-3

I banned a guy from my site for breaking rules and he mailed me saying he will cmd flood/ping the site until I unban him. He's been bringing the site down for three days now.

My site is with a hosting company and they've not been that helpful, just repeating the same things (check access logs for IPs and block them in htaccess). I can't see any issues in access logs though and assume ping floods wouldn't even get in there.

What can I do to stop him?

He's not from UK/US. I've mailed his ISP and mail provider days ago and they've done nothing, not even replied.

Additional: I closed off my site yet when I use the shell to view live updates of the access logs, I still see pages getting requested constantly. I've added these IPs to my htaccess but it doesn't stop, how can I sort that?

effessess
  • 1
  • 1
  • Do you have root access on the server or is it a managed hosting ? – eltrai May 19 '15 at 14:20
  • 2
    A pcap file with a small sample of the traffic would reveal a lot. Without that your question is more or less impossible to answer. – kasperd May 19 '15 at 15:10

2 Answers2

1

You can do two things.

1) Get the attack blocked on a router. Blocking in .htaccess can't help you much against a DOS attack based on ping flood (i.e. ICMP protocol). You can, however, block it on a firewall or router. If there is a significant traffic that this attacker generates, your hosting provider will likely be interested to get it blocked. So, ask your hosting to block the attacker if this is the case. If you block the attacker using .htaccess only, you can prevent some HTTP based attacks as you might lower the amount of resources needed to process each request. This is not a very common case, however.

2) Find an abuse contact and write an abuse complaint. Use WHOIS tool to find ISP of the attacker. There is usually an abuse contact. You say that you have contacted the attacker's ISP without response. Are you sure you have used the right contact? Also, if the final and possibly smaller ISP does not react to your abuse complaints, you might contact the ISP on the next level (quite often there are multiple levels).

You should always be very specific and include detailed logs on when and what the attacker did to you. Such specific abuse complaints are more likely to be processed.

Wapac
  • 652
  • 1
  • 5
  • 16
1

From what you say, I assume you are using a mutualized hosting and don't have access to the server serving your request.

Therefore, if the banned client is actually flooding the server with icmp ping requests, there is not much you can do, as htaccess don't affect pings. However, it is very hard to take a server down that way, unless you have access to numerous hosts, so you should probably check that it is not something else, such as http requests that are much more ressource intensive.

eltrai
  • 1,043
  • 9
  • 13