Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: DDOS attack please help!
Homework and Emergencies Emergency UNIX and Linux Support DDOS attack please help! Post 302907826 by Lord Spectre on Wednesday 2nd of July 2014 03:57:08 AM
Old 07-02-2014
Power DDOS attack please help!
Dear community,
my site was recently attacjed by DDOS technique and goes down in a few minutes. My site runs under Debian/Apache2/Mysql.
I identified the IPs who attack me and block it through iptable firewall from debian.
Something like:
Code:
iptables -D INPUT -s xxx.xxx.xxx.xxx -j DROP

This works perfect, but the attacker just completely change the IP addresses.

What I'm thining to do is create a rules with iptables who accept a total ammount of requests from the same IP and the DROP if the ammount is exceeded. Something like:

Code:
iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 -j DROP

The problem here is maybe I miss something because if I refresh the webpage 6/7 times it just drop me the other requests. Maybe I don't understand how "--seconds 60 --hitcount 10" works.

Could you please help me to create a rules to try to block new requests if they come togheter at the same time like an attack?

Many Thanks
Lucas
 

5 More Discussions You Might Find Interesting

1. Cybersecurity

what is the better way to protect my server from DDos Attack

heloo today i have DDos Attack in my server what is the better way to secure my server from DDos Attack i use CentOS 4&5 i try every firewall and talk to softlayer - iweb i've Tried every possible solutions but I can not find a solution to the problems Give Me The best way plzz (4 Replies)
Discussion started by: a7medo
4 Replies

2. Cybersecurity

Network attack - so what?

In my logs I find entries about attacks on my system. I know IP addresses, I know date and time and I know what they tried to do. So what's the best I can do now? Tell everybody that there are cybercriminals on that network? Write an email to their admin? Anything else? (10 Replies)
Discussion started by: Action
10 Replies

3. Cybersecurity

DDoS Simulation Tools

are there any popular DDoS simulation tools to test my own infrastructure? Anyone tried to setup all these in AWS EC2? (1 Reply)
Discussion started by: boriskong
1 Replies

4. Cybersecurity

DDoS and brute force attack

How to protect DDoS and brute force attack. I want to secure my server and block attacker. (1 Reply)
Discussion started by: romanepo
1 Replies

5. UNIX for Advanced & Expert Users

Anti ddos shell script, is it useful?

Hi guys, just need a opinion from you. I found anti ddos script from github Script What is your opinion about it? Is it usefull? Do you have some similar? I want to protect my servers on all levels, why not in the servers via script. I assume I must fix this script to be useful for me, but... (1 Reply)
Discussion started by: tomislav91
1 Replies

LEARN ABOUT DEBIAN

apache2::sitecontrol::grantallrule

Apache2::SiteControl::GrantAllRule(3pm) 		User Contributed Perl Documentation		   Apache2::SiteControl::GrantAllRule(3pm)

NAME

       Apache2::SiteControl::GrantAllRule - A rule that grants permission to do everything.

SYNOPSIS

       In your instance of a ManagerFactory:

	  use Apache2::SiteControl::GrantAllRule;
	  ...

	  sub getPermissionManager
	  {
	     ...

	     $manager->addRule(new Apache2::SiteControl::GrantAllRule);

	     ...

	     return $manager;
	  }

DESCRIPTION

       Apache2::SiteControl::GrantAllRule is a pre-built rule that grants access for all permission requests. This rule can be used to help
       implement a system that has a default policy of allowing access, and to which you add rules that deny access for specific cases.

       Note that the loose type checking of Perl makes this inherently dangerous, since a typo is likely to fail to deny access. It is recommended
       that you take the opposite approach with your rules, since a typo will err on the side of denying access. The former is a security hole,
       the latter is a bug that people will complain about (so you can fix it).

SEE ALSO

       Apache2::SiteControl::ManagerFactory, Apache::SiteControl::PermissionManager, Apache2::SiteControl::Rule

AUTHOR

       This module was written by Tony Kay, <tkay@uoregon.edu>.

COPYRIGHT AND LICENSE

perl v5.14.2							    2006-03-17				   Apache2::SiteControl::GrantAllRule(3pm)
All times are GMT -4. The time now is 07:21 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy