alfa1 is right, you can't do much if you got a DDos attack on your back. You have to wait and let it go basically.
DDOS is done in 2 phases, Intrusion and Distributed DoS. In the first phase the hackers try to compromise weak machines in different networks around the world. It is in the next phase that they install DDOS tools and starts attacking the victims machines/site.

All those companies who say they can actually stop a DDoS attacks... are lieing. If you are dealing with russians who have an army of zombies sitting on the net (Intrusion phase, they have over 10,000 servers to pound your site), you are really screwed... can't do nothing. Small timers, ya, they can be tracked and have their IP's blocked... that's pretty much what DDoS prevention companies do.

Want to see if you deal with a DDoS attack? Run this:
Code:
# netstat -lpn | grep :80 | awk '{print $5}' | sort
If more than 5 host/ip connects from the same network then its a clear sign of DDOS.
Block that network using iptables:
Code:
# iptables -A INPUT -s <Source IP> -j DROP
Use man iptables to find out more.

The secret to survive to a DDos attack is to use a good load balancer.
The only one I recommend is lighttpd. It will push the requests from specific IP's to a server who will probably crash on a regular bassis, leaving your important cluster nodes free of attacks.

valdet 12-16-2007 11:28 PM
I just checked you site and it seems to have gotten back to its feet. ;)


All times are GMT. The time now is 04:07 PM.
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01056 seconds
  • Memory Usage 1,739KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_code_printable
  • (5)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (8)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete