Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ddos]

A distributed denial of service attack (DDoS) occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. These systems are compromised by attackers using a variety of methods.

A distributed denial of service attack (DDoS) occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. These systems are compromised by attackers using a variety of methods.

For information on what to do about a DDoS attack that is underway, see How can I stop a currently active DDoS attack?

624 questions
0
votes
2 answers

How to detect an intranet SYN flood?

I got this problem: whenever I plug a Linux-server into the intranet, the whole network slows down and then die. Every ping/ssh connection between the intranet yields time out. I unplugged it, then everything came back to normal. Searching around…
EyeQ Tech
  • 131
  • 1
  • 1
  • 6
0
votes
1 answer

All nights a network segment brings all network down

I have a medium-sized network: 45 devices with printers, a couple of DC and W10 desktops. Last week all network went down at 21:30 and, since that day, all network goes down unless I disconnect one segment from it at same time (which looks a…
kankamuso
  • 487
  • 6
  • 16
0
votes
1 answer

How to correctly set limits ports?

So im currently working on setting a simpel server up with a game server using port 30110 and 30120, but i clearly getting dossed like crazy, how is the best way to protect against this, like i have used the following tables. Apache Full …
Melonendk
  • 1
  • 1
0
votes
1 answer

Understanding dropping of packets to fight against an DDoS Attack

I always wondered how big tech companies could fight against DDoS Attacks reaching nearly 1tbps+. From my understanding traffic can't just disappear so even if I drop all e.g udp packets via iptables (also tried ebfp) iptables -A INPUT -p udp -j…
GrafMetrics
  • 1
0
votes
0 answers

How to repel an apache ddos attack

My nginx+apache+php server on ubuntu is under attack from a single IP address which causes apache to run as many processes as possible, which causes the server to crash. The ipi is single, and the nginx antidos tool blocks it, but just one request…
MilKMiracle
  • 1
  • 1
0
votes
1 answer

Apache on Debian : server flooded by a lot of 400 , how to protect from it?

My HTTPS server has been experiencing slowness for a few days, so I consulted the log file (the access.log, I use apache2). And I found out that my server is flooded by a lots of 400 : If I change the apache config for stop listening the port 443,…
spacecodeur
  • 107
  • 4
0
votes
1 answer

Is it possible to block IP access at the NIC

I am receiving a lot of traffic from Portugal and Brazil, not our normal audience on one my servers, and after running Wireshark on a 1 minute TCP dump, Almost every request (close to 10 megs total in 1 minute, and 5 gigs of traffic over the last 12…
Jeremy Boyd
  • 606
  • 1
  • 10
  • 17
0
votes
1 answer

How to get DDOS+WAF protection on IP/server (not domain)

I've used CloudFlare and it's great. But in this specific case we control the server IP address but we don't own the domain so can't use CloudFlare unfortunately because the domain owner isn't ready to migrate his DNS to CloudFlare. I would really…
michaelr524
  • 139
  • 1
  • 4
0
votes
1 answer

(Theoretical view) In a DDoS attack via docker, no correlation found between the amount of sent packets and the number of virtualized containers

I have been testing a DDoS attack in my local network via docker. Each image has loaded with an "evil" DDoS file. I tested simultaneously several containers attacking at the same time. On the image below it is possible to see 6 attacks (peaks).…
Gabriel Cardoso
  • 1
0
votes
2 answers

Need to investigate why our server was DDOSing our host service provider

Hello everyone and hopefully somebody can give me a first step where I can begin investigating the reason to know why our Linux server appears to have attacked our service provider where the server is hosted on. Today I received e-mail that one of…
sintezators
  • 21
  • 1
  • 3
0
votes
3 answers

PHP Maximum execution time exceeded - sign of attack?

We were facing a very high CPU load on our web server today. Our application was freezing and not reaction. We could reduce the load by setting the maximum execution time from 180 to 90 seconds. However, the log files are now full of the following…
arety_
  • 103
  • 2
0
votes
0 answers

How many pre-configured WAF rules do a small website needs? (GCP Cloud Armor)

I am looking at GCP Cloud Armor product. They charge $1 per-rule a month. There is this document with pre-configured rules: https://cloud.google.com/armor/docs/rule-tuning Can you tell how much of it is really necessary for a small website? I don't…
Boppity Bop
  • 752
  • 3
  • 11
  • 34
0
votes
1 answer

How to hide Origin Server IP address from Reconnaissance tools

When it comes to web server security, I am a paranoid person. On DigitalOcean, I'm running a server. They refer to it as a Droplet. Cloudflare is my DNS provider, and Cloudflare proxies and protects my server from DDoS attacks. However, I tried to…
Frustrated Melly
  • 3
  • 2
0
votes
1 answer

How to restrict AWS access to queries from specific domain names?

Hello, this is my first post on Server Fault, so please feel free to edit/correct etiquette. I am managing a server at work that we have hosted on AWS. Recently, it has fallen victim to a DDoS attack. Luckily, this is only a staging server (right…
Aaron
  • 1
  • 1
0
votes
0 answers

Fail2ban exited and didn't start back up

Today I faced a what seemed like a DDOS attack. My server provider warned me about excessive CPU usage (400% for over 6 hours) and I couldn't access any website, could not login via SSH either. Lish console reported an error that went something like…
Whip
  • 250
  • 1
  • 2
  • 10
1 2 3
41 42