Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ddos]

A distributed denial of service attack (DDoS) occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. These systems are compromised by attackers using a variety of methods.

A distributed denial of service attack (DDoS) occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. These systems are compromised by attackers using a variety of methods.

For information on what to do about a DDoS attack that is underway, see How can I stop a currently active DDoS attack?

624 questions
3
votes
1 answer

Protecting against a DOS attack

Someone is DOSing my server. It is not a DDOS attack as there is only one server involved in this attack. I simply put following iptable rule to drop all the packets coming from the attacker: iptables -I INPUT 1 -s IP_OF_ATTACKER -j DROP This rule…
Vik
  • 41
  • 4
3
votes
0 answers

sshd running at 100%

I'm running an Ubuntu/WordPress server on Amazon EC2 which is experiencing problems every 24-48 hours: I get a CPU alarm from EC2, log into the server, and discover sshd is running at 99.9% CPU. This is a public-facing WordPress server, so normally,…
user123079
  • 86
  • 4
3
votes
4 answers

Can a DDoS attack stop me from SSH’ing into my server?

Can a DDoS attack stop me from ssh'ing into my server? My boss says no, therefore it must be something wrong with the server. However we are getting botted by 4-5 different bots even with robots.txt and .htaccess rewrites. My PHP guy believes its…
Rick
  • 159
  • 1
  • 2
  • 7
3
votes
2 answers

Recent module, what is preferred rcheck or update?

Let's say I have the following rules: iptables -P INPUT DROP iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -m conntrack --ctstate NEW -m tcp…
sebelk
  • 682
  • 4
  • 13
  • 32
3
votes
2 answers

What amount of effort and money should one invest against DDoS threats?

Typically, when you invest money to protect yourself against some possible threat, you should take into account two factors: the probability (p) of the problem actually happening how much money (m) that problem would cost you if it…
MiniQuark
  • 3,875
  • 2
  • 21
  • 23
3
votes
1 answer

Mitigate DDoS attack by Null-routing my server's IP?

My services were attacked by what appears to be a botnet of quite a large number of computers. Since all my servers have additional IPs, and my hosting provider lets me null-route my IP addresses to mitigate a DDoS attack by a single click in the…
Albert
  • 31
  • 2
3
votes
1 answer

Nginx - Redirect request by GET parameters pattern

One of my servers was attacked by DDoS a couple of days ago and it lasted for 4 days. Below are the logs snippet of the request: 36.224.180.253 - - [14/May/2013:03:11:46 +0800] "GET //?f5b2fd2f860dc=9597624054932145 HTTP/1.1" 301 178 "-" "Opera/9.80…
chr1x2
  • 39
  • 1
  • 5
3
votes
1 answer

Traffic backlogged after (D)DoS attack?

About 25 hours ago, I got an e-mail from UptimeRobot (uptimerobot.com) telling me that me websites had gone down. I raced over to my server room, where my TP-Link router was completely unresponsive (even from the LAN side), traffic lights on the…
Libbux
  • 295
  • 1
  • 2
  • 14
3
votes
1 answer

iptables - drop all HTTP(S) traffic but from CloudFlare

I would like to allow only HTTP(S) traffic coming from CloudFlare. In that way attackers cannot attack the server directly. I know CloudFlare is not mainly a DDoS mitigator, but I would like to try it either way. I'm currently only having access to…
Martin
  • 177
  • 2
  • 10
3
votes
2 answers

What happens if a server never receives the RST packet?

Someone recently decided to show me a POC of a new Denial of Service method using SYN/TCP he's figured out. I thought it was complete nonsense, but after explaining to him about SYN-SYN/ACK-RST, he left me speechless. He told me "what if the server…
Rob
  • 2,393
  • 9
  • 33
  • 52
3
votes
1 answer

Perform action based on load avg

I'm running some web applications on an debian server and have to struggle with ddos attacks sometimes. It's eating up all my resources and I can't ssh anymore into the server. An idea was to drop all connections if the load avg is too high, so…
sfx
  • 135
  • 3
3
votes
4 answers

Protecting Hosted Windows 2008 Servers against DDOS Attacks

Followup to Identifying DDOS Attacks on Windows 2008 Servers. What steps are people taking to prevent DDOS attacks against their Windows 2008 Servers in a hosted environment? I'm particularly interested in ways that don't involve a separate…
Adam Brand
  • 6,127
  • 2
  • 30
  • 40
3
votes
3 answers

Only allowing traffic from Cloudflare

I am new to Linux System Administration and I am experimenting with iptables trying to learn how to really lock down a system with them. And one thing a friend of mine recommended was that there was a way to pass all incoming traffic through…
Nick
  • 31
  • 1
  • 2
3
votes
1 answer

Buffer-stuffing denial-of-service attack

I started seeing this odd sort of effect that resembles denial-of-service attack against a Linux server. The effect is that the network becomes at least partially unusable very much the same as what you see with a traditional DOS or DDOS…
tylerl
  • 15,055
  • 7
  • 51
  • 72
3
votes
2 answers

Ubuntu scalable nginx mongodb mongdb memcached server configuration

I have been building a PHP web application using the following techniques in the past 2 months: PHP 5.3.4 MongoDB MySql I just got my dedicated server running Ubuntu 10.4 LTS x64 with the following hardware: 100Mbit networking speed 120GB SSD…
Mike Vercoelen
  • 53
  • 2
1 2 3
41 42