Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ddos]

A distributed denial of service attack (DDoS) occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. These systems are compromised by attackers using a variety of methods.

A distributed denial of service attack (DDoS) occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. These systems are compromised by attackers using a variety of methods.

For information on what to do about a DDoS attack that is underway, see How can I stop a currently active DDoS attack?

624 questions
3
votes
2 answers

How to enable SYN cookies on windows server 2008?

I have a SYN spoofing attack on one of my servers. While there are enough resources available on server (BW, CPU, RAM), new legitimate requests get Request time-out error. It seems backlog queue gets full and new requests get time-out on the…
Xaqron
  • 208
  • 4
  • 13
3
votes
2 answers

In what way am I more likely to be DDoS'd? Via http or other ports?

I am writing a web service that has a lot of vicious competitors. Vicious as in: people have been getting DDoS'd within hours of setting up shop in this arena. The service will consist of: a website that you can sign up to and check on stats/etc...…
darkAsPitch
  • 1,931
  • 4
  • 25
  • 42
3
votes
1 answer

Stopping SYN DDoS Attack

One of my servers is under constant SYN DDoS attack. I have decided to setup fail2ban but as far as I can understand, that will only take care of the ssh login attacks. How can I stop these SYN DDoS attacks. I can't seem to find any particularly…
recluze
  • 365
  • 8
  • 18
3
votes
5 answers

Block all communication from a list of IP addresses

Is there any firewall(preferred some free :) ) that can block all communication from all ip addresses except from some IP's coming from a particular location... i basically want to block DDOS attack on my servers its being getting hit from some IP's…
Varun
  • 89
  • 5
3
votes
3 answers

Anti-DDoS Question

Our company´s main owner (telecon group) wants us to deploy anti-DDoS mechanisms, such as Arbor Pravail, which is a great idea. Although... I have a question... If our main ISP Backbone provider have no anti-DDoS mechanism, means that there is no…
Andre
  • 1,341
  • 4
  • 19
  • 34
3
votes
5 answers

Apache DDoS Protection in router (pFsense)

I'm soon going to change my infrastructure when I buy a new server. I'm going to replace my D-Link DIR-655 router with an pFsense router (and probably use the 655 as an AP) using my old server hardware (Intel Atom 330, 1GB ram, Intel Pro Server MT…
Hultner
  • 107
  • 2
  • 9
3
votes
3 answers

Apache getting hammered by nonsense requests, how to stop?

My VPS is getting hammered with attempts on random files/directories that don't exist on my server, in the order of roughly twice every second. Presumably it's just a bot trying to figure out whether there's any security holes in scripts on my…
WheresWardy
  • 41
  • 1
  • 5
3
votes
3 answers

Could this be a DOS attack?

I'm a bit out of me league here (we're a reasonably small firm, I'm a software dev stuck with doing sysadmin when needed), but I thought I'd ask the smart people at ServerFault about my problem before we called in our 3rd party IT support…
RodH257
  • 569
  • 6
  • 11
  • 23
3
votes
3 answers

DDOS by several IPs with one connection

I have a site that was being hit with a DDOS the same time every day for the past month, and after spending a month researching and pinpointing the bug, we enacted a bash script which if the connection is reaching 80+ max connections in one minute…
Zach Smith
  • 278
  • 2
  • 11
3
votes
2 answers

Recommendations for sysctl.conf settings to harden Linux against DDoS attacks?

A recent article from UNIXy http://blog.unixy.net/2010/08/the-penultimate-guide-to-stopping-a-ddos-attack-a-new-approach/ has suggestions to harden a Linux box against DDoS attacks. Example of sysctl.conf net.ipv4.tcp_syncookies =…
Eureka Ikara
  • 309
  • 5
  • 11
3
votes
2 answers

Is it possible to distinguish from “good” http requests and DoS attacks?

How could I know that a lot of requests in a short period of time come from a DoS attack and not from normal browser requests?
mdgart
  • 131
  • 3
3
votes
7 answers

DDOS Attack Victim - How much to Admit?

Here's the environment: Website that hosts a forum/journal/bboard/email/socialmedia application in walled garden (ie you pay to get to use it or are invited to do so Many Clients pay to use the site during specific chunks of time (ie they lease…
Patrick R
  • 2,945
  • 1
  • 19
  • 27
3
votes
1 answer

Prevent DDOS Attack on GCP App Engine

I've launched my application on GCP App Engine with 8 micro-services. I did an overload test with apache j-meter and it seems to scale well. However this can also be used as a DOS attack on my application and app engine does not seem to be blocking…
Elinoter99
  • 131
  • 2
3
votes
1 answer

DDOS manual mitigation using command netstat. How to determine real attackers?

When my server is slow, I have been told to run this command and check if someone is making a request of SYN_RECV to slow down my server: netstat -npt | grep SYN_RECV | awk '{print $5}' | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' | cut -d: -f1 | sort…
Kalib Zen
  • 137
  • 7
3
votes
1 answer

Is this real google bot or attack? How do I deal with it?

So basically my site was unaccessible and I went to logs folder to see what's wrong and noticed a lot of weird requests from various IPs: 155.4.117.13 - - [30/Mar/2020:20:23:45 +0300] "GET / HTTP/1.0" 200 6189 "-" "Google Bot" 185.220.100.252 - -…
me_yy
  • 33
  • 3
1 2 3
41 42