Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ddos]

A distributed denial of service attack (DDoS) occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. These systems are compromised by attackers using a variety of methods.

A distributed denial of service attack (DDoS) occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. These systems are compromised by attackers using a variety of methods.

For information on what to do about a DDoS attack that is underway, see How can I stop a currently active DDoS attack?

624 questions
10
votes
3 answers

Does "TARPIT" have any known vulnerabilities or downsides?

TARPIT can be used to waste an attacker's resources, thus slowing down their attacks and lowering their ability to attack other hosts... looks like a good idea. It is provided as a Netfilter addon and can be used just like any other IPTables…
user186340
10
votes
4 answers

Amazon EC2 bandwidth charges in case of unwanted incoming traffic(ddos/flood)?

What happens if my EC2 instance gets ddosed/flooded, which could potentially go up to tens of gigabytes an hour(and even more) of undesired incoming traffic, will i be charged for this traffic? My guess is yes, but what can i do in such nightmare…
Shinnok
  • 339
  • 2
  • 9
9
votes
4 answers

Stopping a DOS attack

One of the sites I work with has recently started to get DoS'd. It started out at 30k RPS and now it's at 50k/min. The IP's are pretty much all unique, not in the same subnet, and are in multiple countries. They only request the main page. Any tips…
William
  • 367
  • 4
  • 11
9
votes
1 answer

Apache logs flooded with connections - "(via ggpht.com GoogleImageProxy)"

My server was running on 100% CPU and looking at the Apache logs I saw hundreds of thousands of connections that looked like this: 10.190.45.31 - - [13/Mar/2014:15:29:02 +0000] "GET SOMETHING HTTP/1.1" 200 2261 "-" "Mozilla/5.0 (Windows; U; Windows…
user967722
  • 257
  • 1
  • 4
  • 5
9
votes
2 answers

Protecting against Keep-Dead Denial of service

i thought my server was safe with http-guardian but apparently not. Some smart arse keeps hitting my server with 'Keep-Dead' and causing it to crash. I've looked through the logs but can't see anyway to tell the requests apart from a regular…
Stevie
9
votes
8 answers

How to prevent a LOIC (DDOS) attack?

The program LOIC (in the news a lot the last days) causes a lot of damage. What can I do on my server to prevent this kind of attacks? Auto-block ip when receive a strange connection? Because mostly it will be a single user. Are there already…
questions
8
votes
1 answer

many graceful restarts in httpd error log?

Our server was down , and we restatred the services (nginx & httpd), and when i look at the logs, i've found these lines , there are so many Graceful restart requested, doing restart lines, whats wrong? i have 100's of lines like below [Tue Nov 10…
ɹɐqʞɐ zoɹǝɟ
  • 277
  • 1
  • 3
  • 10
8
votes
3 answers

RedStation.com is heaven for ddos attackers, How to file complaint?

Sorry, I don't know where to open this subject. This is not the first time we have faced with a massive DDOS attack from one of servers in RedStation.com and even after we had contacted with their abuse department with it's log there is no…
Ehsan
  • 247
  • 2
  • 5
8
votes
3 answers

iptables rules to counter the most common DoS attacks?

Recently I've got a lot of small scale DoS attacks. I am wondering what iptables rules should I use to counter the most common DoS attacks, and generally secure my web server. The web server sports Varnish -> nginx/php5 -> memcached -> mysql I…
alfish
  • 3,127
  • 15
  • 47
  • 71
7
votes
1 answer

measures to take against a dns amplification attack

I recently discovered that my server was being used as part of a DNS DDOS. Basically, my BIND setup allowed recursion, and it was used to attack a certain IP address using IP spoofing. I took the necessary measures to stop this, and disabled…
Waleed Hamra
  • 751
  • 6
  • 16
7
votes
6 answers

lots of dns requests from China, should I worry?

I have turned on dns query logs, and when running "tail -f /var/log/syslog" I see that I get hundreds of identical requests from a single ip address: Apr 7 12:36:13 server17 named[26294]: client 121.12.173.191#10856: query: mydomain.de IN ANY + Apr…
nn4l
  • 1,336
  • 5
  • 23
  • 40
6
votes
2 answers

SYN Flood Advice

Today I've been dealing with a server suffering from what looked like a SYN flood attack. It was a bit of a rush to get the site back online, so we did these three steps to bring the service back to a usable state. The server load was low during the…
Coops
  • 6,055
  • 1
  • 34
  • 54
6
votes
2 answers

How do I understand my CPU usage on a DNS server?

I have read and understood Can you help me with my capacity planning?, but I'm not sure I understand what my next steps are in a DNS server scenario. I think my CPU loads are high or that I might be starting to drop queries, but I'd like to better…
Andrew B
  • 32,588
  • 12
  • 93
  • 131
6
votes
1 answer

/usr/bin/host being used in HTTP DDoS on Debian?

So I got an abuse complaint for one of my dedicated servers, running Debian 6.0 Sure enough, sometimes, top shows /usr/bin/host using a lot of CPU for no apparent reason, and netstat shows process host doing a lot of HTTP requests. After while, my…
Moritz von Schweinitz
  • 243
  • 1
  • 2
  • 11
6
votes
1 answer

How can I detect a DDoS attack using pfSense so I can tell my ISP who to block?

Last week my network was hit by a DDoS attack which completely saturated our 100 MBps link to the internet and pretty much shut down all the sites and services we host. I understand (from this experience as well as other answers) that I cannot…
Josh
  • 9,190
  • 28
  • 80
  • 128
1
2
3
41 42