Thread: High server loads, and Possible DDOs attacks
View Single Post
  #18  
Old 12-16-2007, 05:56 PM
TECK's Avatar
TECK TECK is offline
 
Join Date: Nov 2001
Location: Canada
Posts: 4,182
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Alfa1 is right, you can't do much if you got a DDos attack on your back. You have to wait and let it go basically.
DDOS is done in 2 phases, Intrusion and Distributed DoS. In the first phase the hackers try to compromise weak machines in different networks around the world. It is in the next phase that they install DDOS tools and starts attacking the victims machines/site.

All those companies who say they can actually stop a DDoS attacks... are lieing. If you are dealing with russians who have an army of zombies sitting on the net (Intrusion phase, they have over 10,000 servers to pound your site), you are really screwed... can't do nothing. Small timers, ya, they can be tracked and have their IP's blocked... that's pretty much what DDoS prevention companies do.

Want to see if you deal with a DDoS attack? Run this:
Code:
# netstat -lpn | grep :80 | awk '{print $5}' | sort
If more than 5 host/ip connects from the same network then its a clear sign of DDOS.
Block that network using iptables:
Code:
# iptables -A INPUT -s <Source IP> -j DROP
Use man iptables to find out more.

The secret to survive to a DDos attack is to use a good load balancer.
The only one I recommend is lighttpd. It will push the requests from specific IP's to a server who will probably crash on a regular bassis, leaving your important cluster nodes free of attacks.
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.02172 seconds
  • Memory Usage 1,764KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_code
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete