Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ddos]

A distributed denial of service attack (DDoS) occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. These systems are compromised by attackers using a variety of methods.

A distributed denial of service attack (DDoS) occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. These systems are compromised by attackers using a variety of methods.

For information on what to do about a DDoS attack that is underway, see How can I stop a currently active DDoS attack?

624 questions
0
votes
1 answer

Cloudflare performance, ddos

I have been using cloudflare CDN on my website (wordpress) for about 4 months, mostly because I was hoping the CDN would make things faster, and make the load on my cheap server somewhat smaller, especially because of the many static .js and .css…
Jeroen Ooms
  • 2,239
  • 8
  • 34
  • 51
0
votes
1 answer

Diagnosing DDOS after the fact

I manage the code and deployments for an ASP.net site on a dedicated server. Windows 2008-64 R2, 8GB RAM, Dual Core. It is a dedicated intranet site that never has much traffic. Most of the performance issues that we run into are memory issues on…
Yaakov Ellis
  • 556
  • 1
  • 10
  • 15
0
votes
2 answers

DNS Server Spoofed Request Amplification DDoS - Prevention

I've been conducting security scans, and a new one popped up for me: DNS Server Spoofed Request Amplification DDoS The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an…
Shackrock
  • 208
  • 6
  • 16
0
votes
3 answers

Small unsustained ddos?

Recently, I have random occurence where I can't reach my server. When this occurs, about 1 ping on each 10 manage to ping back. The ping that do get through are within normal response time (about 42ms in my case). The only information I could gather…
Kyrotomia
  • 1
0
votes
2 answers

IP Address filter 'before' http secured connections for protection against DDoS attacks?

One technique to protect against DDoS attacks is to monitor the number or requests per seconds coming from a given IP address. Of course, IP addresses can be fakes, but let's assume this is not an issue here. A web application installed on Tomcat…
Jérôme Verstrynge
  • 4,787
  • 7
  • 24
  • 35
0
votes
3 answers

Block All UDP traffic (to prevent ddos)

I have been receiving countless ddos attacks the last couple of weeks. Just now I caught one while I was running iptraf. Normally 99.9% of the packets used on my server are TCP packages, and not UDP. A few are used I see, but normally hardly…
Mr.Boon
  • 1,471
  • 4
  • 24
  • 43
0
votes
3 answers

Which steps to take to protect java server from cpu overload?

I've written a java server application for a software solution I'm fiddling with. The server uses multithreading to handle sockets and postgresql as a database. I'm worried about potential evil-doers, as right now, someone would easily be able to…
Mike Haye
  • 113
  • 3
0
votes
1 answer

Help - DDOS Attack

I am under a DDOS attack. I'm trying to locate the IP address that is making 1100+ connections, however, when running the following command, it shows a 1100+ connection, but the ip address column is blank. By the way, I'm using CSF firewall to block…
Spencer
  • 1
0
votes
2 answers

Basic EC2 Load Balancing Concepts

I am creating a site that I expect to receive DDoS attacks on occasion. I have created two EBS AMIs on Amazon EC2. One AMI for a MySQL Database and one for the web host. I have added an elastic IP to the web host server and have attached an A DNS…
darkAsPitch
  • 1,931
  • 4
  • 25
  • 42
0
votes
1 answer

How can I monitor the network on ESXi node for connections and find the source of a ddos attack

I'm looking for something fairly simple to install, that will monitor network traffic on the vswitch for my esxi node as we're getting ddosed and I need to be able to easily see where the traffic is coming from.
huddy
  • 1
0
votes
1 answer

Single IP attack or other issue?

Description of incident: I notice in my MRTG panel that httpd processes have climbed to 800 ( our maximum ), but all other parameters are normal ( cpu, memory, traffic ) I immediately ran a nestat command ( netstat -ntu | awk '{print $5}' | cut…
Adr
  • 9
  • 1
0
votes
1 answer

Simultaneous Requests To Site With JS Cause CPU Spike

someone is making many requests to a specific page on my site that has JS on it. Subsequently, it's driving the CPU load to 100+ if I don't restart apache. What I tried: - Reduce KeepAlive timeout - Installed mod_evasive (doesn't seem to work due…
Oliver
  • 1
0
votes
2 answers

Is my server under a DDOS attack?

I'm getting repeat requests for resources on my server and this is increasing the load greatly. Currently my load is at 2.5ish. I block individual IP addresses causing the problem but eventually the attacker seems to reappear with a different IP.…
Casey Flynn
  • 217
  • 4
  • 13
0
votes
4 answers

Getting a lot of hits on my web server and it's taking down my httpd. Possible DDoS?

I'm getting a lot of hits on my server. This server normally gets little to no traffic yet there's is constant hits every time I bring the server back up. I get the following error first ip_conntrack: table full, dropping packet then sooner or…
user76112
  • 3
  • 2
0
votes
2 answers

Don't allow a host to be spammed

I run a proxy server with squid and I've just got a report that a user of mine tried a ddos using my proxy. I can I block such requests? Ex: Allow just max 5 requests on the same domain on the same minute? LATER EDIT max 5 requests per minute for…
mazgalici
  • 257
  • 2
  • 5
  • 11
1 2 3
41 42