1

Last evening my forum was victim of a DDOS Attack in the form of a DDOS Attack. I've confirmed it was an HTTP Flood. CloudFlare Analytics of Requests The first thing I did was enable CloudFlare's checking your browser. It blocked a large amount of requests and apache started responding again.

Next I got a message on MyBB saying too many MySQL connections were open. So I stoped apache and MySQL.

I proceeded to lift the connection limits to 10,000 whether my webserver is able to handle things is another question but the limits would no longer cause an error.

Next I started MySQL then apache. The Attack only had 200 connections at this point due to the whole checking your browser thing.

Afterwards I adjusted my firewall settings at AWS to only allow connections from CloudFlare IP Ranges. And saved the settings

At this point the site was back up. Am I missing any steps. How can I stop HTTP flood attacks in the future?

1 Answers1

-1

Few things you can try with iptables to prevent DDoS are as follows:

Disabling SYN Flood Attack 

  iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP

Limit concurrent connections from same IP Address

  iptables -A INPUT -p tcp --dport 80 -m state --state NEW -m limit --limit 100/minute --limit-burst 500 -j ACCEPT

Here , 500 new connections are allowed before the limit of 100 NEW connections per minute is applied.

More rules , you can find here iptables rules to counter the most common DoS attacks?

Community
  • 1
Zama Ques
  • 523
  • 1
  • 9
  • 24
  • 3
    don't use limit module with iptables to block ddos attack, limit doesn't truck the source ip, use recent module or newer cstate module. – c4f4t0r Sep 06 '16 at 12:04
  • 2
    No traffic other than CloudFlare can touch the server. Plus the attack went through CloudFlare. I called them and they said blocking an attack costs $200/month –  Sep 06 '16 at 12:09