Stack Overflow
Stack Overflow

Questions tagged [ddos]

"A distributed denial of service attack (DDoS) occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers."

559 questions
3
votes
0 answers

Google Storage as Hosting static site. DDOS Protection

Google mention that static site can be hosted using https://cloud.google.com/storage/docs/hosting-static-website also google charges for Egres. Now if someone do a DOS attach on the site, google will not identify it and just keep on billing . Is…
Bhuvan
  • 4,028
  • 6
  • 42
  • 84
3
votes
0 answers

Gunicorn webserver measures to mitigate layer 7 HTTP GET floods (web app is a Django forum)

A Django-based web forum I maintain is seeing application level DDOS attacks daily. Essentially, it's an HTTP GET flood hitting the home page, causing the server to execute a large number of internal requests and load various files to create the…
Hassan Baig
  • 15,055
  • 27
  • 102
  • 205
3
votes
1 answer

How do I identify two requests from the same source in NodeJS?

my case is simple: I need an application layer solution to identify and then apply some sort of rule to requests coming from the same origin. If a guy will request my server from Postman, or from a browser or from a cURL I want to identify this guy…
Victor Ferreira
  • 6,151
  • 13
  • 64
  • 120
3
votes
1 answer

Instagram blocks website's IP?

I recently created a website with PHP to Check Out Anyone's Instagram Profile Picture at Full Size!. Yesterday my service stopped to work and it seems as if Instagram is blocking my web servers IP-address. I then started to try to fix the issue but…
Mehdi
  • 39
  • 1
  • 2
3
votes
0 answers

Throttling requests based on ip

My web app runs on AWS Ec2. I am throttling requests in my servlet doPost() based on various parameters following Protect yourself against Dos attacks answer. How do I throttle requests before it gets to my servlet? Maybe based on IP (or) based on…
Vamsidhar
  • 822
  • 11
  • 24
3
votes
4 answers

Calling API by IP address vs domain name

During a recent DDoS attack on a DNS, my site was unable to continue to function. While the main site remained up and running, I was unable to connect to an external API on a different domain, leading the site to become completely unusable. The data…
glv19
  • 474
  • 6
  • 16
3
votes
2 answers

Is it completed safe if I set the security group only allow my own IP?

For example, I have an instance, and using a Security Group allowing income traffic from only my own IP address. My question is: if an attacker got the instance IP address, is there still any way he can attack(something like DDOS) my instance?
Elect2
  • 1,349
  • 2
  • 12
  • 22
3
votes
0 answers

DOS Attack on incomplete requests ASP.NET

I have an application that gets DOSed if it received incomplete/slow http requests. I debugged and found the reason to be that when I try to access the HTTP Request, the application stalls until the request is complete. I need a way to tell me in…
blenddd
  • 345
  • 1
  • 6
  • 15
3
votes
2 answers

How to prevent large file upload from server side

I am looking to prevent my application from DoS attacks of the type resource consumption. It means an attacker can consume the server resources such as memory & disc capacity by uploading large files into the server. I wish to know if its possible…
Anonymous Platypus
  • 1,242
  • 4
  • 18
  • 47
3
votes
1 answer

iptables: limit the number of logged packets/second

Background. I'm building a firewall/NAT device thats used in honeypot deployments.In simple terms, its configured to work as a reversed firewall of sorts. When one of the honeypots have been infected/compromised the firewall will allow the attacker…
Bifrozt
  • 91
  • 1
  • 1
  • 6
3
votes
1 answer

Protecting Against DDoS attacks: Is Mod_Security and the OWASP rule set adequate?

Is mod_sec and the OWASP rule set adequate to protect against DDoS and DoS attacks or would you recommend taking additional steps, e.g. blocking suspicious IP addresses which have been identified by mod_sec using iptables? Would you recommend…
AlexR
  • 5,514
  • 9
  • 75
  • 130
3
votes
0 answers

Are urls included in DDOS xmlrpc attacks passive, compromised participants or active participants?

My (Linux/Apache) server has ben under attack for a few weeks now - via xmlrpc.php and wp-login.php - both Wordpress script files. I took the liberty of adding some code to email me the POST data, etc. What I am seeing for the xmlrpc attacks is POST…
Colin G
  • 309
  • 3
  • 14
3
votes
1 answer

Will my script send to many requests?

I currently have a script that scrapes data from a website by visiting a url and then scraping a certain piece of information. My only concern is that since there is roughly 30,000 pages to scrape that it might appear to the server as a DDoS attack?…
HarryLucas
  • 159
  • 9
3
votes
1 answer

How to regulate output traffic with iptables

I'm hosting several websites, and some of them use scripts to ddos externals servers from my server. There is a possibility to control the outgoing traffic by, for example, limiting the number of request per second or so ?
user2733521
  • 439
  • 5
  • 22
3
votes
1 answer

lighttpd setup and payload folder - normal or attack vector?

I have been investigating a series of IP addresses that has been (ab)used by a technically skilled troll. One such IP has a lighttpd (1.4.28) server running on it. This server appears to be a generic install (in so far as I know). There is a folder…
Matthew Brown aka Lord Matt
  • 2,298
  • 1
  • 27
  • 40
1 2 3
37 38